Solved MyOSProtect blocking internet connection

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.4 KB · Views: 11
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2015
Ran by K at 2015-04-14 18:59:24 Run:5
Running from C:\Documents and Settings\K\Desktop
Loaded Profiles: K (Available profiles: K & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog9 01 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 18 C:\WINDOWS\system32\MyOSProtect.dll [304776] (MyOSCompany)
C:\WINDOWS\system32\MyOSProtect.dll
S2 koyrdhbau; "C:\Documents and Settings\All Users\Application Data\eazyzoom\1.1.0.30\pepdwga.exe" -scm [X]
S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X] <==== ATTENTION
S2 pylywusy; C:\Documents and Settings\K\Application Data\4C4C4544-1428345196-5010-805A-B9C04F533231\jnsg120.tmp [X]
S2 zoulcodkuo; "C:\Documents and Settings\All Users\Application Data\eazyzoom\1.1.0.30\pepdaga.exe" /ts2=1 [X]
R1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
C:\WINDOWS\system32\Drivers\pcwatch.sys
2015-04-09 23:39 - 2015-04-09 23:39 - 00000207 _____ () C:\Documents and Settings\K\My Documents\MyOS.fnd
2015-04-06 19:21 - 2015-04-06 19:21 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\StormWatch
2015-04-06 18:33 - 2015-04-06 18:33 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Application Data\xapmuakku
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\sndrec32.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eusbstub.sys:SummaryInformation

*****************

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 => Key could not be deleted. Access denied.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 => Key could not be deleted. Access denied.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 => Key could not be deleted. Access denied.
Could not move "C:\WINDOWS\system32\MyOSProtect.dll" => Scheduled to move on reboot.
koyrdhbau => Service not found.
MyOSProtect => Error deleting Service
pylywusy => Service not found.
zoulcodkuo => Service not found.
pcwatch => Unable to stop service
pcwatch => Error deleting Service
Could not move "C:\WINDOWS\system32\Drivers\pcwatch.sys" => Scheduled to move on reboot.
"C:\Documents and Settings\K\My Documents\MyOS.fnd" => File/Directory not found.
"C:\Documents and Settings\LocalService\Local Settings\Application Data\StormWatch" => File/Directory not found.
"C:\Documents and Settings\K\Local Settings\Application Data\xapmuakku" => File/Directory not found.
"C:\WINDOWS\system32\appwiz.cpl" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\system32\sndrec32.exe" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\system32\Drivers\eusbstub.sys" => ":SummaryInformation" ADS not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-14 19:01:42)<=

"C:\WINDOWS\system32\MyOSProtect.dll" => File could not move.
"C:\WINDOWS\system32\Drivers\pcwatch.sys" => File could not move.

==== End of Fixlog 19:01:42 ====
 
OK, fixes from normal boot don't seem to be working.
We'll have to access your computer from external source.

Using another working computer....
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Download OTLPENet.exe to your Desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD
  • Boot your BAD computer using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a Reatogo desktop.
  • Insert the flash drive with FRST on it
  • Open My Computer to locate the flash drive and run FRST
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
I am looking for a blank cd, not sure if I have one, if I cant find one is it possible to use a flash drive instead. I am using a galaxy tab 2 as my alternate computer, that is all I have access to.(just in case that matters)
 
Neither of those links is working for the eeepcfr.zip download. One says "bad url" the other says "thatsl an error"

I found some discs but I'm not sure which one to use. My computer uses a Samsung cdrw/dvd sm-332B, and the discs I have are: DVD-R ver2.0 1X-4X, CD-R compact disc recordable, DVD R R 4.7. Are any of those usable?
 
I did find a working cd, but as I said my 'alternate' computer is a samsung galaxy tab2 which has the ability to connect to a usb flash drive. I can see If I can get my other computer to stay on long enough to try this. (It gives me a blue screen after being on only a few minutes.)
 
