Solved Trojan & Indexer.exe was looping under Symantic

Tchspt7 · Sep 12, 2015

I read your resolutions with others and got rid of the expired Symantic Corporate and installed Avast Internet Security but this Indexer.exe is still showing up under Zone Alarm Pro trying to access internet (which I deny) but I am finding multiple Indexer.exe running in task manager processes. I "end process" them but I find them back next day. I have run 32 bit Farbar and text is below.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
Ran by Owner (administrator) on NO-COMP-NM (12-09-2015 00:40:14)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm Client] => C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [919016 2007-11-14] (Zone Labs, LLC)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-09-07] (AVAST Software)
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [SwanSoft CNC: FANUC 0i T] => Regsvr32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\SwanSoft CNC: FANUC 0i T\kuwmexng.dll"
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-07-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
Tcpip\..\Interfaces\{B835AF2C-F877-4355-AB86-25CF29ED734D}: [DhcpNameServer] 192.168.1.1 71.243.0.12

Internet Explorer:
==================
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-20] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-117609710-602162358-1177238915-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331722979203

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\searchplugins\java-api.xml [2014-07-02]
FF Extension: Low Quality Flash - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\low_quality_flash@pie2k.com [2015-05-29]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-07]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-04]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-24]
FF Extension: Video Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\yiddxjamun@yiddxjamun.org.xpi [2004-08-03]
FF Extension: YouTube High Definition - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-09]
FF HKLM\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn10.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [89192 2012-10-06] (Dassault Systèmes SolidWorks Corp.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-09] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-20] (Oracle Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-12-09] (SolidWorks) [File not signed]
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2007-11-14] (Zone Labs, LLC)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [256160 2015-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)
R3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 ICDUSB2; C:\WINDOWS\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-03-09] (Sonic Solutions) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2011-06-14] (Zone Labs, LLC)
R1 vcdrom; C:\Temp\Win Virtual CDROM\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 cpuz136; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 00:36 - 2015-09-12 00:40 - 00000000 ____D C:\FRST
2015-09-11 20:33 - 2015-09-11 20:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-09-07 20:24 - 2015-09-07 20:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2015-09-07 20:23 - 2015-09-07 20:23 - 00001749 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-09-07 20:22 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-09-07 20:21 - 2015-09-07 20:22 - 00010067 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-07 20:21 - 2015-09-07 20:22 - 00000000 ____D C:\WINDOWS\LastGood
2015-09-07 20:21 - 2015-09-07 20:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-09-07 20:19 - 2015-09-11 20:19 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-07 20:17 - 2015-09-07 20:17 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-07 20:17 - 2015-09-07 20:17 - 00256160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-07 20:17 - 2015-09-07 20:17 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-09-07 20:15 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 20:12 - 2015-09-07 20:12 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ipjpydmj.sys
2015-09-07 18:23 - 2015-09-07 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-09-07 18:20 - 2015-07-28 19:29 - 214939448 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_internet_security_setup.exe
2015-09-07 16:08 - 2015-04-13 20:52 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
2015-09-01 20:42 - 2015-09-01 20:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:30 - 2015-08-31 21:30 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-08-31 21:26 - 2015-08-31 21:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HTC MediaHub
2015-08-31 21:17 - 2015-08-31 21:17 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2015-08-31 20:56 - 2015-08-31 21:23 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-08-31 19:54 - 2015-08-31 21:24 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox(2)
2015-08-31 19:50 - 2015-09-11 23:55 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job
2015-08-31 19:50 - 2015-09-11 19:55 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-08-31 06:25 - 2015-08-31 06:31 - 00000005 _____ C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-12 00:40 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-09-12 00:19 - 2011-06-13 11:27 - 00761922 _____ C:\WINDOWS\setupapi.log
2015-09-11 22:19 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2015-09-11 08:55 - 2011-06-14 05:41 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-08 15:00 - 2014-10-15 06:35 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-07 20:22 - 2011-06-13 11:30 - 00900350 _____ C:\WINDOWS\FaxSetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00463501 _____ C:\WINDOWS\ocgen.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00354973 _____ C:\WINDOWS\tsoc.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00310463 _____ C:\WINDOWS\comsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00189078 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00140515 _____ C:\WINDOWS\iis6.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00050789 _____ C:\WINDOWS\ocmsn.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00046078 _____ C:\WINDOWS\msgsocm.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00001355 _____ C:\WINDOWS\imsins.log
2015-09-07 20:08 - 2011-06-13 21:39 - 01093905 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 20:07 - 2014-10-15 06:35 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-07 20:07 - 2011-06-14 07:25 - 00352185 _____ C:\WINDOWS\system32\vsconfig.xml
2015-09-07 20:07 - 2011-06-14 07:25 - 00004212 ____H C:\WINDOWS\system32\zllictbl.dat
2015-09-07 20:07 - 2011-06-13 11:32 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-07 20:07 - 2011-06-13 11:32 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-07 20:06 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-09-07 20:06 - 2011-06-14 05:41 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-09-07 20:06 - 2011-06-14 05:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2015-09-07 19:36 - 2012-11-11 17:40 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-07 19:36 - 2006-01-05 05:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 19:35 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner
2015-09-07 15:07 - 2011-06-13 11:26 - 00172590 _____ C:\WINDOWS\setupact.log
2015-09-05 12:53 - 2014-05-25 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\pool pool
2015-09-01 20:43 - 2015-01-12 22:14 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 20:43 - 2011-06-14 08:02 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-01 20:36 - 2014-03-30 18:09 - 00000000 ____D C:\Program Files\Paragon Software
2015-09-01 20:21 - 2015-01-17 20:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-08-31 22:12 - 2015-01-17 20:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-08-31 21:45 - 2011-06-13 11:26 - 00296456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-31 21:45 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-31 21:42 - 2011-06-14 05:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-31 21:42 - 2011-06-13 21:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-31 21:41 - 2011-06-13 21:38 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 21:30 - 2015-02-01 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HTC
2015-08-31 21:26 - 2015-02-01 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HTC
2015-08-31 21:26 - 2015-02-01 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HTC
2015-08-30 22:15 - 2015-03-21 12:55 - 00000000 ____D C:\Documents and Settings\Owner\.freemind
2015-08-30 21:12 - 2015-03-21 13:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Free Mind_______