If the drive worked fine before it's either bad CD or wrong CD type.
Google search tells me that you can use only following CDs:
CD-R, CD-RW
CD+R, CD+RW won't work
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by SYSTEM on REATOGO on 15-04-2015 19:06:22
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\Administrator.KEIONA.000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [8039 2015-04-11] ()
HKU\Fresh\...\Run: [cdloader] => C:\Documents and Settings\Fresh\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [19456 2006-02-28] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
S2 WinAudioSrv_R1; C:\Program Files\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [99840 2002-11-12] (Intel Corporation)
S3 eustub; C:\Windows\System32\DRIVERS\eusbstub.sys [13800 2014-09-27] (ELTIMA Software)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [112456 2012-04-20] (Incorporated)
S3 HPKBCCID; C:\Windows\System32\DRIVERS\HPKBCCID.sys [48000 2012-03-06] (Hewlett-Packard Company)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-11] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-11] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-09-01] (MyOSCompany) <==== ATTENTION
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-05-01] (Logitech Inc.)
S3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [63848 2013-12-10] (ELTIMA Software)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 23:17 - 2015-04-14 23:19 - 98077435 _____ (Igor Pavlov) C:\Documents and Settings\K\Desktop\OTLPEStd.exe
2015-04-14 22:37 - 2015-04-14 20:52 - 00001456 _____ () C:\Documents and Settings\K\Desktop\fixlist.txt
2015-04-14 22:36 - 2015-04-14 22:40 - 127231689 _____ (Igor Pavlov) C:\Documents and Settings\K\Desktop\OTLPENet.exe
2015-04-14 05:15 - 2015-04-14 05:16 - 00018109 _____ () C:\Documents and Settings\K\Desktop\Addition.txt
2015-04-14 05:13 - 2015-04-14 05:16 - 00029684 _____ () C:\Documents and Settings\K\Desktop\FRST.txt
2015-04-13 23:37 - 2015-04-12 00:29 - 00049825 _____ () C:\Documents and Settings\K\My Documents\Addition.txt
2015-04-12 23:11 - 2015-04-14 20:57 - 01136128 _____ (Farbar) C:\Documents and Settings\K\Desktop\FRST.exe
2015-04-12 23:02 - 2015-04-12 23:02 - 00063127 _____ () C:\Documents and Settings\K\My Documents\FRST.txt
2015-04-12 22:54 - 2015-04-14 23:04 - 00000000 ____D () C:\Documents and Settings\K\My Documents\Techspot
2015-04-12 01:08 - 2015-04-12 01:08 - 00001919 _____ () C:\Windows\epplauncher.mif
2015-04-12 01:07 - 2015-04-12 23:13 - 00000000 ____D () C:\Documents and Settings\K\Desktop\Virus
2015-04-12 00:10 - 2015-04-14 21:01 - 00000000 ___DC () C:\FRST
2015-04-11 22:33 - 2015-04-11 22:36 - 150062624 _____ (Avast Software s.r.o.) C:\Documents and Settings\K\My Documents\avast_free_antivirus_setup.exe
2015-04-11 21:23 - 2015-04-11 21:23 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2015-04-11 20:36 - 2015-04-11 21:48 - 00000000 ___DC () C:\AdwCleaner
2015-04-11 04:41 - 2015-04-11 21:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-04-11 04:25 - 2015-04-11 04:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-11 04:25 - 2015-03-17 08:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-04-11 04:15 - 2012-05-18 19:09 - 44753295 ____N () C:\Documents and Settings\K\Desktop\forMybabe3gp.mp4
2015-04-10 05:59 - 2015-04-11 22:47 - 00000101 _____ () C:\Documents and Settings\K\Desktop\Commands.txt
2015-04-10 03:05 - 2015-04-10 03:05 - 00000000 ____D () C:\Documents and Settings\K\Application Data\Help
2015-04-10 02:18 - 2015-04-10 02:18 - 00001548 _____ () C:\Documents and Settings\K\Desktop\Command Prompt.lnk
2015-04-09 07:30 - 2015-04-09 07:30 - 00000000 ___HD () C:\Windows\PIF
2015-04-09 01:15 - 2015-04-09 07:30 - 00000000 __HDC () C:\Windows\ie8
2015-04-09 00:18 - 2015-04-09 00:21 - 00034548 _____ () C:\Windows\ie8Uninst.log
2015-04-09 00:17 - 2015-04-09 00:17 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\LocalService\My Documents\IE8-WinXp-x86.exe
2015-04-08 20:56 - 2015-04-11 04:51 - 00120024 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-04-08 14:23 - 2015-04-11 19:13 - 00000444 _____ () C:\Documents and Settings\K\Desktop\routes.txt
2015-04-08 07:21 - 2015-04-08 07:21 - 00000000 _SHDC () C:\Documents and Settings\Administrator.KEIONA.000\PrivacIE
2015-04-08 06:22 - 2015-04-12 23:19 - 00000000 __HDC () C:\Documents and Settings\Administrator.KEIONA.000\Local Settings\Temp
2015-04-08 06:22 - 2015-04-11 20:51 - 00000178 __SHC () C:\Documents and Settings\Administrator.KEIONA.000\ntuser.ini
2015-04-08 06:22 - 2015-04-08 06:22 - 00000000 _SHDC () C:\Documents and Settings\Administrator.KEIONA.000\IETldCache
2015-04-08 06:22 - 2013-07-09 05:09 - 00000000 __HDC () C:\Documents and Settings\Administrator.KEIONA.000\Local Settings\Application Data\Microsoft Help
2015-04-08 05:22 - 2015-04-08 05:22 - 00000000 ____D () C:\Program Files\Windows Audio
2015-04-07 07:48 - 2015-04-07 07:48 - 00000000 ____D () C:\Documents and Settings\K\Application Data\youtube-downloader-and-converter
2015-04-07 04:27 - 2015-04-07 07:11 - 00002136 ____C () C:\Documents and Settings\All Users\Application Data\tempimage.bmp
2015-04-07 00:31 - 2015-04-07 00:31 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Windows VXM
2015-04-06 23:42 - 2015-04-06 23:42 - 00000000 ____D () C:\Windows\SysHealthController
2015-04-06 23:42 - 2015-04-06 23:42 - 00000000 ____D () C:\Windows\SysFilesController
2015-04-06 23:42 - 2015-04-06 23:42 - 00000000 ____D () C:\Program Files\SysFiles
2015-04-06 23:41 - 2015-04-06 23:41 - 00000000 ____D () C:\Program Files\YouTube Download Pool
2015-04-06 23:40 - 2015-04-07 07:14 - 00000000 ____D () C:\Program Files\user extensions
2015-04-06 23:40 - 2015-04-06 23:40 - 00000000 ____D () C:\Program Files\9135fa6f-851d-4210-8a06-c060645e7f6d
2015-04-06 23:34 - 2015-04-06 23:34 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Application Data\Deployment
2015-04-06 22:56 - 2015-04-06 22:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2015-04-06 22:56 - 2015-04-06 22:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-06 22:56 - 2015-04-06 22:56 - 00000000 ____D () C:\Program Files\FamilySearch Indexing
2015-04-06 22:56 - 2015-04-06 22:56 - 00000000 ____D () C:\Documents and Settings\K\.FamilySearchIndexing
2015-04-06 21:32 - 2015-04-09 05:21 - 00000004 _____ () C:\Windows\System32\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 21:12 - 2015-04-06 21:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-04-06 21:11 - 2015-04-06 21:49 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{9d39d2a8-4a19-bd4c-9d39-9d2a84a14aa1}
2015-04-06 21:11 - 2015-04-06 21:11 - 00000000 ____D () C:\Documents and Settings\K\Application Data\Company
2015-04-06 21:11 - 2015-04-06 21:11 - 00000000 ____D () C:\Documents and Settings\K\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-04-06 20:58 - 2015-04-06 20:58 - 00000000 ____D () C:\Documents and Settings\Fresh\Local Settings\Application Data\Crossbrowse
2015-04-06 20:41 - 2015-04-06 20:41 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\COMODO
2015-04-06 20:40 - 2015-04-06 20:40 - 00000000 ____D () C:\Program Files\COMODO
2015-04-06 20:38 - 2015-04-12 23:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{d57a658c-02a3-56a6-d57a-a658c02a9630}
2015-04-06 20:36 - 2015-04-06 21:49 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Application Data\4C4C4544-1428345377-5010-805A-B9C04F533231
2015-04-06 20:33 - 2015-04-12 23:15 - 00000000 ____D () C:\Documents and Settings\K\Application Data\4C4C4544-1428345196-5010-805A-B9C04F533231
2015-04-06 20:17 - 2015-04-06 20:17 - 00001818 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-06 06:32 - 2015-04-06 22:54 - 00000000 ___DC () C:\138efef433ac4b7a372a18dc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 19:55 - 2003-02-25 10:01 - 00032558 _____ () C:\Windows\SchedLgU.Txt
2015-04-15 19:55 - 2003-02-25 09:55 - 01100570 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 19:55 - 2003-02-25 02:44 - 00000216 _____ () C:\Windows\wiadebug.log
2015-04-15 19:55 - 2003-02-25 02:44 - 00000049 _____ () C:\Windows\wiaservc.log
2015-04-15 01:24 - 2003-02-25 10:17 - 00000178 ___SH () C:\Documents and Settings\K\ntuser.ini
2015-04-15 01:16 - 2003-02-25 10:17 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Temp
2015-04-14 21:49 - 2013-07-01 11:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-04-14 21:32 - 2013-06-28 17:45 - 125832184 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-04-14 21:17 - 2006-02-28 08:00 - 00000743 _____ () C:\Windows\win.ini
2015-04-13 20:51 - 2014-09-13 15:32 - 00000000 ____D () C:\Documents and Settings\K\Application Data\vlc
2015-04-12 23:19 - 2013-10-03 14:30 - 00000000 ___HD () C:\Documents and Settings\Fresh\Local Settings\Temp
2015-04-12 22:51 - 2006-02-28 08:00 - 00013646 ____H () C:\Windows\System32\wpa.dbl
2015-04-12 01:44 - 2014-09-07 05:57 - 00039473 _____ () C:\Windows\KB2964358-IE8.log
2015-04-12 01:44 - 2014-09-07 03:58 - 00075198 _____ () C:\Windows\KB2936068-IE8.log
2015-04-12 01:44 - 2013-07-01 11:43 - 00065536 _____ () C:\Windows\System32\config\OAlerts.evt
2015-04-12 01:27 - 2013-07-28 02:25 - 00000000 ____D () C:\Windows\System32\NtmsData
2015-04-11 19:32 - 2013-07-27 18:29 - 00301400 _____ () C:\Windows\pfirewall.log
2015-04-11 18:10 - 2013-11-25 03:22 - 00001585 _____ () C:\Documents and Settings\K\Desktop\Event.lnk
2015-04-11 18:10 - 2013-11-18 20:01 - 00001292 _____ () C:\Documents and Settings\K\Desktop\Shared.lnk
2015-04-11 04:25 - 2013-07-01 10:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-11 03:56 - 2014-03-03 01:29 - 00493907 _____ () C:\Windows\setupapi.log
2015-04-11 03:56 - 2003-02-25 02:40 - 36953687 _____ () C:\Windows\setupact.log
2015-04-10 03:46 - 2014-09-17 02:46 - 00000128 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-10 03:05 - 2003-02-25 02:33 - 00000000 ____D () C:\Windows\Help
2015-04-09 09:13 - 2013-07-27 18:29 - 04050606 _____ () C:\Windows\pfirewall.log.old
2015-04-09 07:32 - 2013-06-28 17:49 - 00000000 ____D () C:\Windows\ie8updates
2015-04-09 04:11 - 2013-06-28 16:36 - 00217689 _____ () C:\Windows\updspapi.log
2015-04-09 04:11 - 2003-02-25 02:41 - 01740669 _____ () C:\Windows\FaxSetup.log
2015-04-09 04:11 - 2003-02-25 02:41 - 01065035 _____ () C:\Windows\ocgen.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00724719 _____ () C:\Windows\tsoc.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00623449 _____ () C:\Windows\comsetup.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00416651 _____ () C:\Windows\ntdtcsetup.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00265582 _____ () C:\Windows\iis6.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00103451 _____ () C:\Windows\ocmsn.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00095469 _____ () C:\Windows\msgsocm.log
2015-04-09 04:11 - 2003-02-25 02:41 - 00001355 _____ () C:\Windows\imsins.log
2015-04-09 04:10 - 2014-02-17 00:31 - 00008661 ____C () C:\Windows\KB2909210-IE8.log
2015-04-09 04:10 - 2003-02-25 02:41 - 00001355 _____ () C:\Windows\imsins.BAK
2015-04-09 04:09 - 2013-07-01 10:31 - 00014279 ____C () C:\Windows\KB2510531-IE8.log
2015-04-09 02:46 - 2015-01-05 00:50 - 00000010 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DSI.DAT
2015-04-09 01:33 - 2013-06-28 16:42 - 00101340 ____C () C:\Windows\spupdsvc.log
2015-04-09 01:29 - 2013-06-28 17:42 - 00253271 ____C () C:\Windows\ie8_main.log
2015-04-09 01:27 - 2014-02-17 00:31 - 00046693 ____C () C:\Windows\KB2909921-IE8.log
2015-04-09 01:26 - 2013-06-28 17:50 - 00090681 ____C () C:\Windows\KB2598845-IE8.log
2015-04-09 01:25 - 2013-06-28 17:49 - 00108252 ____C () C:\Windows\KB982381-IE8.log
2015-04-09 01:21 - 2013-06-28 17:47 - 00109348 ____C () C:\Windows\ie8.log
2015-04-09 01:19 - 2003-02-25 02:33 - 00000000 ____D () C:\Windows\Media
2015-04-08 22:11 - 2006-02-28 08:00 - 00000227 _____ () C:\Windows\system.ini
2015-04-08 20:54 - 2014-09-28 08:57 - 00000000 ____D () C:\Documents and Settings\K\Desktop\status
2015-04-08 14:08 - 2013-07-23 00:52 - 00001603 _____ () C:\Documents and Settings\K\Desktop\Restore.lnk
2015-04-08 13:13 - 2013-12-15 22:10 - 00001324 _____ () C:\Windows\System32\d3d9caps.dat
2015-04-07 07:52 - 2003-02-25 09:53 - 00000000 ____D () C:\Windows\Registration
2015-04-07 07:14 - 2013-11-07 20:34 - 00568474 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1958367476-682003330-1004-0.dat
2015-04-07 07:14 - 2013-11-04 14:02 - 00284450 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-04-07 04:09 - 2013-07-02 01:12 - 00000000 ____D () C:\Program Files\Google
2015-04-06 23:13 - 2013-07-17 05:01 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-06 23:04 - 2015-01-06 23:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-06 23:04 - 2015-01-06 23:10 - 00000000 ____D () C:\Program Files\Unchecky
2015-04-06 22:56 - 2015-01-14 01:20 - 00000000 ____D () C:\Documents and Settings\K\Application Data\BitTorrent
2015-04-06 21:49 - 2013-07-01 10:27 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-06 21:06 - 2014-09-13 22:22 - 00070776 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-06 19:06 - 2014-06-24 17:36 - 00000000 ____D () C:\Documents and Settings\K\My Documents\Cartoons
2015-04-06 18:51 - 2013-10-26 07:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-04-06 17:14 - 2013-07-01 12:47 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-04-06 08:37 - 2013-10-10 06:19 - 00636704 _____ () C:\Windows\System32\PerfStringBackup.TMP
2015-04-06 06:49 - 2003-02-25 02:41 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2015-04-14 21:09 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP493