==================== Files in the root of some directories =======

2014-02-17 20:58 - 2014-02-17 20:58 - 0000138 _____ () C:\Documents and Settings\Owner\Application Data\wpstate.ini
2012-03-10 19:29 - 2015-06-07 20:17 - 0049664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\mdi064.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
Ran by Owner (2015-09-12 00:41:25)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-06-14 05:42:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-117609710-602162358-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-117609710-602162358-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-602162358-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-117609710-602162358-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-117609710-602162358-1177238915-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (Version: 1.1.0.0 - Minitab, Inc.) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.56.1043 - Webteh, d.o.o.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DWGeditor (Version: 18.21.12 - SolidWorks) Hidden
EaseUS Partition Master 9.3.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Hetman Partition Recovery 2.1 (HKLM\...\Hetman Partition Recovery) (Version: - )
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Mavis Beacon Teaches Typing 9.0.0 (HKLM\...\MavisBeacon9) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM\...\Minitab16) (Version: 16.1.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (Version: 16.1.1.0 - Minitab Inc) Hidden
Minitab16 (Version: 16.1.1.0 - Minitab, Inc.) Hidden
Minitab16 (Version: 16.1.1.1 - Minitab Inc) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPLAB Tools v8.70 (HKLM\...\InstallShield_{04BCCDE5-83FF-4507-A0DF-8DA962DC1712}) (Version: 8.70 - Microchip Technology Inc.)
MPLAB Tools v8.70 (Version: 8.70 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paragon Partition Manager™ 12 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoView 360 (Version: 18.21.12 - SolidWorks Corporation) Hidden
ProjectLibre (HKLM\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Quicken WillMaker Plus 2013 (HKLM\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
Quiknowledge (HKLM\...\Quiknowledge) (Version: 1.9.0.3 - Quiknowledge) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6316 - Realtek Semiconductor Corp.)
SoftwareManager (Version: 1.1.0.0 - Minitab, Inc.) Hidden
SolidWorks 2010 SP02.1 (HKLM\...\SolidWorks Installation Manager 20100-40201-1100-200) (Version: 18.2.1.12 - SolidWorks Corporation)
SolidWorks 2010 SP02.1 (Version: 18.121.12 - SolidWorks) Hidden
SolidWorks 2012 SP05 (HKLM\...\SolidWorks Installation Manager 20120-40500-1100-200) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.2.122 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP05 (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2012 SP05 (Version: 20.50.80 - SolidWorks Corporation) Hidden
Sony Digital Voice Editor 3 (HKLM\...\Sony Digital Voice Editor 3) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
The QI Macros for Excel (HKLM\...\The QI Macros for Excel) (Version: Excel 2000-2010 - KnowWare International Inc)
TLP LogixPro Simulator (HKLM\...\LogixPro PLC Simulator_is1) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\WinDirStat) (Version: - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 10.0 (6698) - WinZip Computing LP)
XMind 2013 (v3.4.1) (HKLM\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
ZoneAlarm Pro (HKLM\...\ZoneAlarm Pro) (Version: 7.0.462.000 - Check Point, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{08561A80-72D2-7B13-980E-CB624AB9A0BC}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points =========================

01-08-2015 19:59:21 System Checkpoint
02-08-2015 20:33:45 System Checkpoint
03-08-2015 22:15:57 System Checkpoint
04-08-2015 22:46:58 System Checkpoint
05-08-2015 23:03:08 System Checkpoint
06-08-2015 23:06:36 System Checkpoint
07-08-2015 23:10:12 System Checkpoint
09-08-2015 00:09:04 System Checkpoint
10-08-2015 00:14:46 System Checkpoint
11-08-2015 01:14:50 System Checkpoint
12-08-2015 02:09:15 System Checkpoint
13-08-2015 03:07:52 System Checkpoint
14-08-2015 04:06:31 System Checkpoint
15-08-2015 04:10:46 System Checkpoint
16-08-2015 04:18:58 System Checkpoint
17-08-2015 04:25:42 System Checkpoint
18-08-2015 05:20:12 System Checkpoint
19-08-2015 06:20:13 System Checkpoint
20-08-2015 07:20:09 System Checkpoint
21-08-2015 08:20:13 System Checkpoint
22-08-2015 09:20:10 System Checkpoint
23-08-2015 10:20:13 System Checkpoint
24-08-2015 11:20:09 System Checkpoint
25-08-2015 12:20:09 System Checkpoint
26-08-2015 13:20:09 System Checkpoint
27-08-2015 14:20:09 System Checkpoint
28-08-2015 15:20:09 System Checkpoint
29-08-2015 16:20:09 System Checkpoint
30-08-2015 17:20:11 System Checkpoint
31-08-2015 06:31:22 Removed HTC Sync Manager.
31-08-2015 21:21:15 Restore Operation
02-09-2015 00:26:10 System Checkpoint
03-09-2015 01:16:56 System Checkpoint
04-09-2015 02:10:06 System Checkpoint
05-09-2015 03:05:24 System Checkpoint
06-09-2015 03:58:05 System Checkpoint
07-09-2015 04:00:29 System Checkpoint
07-09-2015 19:34:38 Removed Symantec Endpoint Protection.
07-09-2015 19:53:09 Removed Symantec Endpoint Protection.
07-09-2015 20:15:48 avast! antivirus system restore point
07-09-2015 20:22:05 Installed Windows XP Wdf01009.
08-09-2015 21:17:15 System Checkpoint
09-09-2015 22:15:54 System Checkpoint
10-09-2015 23:14:36 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-03 21:00 - 2004-08-03 21:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Minitab Software Update Manager.job => C:\Program Files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00046576 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd
2011-06-14 07:25 - 2007-11-14 15:04 - 00796048 _____ () C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-14 07:25 - 2007-11-14 15:06 - 00194032 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
2015-09-07 20:17 - 2015-09-07 20:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-07 20:18 - 2015-09-07 20:18 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072800\algo.dll
2015-09-11 18:27 - 2015-09-11 18:27 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091109\algo.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-602162358-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1 - 71.243.0.12
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:HASP LLM
StandardProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2015 08:31:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/07/2015 07:56:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: errorFailed unregistering service.

Error: (09/07/2015 07:52:53 PM) (Source: Symantec AntiVirus) (EventID: 14) (User: )
Description: Symantec Endpoint Protection services failed to start. (2000005F)Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0011&build=symantec_ent

Error: (09/07/2015 07:51:40 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/07/2015 07:34:38 PM) (Source: MsiInstaller) (EventID: 11719) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (09/07/2015 07:33:09 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/07/2015 07:31:56 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/07/2015 07:31:55 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

System errors:
=============
Error: (09/11/2015 03:00:49 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/11/2015 02:00:25 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/11/2015 01:00:08 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 11:59:48 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 10:24:34 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 08:47:57 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 06:47:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 05:36:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 04:00:20 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Error: (09/10/2015 01:59:55 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-

Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 2045.98 MB
Available physical RAM: 1315.05 MB
Total Virtual: 3942.64 MB
Available Virtual: 3169.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.68 GB) (Free:14.62 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (BIG_BACKUP) (Fixed) (Total:37.25 GB) (Free:37.07 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: ED00ED00)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 60E154B1)
Partition 1: (Active) - (Size=37.3 GB) - (Type=0C)

==================== End of Addition.txt ============================

I have downloaded all the tools you noted in previous posts but only ran Farbar so far. Your assistance is appreciated. This is XP SP3 on a Dell 3000 tower but I can see that everything is exposed from running Farbar. End first post 9-12-2015 1am

mailpup · Sep 12, 2015

Moving to V & M Removal forum.

Broni · Sep 12, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

Uninstall following unwanted program: Quiknowledge.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Tchspt7 · Sep 13, 2015

All has gone well up to JRT.exe. I watch task manager as it runs and when the command window disapears the sys idle go to 99 and nothing is running... and there is no JRT.txt anywhere on the PC. I know it is a cmd line process and not windows but still CMD shows running when it starts and just goes away. I reloaded JRT.exe version 6.7.1.0 from folder to desktop several times and even rebooted to insure nothing else was running. I killed Zone Alarm and Avast Antivirus each time also. I will chance that it is running and unseen and let the system run overnight hoping for a JRT.txt on the screen in the morning but if not then I don't think I will be able to get this XP SP3 to deliver jrt.txt. I don't have an admin to run it as because I am owner with all permissions and I get no offer to run as admin when I follow XP guide to run an exe as admin with the shift and rt clk efforts. mbam & adwcleaner files are pasted below.

Malwarebytes Anti-Malware
www.malwarebytes.org

Error, 9/13/2015 10:00:38 AM, SYSTEM, NO-COMP-NM, Update, Bad md5 or size: domains, 11,
Error, 9/13/2015 10:00:38 AM, SYSTEM, NO-COMP-NM, Update, Bad md5 or size: ips, 11,
Error, 9/13/2015 10:00:38 AM, SYSTEM, NO-COMP-NM, Update, Bad md5 or size: akadomains, 11,
Error, 9/13/2015 10:00:38 AM, SYSTEM, NO-COMP-NM, Update, Bad md5 or size: akaips, 11,
Update, 9/13/2015 10:00:39 AM, SYSTEM, NO-COMP-NM, Manual, AKA Domain Database, 0.0.0.0, 2015.9.11.2,
Update, 9/13/2015 10:00:40 AM, SYSTEM, NO-COMP-NM, Manual, AKA IP Database, 0.0.0.0, 2015.9.11.2,
Update, 9/13/2015 10:00:41 AM, SYSTEM, NO-COMP-NM, Manual, Remediation Database, 2015.5.13.1, 2015.9.11.1,
Update, 9/13/2015 10:00:48 AM, SYSTEM, NO-COMP-NM, Manual, Domain Database, 0.0.0.0, 2015.9.13.1,
Update, 9/13/2015 10:00:48 AM, SYSTEM, NO-COMP-NM, Manual, Rootkit Database, 2015.6.2.1, 2015.8.16.1,
Update, 9/13/2015 10:00:50 AM, SYSTEM, NO-COMP-NM, Manual, IP Database, 0.0.0.0, 2015.9.11.5,
Update, 9/13/2015 10:01:01 AM, SYSTEM, NO-COMP-NM, Manual, Malware Database, 2015.6.3.3, 2015.9.13.2,

(end)

# AdwCleaner v5.007 - Logfile created 13/09/2015 at 17:54:50
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - NO-COMP-NM
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\StarApp
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\WinterSoft

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quiknowledge@quiknowledge.com]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Iminent
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\Quiknowledge
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2097 bytes] ##########

Again, If there is no jrt.txt in the morning then I am afraid that the jrt.exe is just running a quick command screen box and then dropping out. Is this possible? I tried to search for anyone else having trouble running jrt under xp sp3 and could not find anything. I know you noted to be patient with jrt but when CPU shows zero and there is no finishing text file then I get real curious. Thanks much for the advise.