RP: -> 2015-04-14 05:35 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP492

RP: -> 2015-04-13 02:02 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP491

RP: -> 2015-04-12 01:41 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP490

RP: -> 2015-04-11 06:28 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP489

RP: -> 2015-04-09 06:37 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP485

RP: -> 2015-04-09 04:07 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP484

RP: -> 2015-04-09 01:22 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP483

RP: -> 2015-04-09 01:18 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP482

RP: -> 2015-04-09 00:13 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP481

RP: -> 2015-04-08 13:26 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP480

RP: -> 2015-04-07 07:46 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP479

RP: -> 2015-04-07 07:13 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP478

RP: -> 2015-04-07 05:50 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP477

RP: -> 2015-04-07 04:23 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP474

RP: -> 2015-04-07 03:37 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP473

RP: -> 2015-04-07 03:20 - 024576 _restore{3E602A38-F5E5-47DB-93C5-0571F454F258}\RP472


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 1022.99 MB
Available physical RAM: 805.9 MB
Total Pagefile: 906.66 MB
Available Pagefile: 832.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.62 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (Local) (Fixed) (Total:38.16 GB) (Free:7.66 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (LEXAR) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 38.2 GB) (Disk ID: 15911591)
Partition 1: (Active) - (Size=38.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 483.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=483 MB) - (Type=06)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    491 bytes · Views: 2
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by SYSTEM at 2015-04-15 19:35:28 Run:6
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
S3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [X] <==== ATTENTION
C:\Program Files\Web Protect
C:\Program Files\Web Protect\MyOSProtect.exe
S1 pcwatch; C:\WINDOWS\system32\Drivers\pcwatch.sys [19840 2014-09-01] (MyOSCompany) <==== ATTENTION
C:\WINDOWS\system32\Drivers\pcwatch.sys
C:\WINDOWS\system32\MyOSProtect.dll
C:\Documents and Settings\All Users\Application Data\eazyzoom
C:\Documents and Settings\K\Application Data\4C4C4544-1428345196-5010-805A-B9C04F533231

*****************

MyOSProtect => Service deleted successfully.
"C:\Program Files\Web Protect" => File/Directory not found.
"C:\Program Files\Web Protect\MyOSProtect.exe" => File/Directory not found.
pcwatch => Service deleted successfully.
C:\WINDOWS\system32\Drivers\pcwatch.sys => Moved successfully.
C:\WINDOWS\system32\MyOSProtect.dll => Moved successfully.
"C:\Documents and Settings\All Users\Application Data\eazyzoom" => File/Directory not found.
C:\Documents and Settings\K\Application Data\4C4C4544-1428345196-5010-805A-B9C04F533231 => Moved successfully.

==== End of Fixlog 19:35:29 ====
 
Good :)

Restart computer normally and re-run FRST scan again.
Make sure you checkmark Addition.txt box so both logs will be produced.