Broni · Sep 13, 2015

Forget JRT for now.

I still need RogueKiller log.

MBAM log is incorrect. This is not "scan" log.

Tchspt7 · Sep 14, 2015

Sorry. Don't want to waste your time. I believe this is RogueKiller:

RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\RogueKiller 32bit\RogueKiller.exe
Mode : Delete -- Date : 09/13/2015 09:00:58

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] mdi064.dll(3536) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mdi064.dll[x] -> Unloaded

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run | SwanSoft CNC: FANUC 0i T : Regsvr32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\SwanSoft CNC: FANUC 0i T\kuwmexng.dll" [7][x] -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HDS728080PLAT20 +++++
--- User ---
[MBR] f8fd86940dc82b2a44e3957975f47ed5
[BSP] c2ab398f4c30e0df20078d5e477f488b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 78520 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] f8fd86940dc82b2a44e3957975f47ed5
[BSP] c2ab398f4c30e0df20078d5e477f488b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 78520 MB[Invalid]

+++++ PhysicalDrive1: WDC WD400BB-00JKA0 +++++
--- User ---
[MBR] dc67291514a74eb049ffc2fad301648a
[BSP] 757386bdeb1923ed387f39e3a8e87ed4 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 38154 MB
User = LL1 ... OK
User = LL2 ... OK

I hope this is correct for RogueKiller. I thought it was noted that one did not need to to install mbam to get a scan so I did not install last time ... what ever.. I installed the trial and will let it run but may reboot so if so I will just post this and then come back later or tomorrow. Thanks for being patient. Pic looks like espresso. I start with a Krups double Pilon every morning @ 5.

Tchspt7 · Sep 15, 2015

MBAM ran and this is all I ever get after re-boot. If this is result is junk then I can do no more and I'm done wasting your time. I don't know why this is this all it gets. What should this file look like? What more can I do? It took 19 hours for this to run. Maybe there is nothing to see?

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/15/2015
Scan Time: 6:31:49 PM
Logfile: 9-15-15 B s-c-a-n mbam.txt
Administrator: Yes

Version: 0.0.0.0000
Malware Database: v2015.09.15.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387157
Time Elapsed: 19 hr, 21 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Why is everything ZERO? What is wrong with the way I am running this? This took 20 hours and gave me nothing? Please comment.

Broni · Sep 15, 2015

"0" means clean.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Tchspt7 · Sep 16, 2015

ComboFix 15-09-07.01 - Owner 09/16/2015 21:31:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.839 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Local Settings\Application Data\Adobe\AdbeRdr11007_en_US.exe
c:\documents and settings\Owner\Local Settings\Application Data\Adobe\gccheck.exe
c:\documents and settings\Owner\Local Settings\Application Data\Adobe\gtbcheck.exe
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\{ED44616D-FEDD-4926-B3CA-88B2AE51A74F}.xps
c:\documents and settings\Owner\My Documents\~WRL0525.tmp
C:\drvrtmp
.
.
((((((((((((((((((((((((( Files Created from 2015-08-17 to 2015-09-17 )))))))))))))))))))))))))))))))
.
.
2015-09-14 01:43 . 2015-09-14 01:54 -------- d-----w- C:\AdwCleaner
2015-09-13 17:59 . 2015-09-17 04:38 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-13 17:59 . 2015-09-15 04:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-09-13 17:59 . 2015-09-13 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-09-13 17:59 . 2015-06-18 16:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-13 17:59 . 2015-06-18 16:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-13 06:24 . 2015-09-13 06:24 -------- d-----w- c:\documents and settings\Owner\Application Data\FLEXnet
2015-09-13 06:05 . 2015-09-13 06:05 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-13 06:05 . 2015-09-13 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
2015-09-12 08:36 . 2015-09-12 08:42 -------- d-----w- C:\FRST
2015-09-12 04:33 . 2015-09-12 04:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2015-09-08 04:24 . 2015-09-08 04:24 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2015-09-08 04:22 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2015-09-08 04:15 . 2015-09-08 04:15 -------- d-----w- c:\program files\AVAST Software
2015-09-08 02:23 . 2015-09-08 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2015-09-01 05:41 . 2015-09-01 05:41 -------- d-----w- c:\windows\system32\wbem\Repository
2015-09-01 05:30 . 2015-09-01 05:30 -------- d-----w- c:\program files\Common Files\Nero
2015-09-01 05:26 . 2015-09-01 05:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\HTC MediaHub
2015-09-01 04:56 . 2015-09-01 05:23 -------- d-s---w- c:\documents and settings\Administrator
2015-09-01 03:50 . 2015-09-01 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Dropbox
2015-08-31 14:25 . 2015-08-31 14:31 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-09-08 04:17 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-08 6111824]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [9/7/2015 8:17 PM 12112]
R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [9/7/2015 8:17 PM 256160]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [9/7/2015 8:17 PM 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [9/7/2015 8:17 PM 208664]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [9/7/2015 8:17 PM 26096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/7/2015 8:17 PM 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/7/2015 8:17 PM 433264]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\temp\Win Virtual CDROM\VCdRom.sys [7/21/2014 4:30 PM 8576]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [9/7/2015 8:17 PM 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [9/7/2015 8:17 PM 76000]
R2 avast! Firewall;Avast Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [9/7/2015 8:17 PM 109008]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [6/27/2014 10:24 AM 87368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [9/13/2015 9:59 AM 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [9/13/2015 9:59 AM 1133880]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [10/17/2013 3:27 PM 166912]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [9/7/2015 8:17 PM 161472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/13/2015 9:59 AM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [9/13/2015 9:59 AM 98520]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [10/6/2012 6:38 AM 89192]
S3 cpuz136;cpuz136;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [4/1/2014 8:32 PM 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [4/1/2014 8:32 PM 9160]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [10/17/2013 3:27 PM 21248]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\ICDUSB2.sys [6/12/2014 8:02 PM 39048]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-08 04:17]
.
2015-09-16 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-10-14 01:59]
.
2015-09-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-10-14 01:59]
.
2015-09-13 c:\windows\Tasks\Minitab Software Update Manager.job
- c:\program files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2010-11-05 18:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SwanSoft CNC: FANUC 0i T - c:\documents and settings\Owner\Local Settings\Application Data\SwanSoft CNC: FANUC 0i T\kuwmexng.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-09-16 21:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2015-09-16 21:45:13
ComboFix-quarantined-files.txt 2015-09-17 05:45
.
Pre-Run: 10,888,110,080 bytes free
Post-Run: 11,365,240,832 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1D31AE737A1C476253CC8D525E72C784
8F558EB6672622401DA993E1E865C861
So this seemed to run smooth. Thanks for sticking with me. Be nice to hear about what you are seeing but I will continue as you direct...

Broni · Sep 16, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Tchspt7 · Sep 17, 2015

Everything on this system is delayed and slow to respond even when task manager shows no activity. This seemed to run fine and produced both files.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by Owner (administrator) on NO-COMP-NM (17-09-2015 21:58:54)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [ZoneAlarm Client] => C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [919016 2007-11-14] (Zone Labs, LLC)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-08] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-07-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
Tcpip\..\Interfaces\{B835AF2C-F877-4355-AB86-25CF29ED734D}: [DhcpNameServer] 192.168.1.1 71.243.0.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-117609710-602162358-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-20] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-117609710-602162358-1177238915-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331722979203

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\searchplugins\java-api.xml [2014-07-02]
FF Extension: Low Quality Flash - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\low_quality_flash@pie2k.com [2015-05-29]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-07]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-04]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-24]
FF Extension: Video Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\yiddxjamun@yiddxjamun.org.xpi [2004-08-03]
FF Extension: YouTube High Definition - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [89192 2012-10-06] (Dassault Systèmes SolidWorks Corp.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-09] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-20] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-12-09] (SolidWorks) [File not signed]
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2007-11-14] (Zone Labs, LLC)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [256160 2015-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 ICDUSB2; C:\WINDOWS\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-17] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-03-09] (Sonic Solutions) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2011-06-14] (Zone Labs, LLC)
R1 vcdrom; C:\Temp\Win Virtual CDROM\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
U3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
U3 TlntSvr; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 21:58 - 2015-09-17 22:03 - 00016170 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2015-09-17 21:56 - 2015-09-17 21:56 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2015-09-17 21:53 - 2015-09-17 21:56 - 01695232 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2015-09-16 21:45 - 2015-09-17 22:03 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2015-09-16 21:45 - 2015-09-16 21:45 - 00012521 _____ C:\ComboFix.txt
2015-09-16 21:45 - 2015-09-16 21:45 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-09-16 21:45 - 2015-09-16 21:45 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-09-16 21:26 - 2015-09-16 21:26 - 00000000 _RSHD C:\cmdcons
2015-09-16 21:26 - 2011-06-13 21:35 - 00000211 _____ C:\Boot.bak
2015-09-16 21:26 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-09-16 21:22 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-09-16 21:22 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-09-16 21:22 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-09-16 21:22 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-09-16 21:17 - 2015-09-16 21:45 - 00000000 ____D C:\Qoobox
2015-09-16 21:13 - 2015-09-16 21:43 - 00000000 ____D C:\WINDOWS\erdnt
2015-09-16 21:07 - 2015-09-16 21:07 - 05635119 ____R (Swearware) C:\Documents and Settings\Owner\Desktop\ComboFix.exe
2015-09-13 18:20 - 2015-09-13 18:15 - 01800104 _____ (Malwarebytes Corporation) C:\Documents and Settings\Owner\Desktop\JRT.exe
2015-09-13 17:43 - 2015-09-13 17:54 - 00000000 ____D C:\AdwCleaner
2015-09-13 17:40 - 2015-09-13 17:40 - 01660416 _____ C:\Documents and Settings\Owner\Desktop\adwcleaner_5.007.exe
2015-09-13 09:59 - 2015-09-17 19:21 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-13 09:59 - 2015-09-14 20:28 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-13 09:59 - 2015-09-14 20:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-13 09:59 - 2015-09-14 20:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-13 09:59 - 2015-09-13 09:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-09-13 09:59 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-13 09:59 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-13 09:57 - 2015-09-06 18:47 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Owner\Desktop\mbam-setup-2.1.8.1057.exe
2015-09-12 22:24 - 2015-09-12 22:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\FLEXnet
2015-09-12 22:05 - 2015-09-13 09:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-09-12 22:05 - 2015-09-12 22:05 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-12 00:36 - 2015-09-17 22:00 - 00000000 ____D C:\FRST
2015-09-11 20:33 - 2015-09-11 20:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-09-07 20:24 - 2015-09-07 20:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2015-09-07 20:23 - 2015-09-07 20:23 - 00001749 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-09-07 20:22 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-09-07 20:21 - 2015-09-07 20:22 - 00010067 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-07 20:21 - 2015-09-07 20:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-09-07 20:19 - 2015-09-17 20:23 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-07 20:17 - 2015-09-07 20:17 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-07 20:17 - 2015-09-07 20:17 - 00256160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-07 20:17 - 2015-09-07 20:17 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-09-07 20:15 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 18:23 - 2015-09-07 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-09-07 18:20 - 2015-07-28 19:29 - 214939448 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_internet_security_setup.exe
2015-09-07 16:08 - 2015-04-13 20:52 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
2015-09-01 20:42 - 2015-09-01 20:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:30 - 2015-08-31 21:30 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-08-31 21:26 - 2015-08-31 21:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HTC MediaHub
2015-08-31 21:17 - 2015-08-31 21:17 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2015-08-31 20:56 - 2015-08-31 21:23 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-08-31 19:54 - 2015-08-31 21:24 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox(2)
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-08-31 06:25 - 2015-08-31 06:31 - 00000005 _____ C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-16 21:48 - 2011-06-14 07:25 - 00352185 _____ C:\WINDOWS\system32\vsconfig.xml