I'll be back in 15 mins.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by K (administrator) on DESTINY on 15-04-2015 20:05:24
Running from E:\
Loaded Profiles: K (Available profiles: K & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
() C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
(Hefei Hejunzhengce Info Tech Co., Ltd.) C:\Program Files\Windows Audio\R1\AudioSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [430080 2007-02-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-725345543-1958367476-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-725345543-1958367476-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1046191103890
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
Winsock: Catalog9 01 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 18 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: SNT - C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\gliuyio@batooouaiei.com [2015-01-06]
FF Extension: EazyZoom - C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\ke@feqdi.com [2015-04-06]
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2014-01-02]
FF Extension: Dynamo Combo 1.0.1 - C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\{bf5001a3-ae7a-4910-925a-5060ef2c0508}.xpi [2015-01-06]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-17]
FF Extension: Healthcare Gov Tool - C:\Program Files\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-03-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-07-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-17]
CHR Extension: (Mp3Skull Toolbar) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\anaehjnjgheaikfecjlfokolkoalpnda [2015-04-06]
CHR Extension: (Google Docs) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-17]
CHR Extension: (Google Drive) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-17]
CHR Extension: (YouTube) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-09]
CHR Extension: (Google Search) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-17]
CHR Extension: (Mahjongg) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dfhgecpiaaideopgfehpomehflocnphd [2014-10-09]
CHR Extension: (Mahjongg Mahjongg) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgifnjpclblfhjamijejgmmmajndglm [2014-10-09]
CHR Extension: (Free Smileys & Emoticons) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eadohofilecbkoopckifdpenihdpdbfm [2014-10-09]
CHR Extension: (Mahjongg) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2014-10-09]
CHR Extension: (Google Sheets) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-17]
CHR Extension: (Whist Card Game) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnogegkomblljannepeelpenlmbdolna [2014-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Comic Webcam) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2014-10-09]
CHR Extension: (Frogger Classic) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mamnieegbgfhklagjjbacjiidjojeogd [2014-10-09]
CHR Extension: (Dice) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkomhldhkbggnefgdjggpfaaljlfmahe [2014-10-09]
CHR Extension: (Mahjong Games with High Scores) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ngcmfkldebnlhhnohafeahjkeihmcjjd [2014-10-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-09]
CHR Extension: (No Name) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\npeidojcmghjibnbnmjloedchcgdkbeo [2015-04-06]
CHR Extension: (No Name) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-04-06]
CHR Extension: (10,000) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\olabdgcmaiboddccbiajlekdekkkjjkb [2014-10-09]
CHR Extension: (Gmail) - C:\Documents and Settings\K\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2006-02-28] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 UDisk Monitor; C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [517960 2012-04-20] ()
R2 WinAudioSrv_R1; C:\Program Files\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CamDrL; C:\WINDOWS\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [99840 2002-11-12] (Intel Corporation)
S3 eustub; C:\WINDOWS\System32\DRIVERS\eusbstub.sys [13800 2014-09-27] (ELTIMA Software)
S3 Generalusbserialser20675; C:\WINDOWS\System32\DRIVERS\CT_U_USBSER.sys [112456 2012-04-20] (Incorporated)
S3 HPKBCCID; C:\WINDOWS\System32\DRIVERS\HPKBCCID.sys [48000 2012-03-05] (Hewlett-Packard Company)
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-11] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-11] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
S3 vuhub; C:\WINDOWS\System32\DRIVERS\vuhub.sys [63848 2013-12-10] (ELTIMA Software)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 20:05 - 2015-04-15 20:05 - 00000000 ____D () C:\Documents and Settings\K\Desktop\LOST.DIR
2015-04-14 21:17 - 2015-04-14 21:19 - 98077435 _____ (Igor Pavlov) C:\Documents and Settings\K\Desktop\OTLPEStd.exe
2015-04-14 20:36 - 2015-04-14 20:40 - 127231689 _____ (Igor Pavlov) C:\Documents and Settings\K\Desktop\OTLPENet.exe
2015-04-13 21:37 - 2015-04-11 22:29 - 00049825 _____ () C:\Documents and Settings\K\My Documents\Addition.txt
2015-04-12 21:11 - 2015-04-14 18:57 - 01136128 _____ (Farbar) C:\Documents and Settings\K\Desktop\FRST.exe
2015-04-12 21:02 - 2015-04-12 21:02 - 00063127 _____ () C:\Documents and Settings\K\My Documents\FRST.txt
2015-04-12 20:54 - 2015-04-14 21:04 - 00000000 ____D () C:\Documents and Settings\K\My Documents\Techspot
2015-04-11 23:08 - 2015-04-11 23:08 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2015-04-11 23:07 - 2015-04-15 20:06 - 00000000 ____D () C:\Documents and Settings\K\Desktop\Virus
2015-04-11 22:10 - 2015-04-15 20:05 - 00000000 ___DC () C:\FRST
2015-04-11 20:33 - 2015-04-11 20:36 - 150062624 _____ (Avast Software s.r.o.) C:\Documents and Settings\K\My Documents\avast_free_antivirus_setup.exe
2015-04-11 19:23 - 2015-04-11 19:23 - 00000000 ___DC () C:\TDSSKiller_Quarantine
2015-04-11 18:36 - 2015-04-11 19:48 - 00000000 ___DC () C:\AdwCleaner
2015-04-11 02:41 - 2015-04-11 19:00 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 02:25 - 2015-04-11 02:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-11 02:25 - 2015-04-11 02:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 02:25 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-11 02:15 - 2012-05-18 17:09 - 44753295 ____N () C:\Documents and Settings\K\Desktop\forMybabe3gp.mp4
2015-04-10 03:59 - 2015-04-11 20:47 - 00000101 _____ () C:\Documents and Settings\K\Desktop\Commands.txt
2015-04-10 01:05 - 2015-04-10 01:05 - 00000000 ____D () C:\Documents and Settings\K\Application Data\Help
2015-04-10 00:18 - 2015-04-10 00:18 - 00001548 _____ () C:\Documents and Settings\K\Desktop\Command Prompt.lnk
2015-04-09 05:30 - 2015-04-09 05:30 - 00000000 ___HD () C:\WINDOWS\PIF
2015-04-08 23:15 - 2015-04-09 05:30 - 00000000 __HDC () C:\WINDOWS\ie8
2015-04-08 22:18 - 2015-04-08 22:21 - 00034548 _____ () C:\WINDOWS\ie8Uninst.log
2015-04-08 22:17 - 2015-04-08 22:17 - 16883056 _____ (Microsoft Corporation) C:\Documents and Settings\LocalService\My Documents\IE8-WinXp-x86.exe
2015-04-08 22:16 - 2015-04-14 23:16 - 00000368 _____ () C:\WINDOWS\Tasks\UpdateAdmin.job
2015-04-08 18:56 - 2015-04-11 02:51 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-08 12:23 - 2015-04-11 17:13 - 00000444 _____ () C:\Documents and Settings\K\Desktop\routes.txt
2015-04-08 05:21 - 2015-04-08 05:21 - 00000000 _SHDC () C:\Documents and Settings\Administrator.KEIONA.000\PrivacIE
2015-04-08 04:22 - 2015-04-12 21:19 - 00000000 __HDC () C:\Documents and Settings\Administrator.KEIONA.000\Local Settings\Temp
2015-04-08 04:22 - 2015-04-11 18:51 - 00000178 __SHC () C:\Documents and Settings\Administrator.KEIONA.000\ntuser.ini
2015-04-08 04:22 - 2015-04-08 05:21 - 00000000 ___DC () C:\Documents and Settings\Administrator.KEIONA.000
2015-04-08 04:22 - 2015-04-08 04:22 - 00000000 _SHDC () C:\Documents and Settings\Administrator.KEIONA.000\IETldCache
2015-04-08 04:22 - 2013-11-18 07:15 - 00001604 ___HC () C:\Documents and Settings\Administrator.KEIONA.000\Start Menu\Programs\Remote Assistance.lnk
2015-04-08 04:22 - 2013-07-09 03:09 - 00000000 __HDC () C:\Documents and Settings\Administrator.KEIONA.000\Local Settings\Application Data\Microsoft Help
2015-04-08 04:22 - 2003-02-25 07:57 - 00000000 _RHDC () C:\Documents and Settings\Administrator.KEIONA.000\Start Menu\Programs\Accessories
2015-04-08 03:22 - 2015-04-08 03:22 - 00000000 ____D () C:\Program Files\Windows Audio
2015-04-07 05:51 - 2015-04-07 05:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-04-07 05:48 - 2015-04-07 05:48 - 00000000 ____D () C:\Documents and Settings\K\Application Data\youtube-downloader-and-converter
2015-04-07 05:48 - 2015-04-07 05:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2
2015-04-07 02:27 - 2015-04-07 05:11 - 00002136 ____C () C:\Documents and Settings\All Users\Application Data\tempimage.bmp
2015-04-06 22:31 - 2015-04-06 22:31 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Windows VXM
2015-04-06 21:42 - 2015-04-06 21:42 - 00000000 ____D () C:\WINDOWS\SysHealthController
2015-04-06 21:42 - 2015-04-06 21:42 - 00000000 ____D () C:\WINDOWS\SysFilesController
2015-04-06 21:42 - 2015-04-06 21:42 - 00000000 ____D () C:\Program Files\SysFiles