2015-09-16 21:45 - 2011-06-14 05:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-16 21:41 - 2014-07-01 23:55 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-09-16 21:41 - 2004-08-03 21:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-09-16 21:26 - 2011-06-13 11:26 - 00000327 __RSH C:\boot.ini
2015-09-16 21:22 - 2011-06-14 05:41 - 00032056 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-15 20:20 - 2011-06-13 21:39 - 01108624 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-15 20:19 - 2014-10-15 06:35 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-15 20:19 - 2011-06-13 11:32 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-15 20:19 - 2011-06-13 11:32 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-15 20:07 - 2011-06-14 05:41 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-09-15 20:07 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner
2015-09-13 17:13 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-09-13 17:11 - 2012-11-11 17:40 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-12 22:24 - 2014-09-12 22:24 - 00000478 _____ C:\WINDOWS\Tasks\Minitab Software Update Manager.job
2015-09-12 00:19 - 2011-06-13 11:27 - 00761922 _____ C:\WINDOWS\setupapi.log
2015-09-08 15:00 - 2014-10-15 06:35 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-07 20:22 - 2011-06-13 11:30 - 00900350 _____ C:\WINDOWS\FaxSetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00463501 _____ C:\WINDOWS\ocgen.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00354973 _____ C:\WINDOWS\tsoc.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00310463 _____ C:\WINDOWS\comsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00189078 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00140515 _____ C:\WINDOWS\iis6.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00050789 _____ C:\WINDOWS\ocmsn.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00046078 _____ C:\WINDOWS\msgsocm.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00001355 _____ C:\WINDOWS\imsins.log
2015-09-07 20:07 - 2011-06-14 07:25 - 00004212 ____H C:\WINDOWS\system32\zllictbl.dat
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2015-09-07 19:36 - 2006-01-05 05:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 15:07 - 2011-06-13 11:26 - 00172590 _____ C:\WINDOWS\setupact.log
2015-09-05 12:53 - 2014-05-25 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\pool pool
2015-09-01 20:43 - 2015-01-12 22:14 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 20:43 - 2011-06-14 08:02 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-01 20:36 - 2014-03-30 18:09 - 00000000 ____D C:\Program Files\Paragon Software
2015-09-01 20:21 - 2015-01-17 20:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-08-31 22:12 - 2015-01-17 20:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-08-31 21:45 - 2011-06-13 11:26 - 00296456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-31 21:45 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-31 21:42 - 2011-06-14 05:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-31 21:42 - 2011-06-13 21:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-31 21:41 - 2011-06-13 21:38 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 21:30 - 2015-02-01 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HTC
2015-08-31 21:26 - 2015-02-01 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HTC
2015-08-31 21:26 - 2015-02-01 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HTC
2015-08-30 22:15 - 2015-03-21 12:55 - 00000000 ____D C:\Documents and Settings\Owner\.freemind
2015-08-30 21:12 - 2015-03-21 13:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Free Mind_______

==================== Files in the root of some directories =======

2014-02-17 20:58 - 2014-02-17 20:58 - 0000138 _____ () C:\Documents and Settings\Owner\Application Data\wpstate.ini
2012-03-10 19:29 - 2015-06-07 20:17 - 0049664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Tchspt7 · Sep 17, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by Owner (2015-09-17 22:07:44)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-06-14 05:42:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-117609710-602162358-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-117609710-602162358-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-602162358-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-117609710-602162358-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-117609710-602162358-1177238915-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 8 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (Version: 1.1.0.0 - Minitab, Inc.) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.56.1043 - Webteh, d.o.o.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DWGeditor (Version: 18.21.12 - SolidWorks) Hidden
EaseUS Partition Master 9.3.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Hetman Partition Recovery 2.1 (HKLM\...\Hetman Partition Recovery) (Version: - )
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mavis Beacon Teaches Typing 9.0.0 (HKLM\...\MavisBeacon9) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM\...\Minitab16) (Version: 16.1.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (Version: 16.1.1.0 - Minitab Inc) Hidden
Minitab16 (Version: 16.1.1.0 - Minitab, Inc.) Hidden
Minitab16 (Version: 16.1.1.1 - Minitab Inc) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPLAB Tools v8.70 (HKLM\...\InstallShield_{04BCCDE5-83FF-4507-A0DF-8DA962DC1712}) (Version: 8.70 - Microchip Technology Inc.)
MPLAB Tools v8.70 (Version: 8.70 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paragon Partition Manager™ 12 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoView 360 (Version: 18.21.12 - SolidWorks Corporation) Hidden
ProjectLibre (HKLM\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Quicken WillMaker Plus 2013 (HKLM\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6316 - Realtek Semiconductor Corp.)
SoftwareManager (Version: 1.1.0.0 - Minitab, Inc.) Hidden
SolidWorks 2010 SP02.1 (HKLM\...\SolidWorks Installation Manager 20100-40201-1100-200) (Version: 18.2.1.12 - SolidWorks Corporation)
SolidWorks 2010 SP02.1 (Version: 18.121.12 - SolidWorks) Hidden
SolidWorks 2012 SP05 (HKLM\...\SolidWorks Installation Manager 20120-40500-1100-200) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.2.122 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP05 (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2012 SP05 (Version: 20.50.80 - SolidWorks Corporation) Hidden
Sony Digital Voice Editor 3 (HKLM\...\Sony Digital Voice Editor 3) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
The QI Macros for Excel (HKLM\...\The QI Macros for Excel) (Version: Excel 2000-2010 - KnowWare International Inc)
TLP LogixPro Simulator (HKLM\...\LogixPro PLC Simulator_is1) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\WinDirStat) (Version: - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 10.0 (6698) - WinZip Computing LP)
XMind 2013 (v3.4.1) (HKLM\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
ZoneAlarm Pro (HKLM\...\ZoneAlarm Pro) (Version: 7.0.462.000 - Check Point, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points =========================