2015-04-06 21:41 - 2015-04-06 21:41 - 00000000 ____D () C:\Program Files\YouTube Download Pool
2015-04-06 21:40 - 2015-04-07 05:14 - 00000000 ____D () C:\Program Files\user extensions
2015-04-06 21:40 - 2015-04-06 21:40 - 00000000 ____D () C:\Program Files\9135fa6f-851d-4210-8a06-c060645e7f6d
2015-04-06 21:34 - 2015-04-06 21:34 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Application Data\Deployment
2015-04-06 20:57 - 2015-04-06 20:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Program Files\FamilySearch Indexing
2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Documents and Settings\K\.FamilySearchIndexing
2015-04-06 20:56 - 2015-04-06 20:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FamilySearch
2015-04-06 19:32 - 2015-04-09 03:21 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 19:12 - 2015-04-06 19:12 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-04-06 19:11 - 2015-04-06 19:49 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{9d39d2a8-4a19-bd4c-9d39-9d2a84a14aa1}
2015-04-06 19:11 - 2015-04-06 19:11 - 00000000 ____D () C:\Documents and Settings\K\Application Data\Company
2015-04-06 19:11 - 2015-04-06 19:11 - 00000000 ____D () C:\Documents and Settings\K\Application Data\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-04-06 18:58 - 2015-04-06 18:58 - 00000000 ____D () C:\Documents and Settings\Fresh\Local Settings\Application Data\Crossbrowse
2015-04-06 18:41 - 2015-04-06 18:41 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\COMODO
2015-04-06 18:40 - 2015-04-06 18:40 - 00000000 ____D () C:\Program Files\COMODO
2015-04-06 18:38 - 2015-04-12 21:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{d57a658c-02a3-56a6-d57a-a658c02a9630}
2015-04-06 18:36 - 2015-04-06 19:49 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Application Data\4C4C4544-1428345377-5010-805A-B9C04F533231
2015-04-06 18:17 - 2015-04-06 18:17 - 00001818 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-04-06 04:32 - 2015-04-06 20:54 - 00000000 ___DC () C:\138efef433ac4b7a372a18dc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 20:06 - 2003-02-25 08:17 - 00000000 ____D () C:\Documents and Settings\K\Local Settings\Temp
2015-04-15 20:03 - 2014-03-16 08:48 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-15 20:03 - 2003-02-25 08:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-15 20:03 - 2003-02-25 07:55 - 01101817 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-15 20:03 - 2003-02-25 00:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-15 20:03 - 2003-02-25 00:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-15 17:55 - 2003-02-25 08:01 - 00032558 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-14 23:24 - 2003-02-25 08:17 - 00000178 ___SH () C:\Documents and Settings\K\ntuser.ini
2015-04-14 19:49 - 2013-07-01 09:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-04-14 19:48 - 2013-07-17 03:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 19:32 - 2013-06-28 15:45 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 19:17 - 2006-02-28 06:00 - 00000743 _____ () C:\WINDOWS\win.ini
2015-04-13 18:51 - 2014-09-13 13:32 - 00000000 ____D () C:\Documents and Settings\K\Application Data\vlc
2015-04-12 21:19 - 2013-10-03 12:30 - 00000000 ___HD () C:\Documents and Settings\Fresh\Local Settings\Temp
2015-04-12 21:19 - 2003-02-25 08:17 - 00000000 ____D () C:\Documents and Settings\K
2015-04-12 20:51 - 2006-02-28 06:00 - 00013646 ____H () C:\WINDOWS\system32\wpa.dbl
2015-04-11 23:44 - 2014-09-07 03:57 - 00039473 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-04-11 23:44 - 2014-09-07 01:58 - 00075198 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-04-11 23:44 - 2013-07-01 09:43 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-04-11 23:27 - 2013-07-28 00:25 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-04-11 17:32 - 2013-07-27 16:29 - 00301400 _____ () C:\WINDOWS\pfirewall.log
2015-04-11 16:10 - 2013-11-25 01:22 - 00001585 _____ () C:\Documents and Settings\K\Desktop\Event.lnk
2015-04-11 16:10 - 2013-11-18 18:01 - 00001292 _____ () C:\Documents and Settings\K\Desktop\Shared.lnk
2015-04-11 02:25 - 2013-07-01 08:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-11 01:56 - 2014-03-02 23:29 - 00493907 _____ () C:\WINDOWS\setupapi.log
2015-04-11 01:56 - 2003-02-25 00:40 - 36953687 _____ () C:\WINDOWS\setupact.log
2015-04-10 01:46 - 2014-09-17 00:46 - 00000128 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-10 01:16 - 2003-02-25 08:01 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-10 01:05 - 2003-02-25 00:33 - 00000000 ____D () C:\WINDOWS\Help
2015-04-09 07:13 - 2013-07-27 16:29 - 04050606 _____ () C:\WINDOWS\pfirewall.log.old
2015-04-09 05:32 - 2013-06-28 15:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-09 02:11 - 2013-06-28 14:36 - 00217689 _____ () C:\WINDOWS\updspapi.log
2015-04-09 02:11 - 2003-02-25 00:41 - 01740669 _____ () C:\WINDOWS\FaxSetup.log
2015-04-09 02:11 - 2003-02-25 00:41 - 01065035 _____ () C:\WINDOWS\ocgen.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00724719 _____ () C:\WINDOWS\tsoc.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00623449 _____ () C:\WINDOWS\comsetup.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00416651 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00265582 _____ () C:\WINDOWS\iis6.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00103451 _____ () C:\WINDOWS\ocmsn.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00095469 _____ () C:\WINDOWS\msgsocm.log
2015-04-09 02:11 - 2003-02-25 00:41 - 00001355 _____ () C:\WINDOWS\imsins.log
2015-04-09 02:10 - 2014-02-16 22:31 - 00008661 ____C () C:\WINDOWS\KB2909210-IE8.log
2015-04-09 02:10 - 2003-02-25 00:41 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2015-04-09 02:09 - 2013-07-01 08:31 - 00014279 ____C () C:\WINDOWS\KB2510531-IE8.log
2015-04-09 00:46 - 2015-01-04 22:50 - 00000010 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\DSI.DAT
2015-04-08 23:33 - 2013-06-28 14:42 - 00101340 ____C () C:\WINDOWS\spupdsvc.log
2015-04-08 23:29 - 2013-06-28 15:42 - 00253271 ____C () C:\WINDOWS\ie8_main.log
2015-04-08 23:27 - 2014-02-16 22:31 - 00046693 ____C () C:\WINDOWS\KB2909921-IE8.log
2015-04-08 23:26 - 2013-06-28 15:50 - 00090681 ____C () C:\WINDOWS\KB2598845-IE8.log
2015-04-08 23:25 - 2013-06-28 15:49 - 00108252 ____C () C:\WINDOWS\KB982381-IE8.log
2015-04-08 23:21 - 2013-06-28 15:47 - 00109348 ____C () C:\WINDOWS\ie8.log
2015-04-08 23:19 - 2003-02-25 00:33 - 00000000 ____D () C:\WINDOWS\Media
2015-04-08 22:29 - 2003-02-25 08:17 - 00000000 ___RD () C:\Documents and Settings\K\Start Menu\Programs\Accessories
2015-04-08 22:08 - 2003-02-25 08:01 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-08 20:11 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-08 18:54 - 2014-09-28 06:57 - 00000000 ____D () C:\Documents and Settings\K\Desktop\status
2015-04-08 17:16 - 2003-02-25 07:57 - 00001568 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2015-04-08 17:16 - 2003-02-25 07:57 - 00001512 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2015-04-08 15:01 - 2014-03-16 08:48 - 00000208 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-04-08 12:08 - 2013-07-22 22:52 - 00001603 _____ () C:\Documents and Settings\K\Desktop\Restore.lnk
2015-04-08 11:13 - 2013-12-15 20:10 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-07 05:53 - 2013-10-03 12:30 - 00000000 ___HD () C:\Documents and Settings\Fresh
2015-04-07 05:52 - 2003-02-25 07:53 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-07 05:14 - 2013-11-07 18:34 - 00568474 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-1958367476-682003330-1004-0.dat
2015-04-07 05:14 - 2013-11-04 12:02 - 00284450 ____C () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-04-07 02:09 - 2013-07-01 23:12 - 00000000 ____D () C:\Program Files\Google
2015-04-06 21:04 - 2015-01-06 21:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-06 21:04 - 2015-01-06 21:10 - 00000000 ____D () C:\Program Files\Unchecky
2015-04-06 20:56 - 2015-01-13 23:20 - 00000000 ____D () C:\Documents and Settings\K\Application Data\BitTorrent
2015-04-06 20:32 - 2015-01-12 04:09 - 00000000 __SDC () C:\Documents and Settings\Administrator.KEIONA
2015-04-06 19:49 - 2013-07-01 08:27 - 00000000 ____D () C:\Program Files\AVAST Software
2015-04-06 19:06 - 2014-09-13 20:22 - 00070776 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-06 17:06 - 2014-06-24 15:36 - 00000000 ____D () C:\Documents and Settings\K\My Documents\Cartoons
2015-04-06 16:51 - 2013-10-26 05:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2015-04-06 15:14 - 2013-07-01 10:47 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-04-06 06:37 - 2013-10-10 04:19 - 00636704 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2015-04-06 04:49 - 2003-02-25 00:41 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by K at 2015-04-15 20:07:24
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Android USB Driver (HKLM\...\Android USB Driver_is1) (Version: - )
Belkin USB Wireless Adapter (HKLM\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (Version: 1.0.0.13 - Belkin) Hidden
FamilySearch Indexing 3.24.2 (HKLM\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPrograms (HKLM\...\WinPrograms) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

07-04-2015 01:20:38 Removed Pro PC Cleaner
07-04-2015 01:38:06 Restore Operation
07-04-2015 02:23:35 Removed GeekBuddy.
07-04-2015 03:16:18 Restore Operation
07-04-2015 03:35:15 Restore Operation
07-04-2015 03:50:30 Restore Operation
07-04-2015 05:13:53 Restore Operation
07-04-2015 05:46:08 Restore Operation
08-04-2015 11:26:59 Removed GeekBuddy.
08-04-2015 22:13:30 Software Distribution Service 3.0
08-04-2015 23:18:55 Installed Windows Internet Explorer 8.
08-04-2015 23:22:13 Software Distribution Service 3.0
09-04-2015 02:07:49 Software Distribution Service 3.0
09-04-2015 04:37:38 Removed UpdateAdmin
09-04-2015 04:59:07 Restore Operation
09-04-2015 05:18:11 Restore Operation
09-04-2015 05:37:48 Restore Operation
11-04-2015 04:28:09 System Checkpoint
11-04-2015 23:41:19 Software Distribution Service 3.0
13-04-2015 00:02:59 System Checkpoint
14-04-2015 03:35:14 System Checkpoint
14-04-2015 19:09:15 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 06:00 - 2015-01-13 03:08 - 00001903 ___AH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\UpdateAdmin.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\UpdateAdmin\UpdateAdmin.exe