11-08-2015 01:14:50 System Checkpoint
12-08-2015 02:09:15 System Checkpoint
13-08-2015 03:07:52 System Checkpoint
14-08-2015 04:06:31 System Checkpoint
15-08-2015 04:10:46 System Checkpoint
16-08-2015 04:18:58 System Checkpoint
17-08-2015 04:25:42 System Checkpoint
18-08-2015 05:20:12 System Checkpoint
19-08-2015 06:20:13 System Checkpoint
20-08-2015 07:20:09 System Checkpoint
21-08-2015 08:20:13 System Checkpoint
22-08-2015 09:20:10 System Checkpoint
23-08-2015 10:20:13 System Checkpoint
24-08-2015 11:20:09 System Checkpoint
25-08-2015 12:20:09 System Checkpoint
26-08-2015 13:20:09 System Checkpoint
27-08-2015 14:20:09 System Checkpoint
28-08-2015 15:20:09 System Checkpoint
29-08-2015 16:20:09 System Checkpoint
30-08-2015 17:20:11 System Checkpoint
31-08-2015 06:31:22 Removed HTC Sync Manager.
31-08-2015 21:21:15 Restore Operation
02-09-2015 00:26:10 System Checkpoint
03-09-2015 01:16:56 System Checkpoint
04-09-2015 02:10:06 System Checkpoint
05-09-2015 03:05:24 System Checkpoint
06-09-2015 03:58:05 System Checkpoint
07-09-2015 04:00:29 System Checkpoint
07-09-2015 19:34:38 Removed Symantec Endpoint Protection.
07-09-2015 19:53:09 Removed Symantec Endpoint Protection.
07-09-2015 20:15:48 avast! antivirus system restore point
07-09-2015 20:22:05 Installed Windows XP Wdf01009.
08-09-2015 21:17:15 System Checkpoint
09-09-2015 22:15:54 System Checkpoint
10-09-2015 23:14:36 System Checkpoint
12-09-2015 01:34:59 System Checkpoint
13-09-2015 02:13:03 System Checkpoint
13-09-2015 18:25:25 JRT Pre-Junkware Removal
13-09-2015 18:47:10 JRT Pre-Junkware Removal
13-09-2015 18:56:23 JRT Pre-Junkware Removal
13-09-2015 19:25:53 JRT Pre-Junkware Removal
13-09-2015 19:34:22 JRT Pre-Junkware Removal
14-09-2015 22:15:21 System Checkpoint
15-09-2015 22:52:06 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-03 21:00 - 2015-09-16 21:41 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Minitab Software Update Manager.job => C:\Program Files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-07 20:17 - 2015-09-07 20:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-15 16:29 - 2015-09-15 16:29 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091501\algo.dll
2015-09-16 15:23 - 2015-09-16 15:23 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15091602\algo.dll
2015-09-17 20:23 - 2015-09-17 20:23 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15091703\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-06-14 07:09 - 2006-09-13 23:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-14 07:25 - 2007-11-14 15:06 - 00194032 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00046576 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd
2011-06-14 07:25 - 2007-11-14 15:04 - 00796048 _____ () C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
2008-04-14 02:42 - 2013-01-01 22:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117609710-602162358-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1 - 71.243.0.12
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:HASP LLM
StandardProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 08:43:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/15/2015 08:05:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/15/2015 08:05:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.55.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/12/2015 10:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x100019b8.
Processing media-specific event for [rundll32.exe!ws!]

Error: (09/07/2015 08:31:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/07/2015 07:56:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: errorFailed unregistering service.