==================== Loaded Modules (whitelisted) ==============

2013-11-01 23:02 - 2012-04-20 14:13 - 00517960 _____ () C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\sndrec32.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eusbstub.sys:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammg119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammg119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-725345543-1958367476-682003330-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-725345543-1958367476-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.KEIONA.000
Guest (S-1-5-21-725345543-1958367476-682003330-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-725345543-1958367476-682003330-1000 - Limited - Disabled)
K (S-1-5-21-725345543-1958367476-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\K
SUPPORT_388945a0 (S-1-5-21-725345543-1958367476-682003330-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 11:16:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application OTLPENet.exe, version 4.65.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2015 03:14:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/14/2015 03:13:39 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (04/14/2015 03:13:34 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (04/12/2015 09:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 11.4.2015.0, faulting module frst.exe, version 11.4.2015.0, fault address 0x0001f09e.
Processing media-specific event for [frst.exe!ws!]

Error: (04/12/2015 08:53:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application pepdaga.exe, version 1.1.0.30, faulting module pepdaga.exe, version 1.1.0.30, fault address 0x0003ed10.
Error in creating result PEAP-TLV in response to received PEAP-TLV (pepdaga.exe!ld!)

Error: (04/12/2015 08:53:45 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application pepdwga.exe, version 1.1.0.30, faulting module pepdwga.exe, version 1.1.0.30, fault address 0x0001d6de.
Error in creating result PEAP-TLV in response to received PEAP-TLV (pepdwga.exe!ld!)


System errors:
=============
Error: (04/15/2015 08:03:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Automatic Updates service terminated with the following error:
%%2147952506

Error: (04/15/2015 08:03:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error:
%%10106

Error: (04/15/2015 08:03:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).

Error: (04/15/2015 08:03:35 PM) (Source: WMPNetworkSvc) (EventID: 14336) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because IUPnPDeviceFinder::StartAsyncFind(MediaRenderer) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (04/14/2015 03:10:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zoulcodkuo service failed to start due to the following error:
%%3

Error: (04/14/2015 03:10:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Slug Docking Station service failed to start due to the following error:
%%2

Error: (04/14/2015 03:10:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The koyrdhbau service failed to start due to the following error:
%%3

Error: (04/13/2015 09:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zoulcodkuo service failed to start due to the following error:
%%3

Error: (04/13/2015 09:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Slug Docking Station service failed to start due to the following error:
%%2

Error: (04/13/2015 09:43:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The koyrdhbau service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (04/14/2015 11:16:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTLPENet.exe4.65.0.0hungapp0.0.0.000000000

Error: (04/14/2015 03:14:12 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/14/2015 03:13:40 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/14/2015 03:13:39 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (04/14/2015 03:13:34 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established

Error: (04/12/2015 09:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe11.4.2015.0frst.exe11.4.2015.00001f09e

Error: (04/12/2015 08:53:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: pepdaga.exe1.1.0.30pepdaga.exe1.1.0.300003ed10

Error: (04/12/2015 08:53:45 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: pepdwga.exe1.1.0.30pepdwga.exe1.1.0.300001d6de


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 1022.99 MB
Available physical RAM: 736.33 MB
Total Pagefile: 3928.54 MB
Available Pagefile: 3764.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.31 MB

==================== Drives ================================

Drive c: (Local) (Fixed) (Total:38.16 GB) (Free:7.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (LEXAR) (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 38.2 GB) (Disk ID: 15911591)
Partition 1: (Active) - (Size=38.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 483.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=483 MB) - (Type=06)

==================== End Of Log ============================
 
It looks much, much better :)

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    887 bytes · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by K at 2015-04-15 20:22:28 Run:7
Running from E:\
Loaded Profiles: K (Available profiles: K & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog9 01 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 02 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
Winsock: Catalog9 18 C:\WINDOWS\system32\MyOSProtect.dll File Not found ()
FF Extension: EazyZoom - C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\ke@feqdi.com [2015-04-06]
C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\ke@feqdi.com
AlternateDataStreams: C:\WINDOWS\system32\appwiz.cpl:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\sndrec32.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\Drivers\eusbstub.sys:SummaryInformation
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammg119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammg119.sys => ""="Driver"
*****************

"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => Key deleted successfully.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018" => Key deleted successfully.
C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\ke@feqdi.com => Moved successfully.
"C:\Documents and Settings\K\Application Data\Mozilla\Firefox\Profiles\8aymfdzx.default\Extensions\ke@feqdi.com" => File/Directory not found.
"C:\WINDOWS\system32\appwiz.cpl" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\system32\sndrec32.exe" => ":SummaryInformation" ADS not found.
"C:\WINDOWS\system32\Drivers\eusbstub.sys" => ":SummaryInformation" ADS not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\tammg119.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tammg119.sys" => Key deleted successfully.

==== End of Fixlog 20:22:28 ====
 
Perfect!

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I have a question while waiting for this scan to finish, I mentioned earlier that my other computer shuts down after various amounts of time, and gives me a blue screen, If I wanted to get help with that issue would I start a new forum topic the same as I did with this one?
 
I did the delete after the scan, but was I supposed to check the items I want deleted like it says, because after the 'delete' the 'supicious registry items' and whatever else I didn't checkmark are still there.
 
You must log in or register to reply here.

Similar threads

D
Windows xp home cannot connect to internet
Replies
4
Views
1K
bazz2004
B
M
Web Meeting disconnects even though internet is connected
Replies
1
Views
605
madhav04
M
Mickey1
PC Freezes & won't open anything
Replies
3
Views
509
info12345
info12345

Latest posts

Back