Error: (09/07/2015 07:52:53 PM) (Source: Symantec AntiVirus) (EventID: 14) (User: )
Description: Symantec Endpoint Protection services failed to start. (2000005F)Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0011&build=symantec_ent

Error: (09/07/2015 07:51:40 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/07/2015 07:34:38 PM) (Source: MsiInstaller) (EventID: 11719) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Error: (09/07/2015 07:33:09 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

System errors:
=============
Error: (09/15/2015 08:20:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/13/2015 05:54:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (09/13/2015 05:54:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HTCMonitorService service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2015 05:54:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 2045.98 MB
Available physical RAM: 675.72 MB
Total Virtual: 3942.21 MB
Available Virtual: 2526.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.68 GB) (Free:2.03 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (BIG_BACKUP) (Fixed) (Total:37.25 GB) (Free:37.07 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: ED00ED00)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 60E154B1)
Partition 1: (Active) - (Size=37.3 GB) - (Type=0C)

==================== End of Addition.txt ============================

Broni · Sep 17, 2015

Windows XP is 14 years old operating system so you can't expect miracles.
It won't be very fast.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Tchspt7 · Sep 18, 2015

Fix result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by Owner (2015-09-18 22:51:08) Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-117609710-602162358-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
U3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
U3 TlntSvr; no ImagePath
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
2014-02-17 20:58 - 2014-02-17 20:58 - 0000138 _____ () C:\Documents and Settings\Owner\Application Data\wpstate.ini
2012-03-10 19:29 - 2015-06-07 20:17 - 0049664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf:com.dropbox.attributes

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-117609710-602162358-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
McComponentHostService => service removed successfully.
catchme => service removed successfully.
cpuz136 => service removed successfully.
TlntSvr => service removed successfully.
mbr => service not found.
C:\Documents and Settings\Owner\Application Data\wpstate.ini => moved successfully
C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully.
"HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}" => key removed successfully.
C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf => ":com.dropbox.attributes" ADS removed successfully..

==== End of Fixlog 22:51:15 ====
Thanks for continuing to work with me. Is it reasonable to upgrade to W7 on this PC?

Broni · Sep 18, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Tchspt7 · Sep 20, 2015

Results of screen317's Security Check version 1.008
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Pro
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.296 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (40.0.3)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
Zone Labs ZoneAlarm zlclient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 26-07-2015
Ran by Owner (administrator) on 20-09-2015 at 16:55:38
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****
Running TFC next and will post.

Tchspt7 · Sep 20, 2015

2015-09-21 02:04:50.687 Sophos Virus Removal Tool version 2.5.4
2015-09-21 02:04:50.687 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-09-21 02:04:50.687 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-09-21 02:04:50.687 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2015-09-21 02:04:50.687 Checking for updates...
2015-09-21 02:04:51.562 Update progress: proxy server not available
2015-09-21 02:05:17.265 Option all = no
2015-09-21 02:05:17.265 Option recurse = yes
2015-09-21 02:05:17.265 Option archive = no
2015-09-21 02:05:17.265 Option service = yes
2015-09-21 02:05:17.265 Option confirm = yes
2015-09-21 02:05:17.265 Option sxl = yes
2015-09-21 02:05:17.265 Option max-data-age = 35
2015-09-21 02:05:17.265 Option EnableSafeClean = yes
2015-09-21 02:05:19.000 Option vdl-logging = yes
2015-09-21 02:05:19.000 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-09-21 02:05:19.000 Machine ID: 1e3b8f42e9b34fcfa5279ebb147a1584
2015-09-21 02:05:19.031 Component SVRTcli.exe version 2.5.4
2015-09-21 02:05:19.031 Component control.dll version 2.5.4
2015-09-21 02:05:19.031 Component SVRTservice.exe version 2.5.4
2015-09-21 02:05:19.031 Component engine\osdp.dll version 1.44.1.2210
2015-09-21 02:05:19.031 Component engine\veex.dll version 3.61.0.2210
2015-09-21 02:05:19.031 Component engine\savi.dll version 8.1.8.2210
2015-09-21 02:05:19.046 Component rkdisk.dll version 1.5.30.0
2015-09-21 02:05:19.046 Version info: Product version 2.5.4
2015-09-21 02:05:19.046 Version info: Detection engine 3.61.0
2015-09-21 02:05:19.046 Version info: Detection data 5.19
2015-09-21 02:05:19.046 Version info: Build date 9/15/2015
2015-09-21 02:05:19.046 Version info: Data files added 198
2015-09-21 02:05:19.046 Version info: Last successful update (not yet updated)
2015-09-21 02:05:38.421 Downloading updates...
2015-09-21 02:05:38.437 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-09-21 02:05:38.437 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-09-21 02:05:38.437 Update progress: [I49502] Found supplement IDE520 LATEST
2015-09-21 02:05:38.437 Update progress: [I49502] Found supplement IDE521 LATEST
2015-09-21 02:05:38.437 Update progress: [I49502] Found supplement IDE522 LATEST
2015-09-21 02:05:38.437 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-09-21 02:05:38.437 Update progress: [I19463] Syncing product SAVIW32 60
2015-09-21 02:05:53.265 Update progress: [I19463] Syncing product IDE520 171
2015-09-21 02:05:54.171 Installing updates...
2015-09-21 02:05:56.031 Error level 1
2015-09-21 02:05:56.140 Update progress: [I19463] Syncing product IDE521 29
2015-09-21 02:05:56.140 Update progress: [I19463] Syncing product IDE522 1
2015-09-21 02:06:28.406 Update successful
2015-09-21 02:06:53.234 Option all = no
2015-09-21 02:06:53.234 Option recurse = yes
2015-09-21 02:06:53.234 Option archive = no
2015-09-21 02:06:53.234 Option service = yes
2015-09-21 02:06:53.234 Option confirm = yes
2015-09-21 02:06:53.234 Option sxl = yes
2015-09-21 02:06:53.234 Option max-data-age = 35
2015-09-21 02:06:53.234 Option EnableSafeClean = yes
2015-09-21 02:06:53.312 Option vdl-logging = yes
2015-09-21 02:06:53.328 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-09-21 02:06:53.328 Machine ID: 1e3b8f42e9b34fcfa5279ebb147a1584
2015-09-21 02:06:53.328 Component SVRTcli.exe version 2.5.4
2015-09-21 02:06:53.328 Component control.dll version 2.5.4
2015-09-21 02:06:53.328 Component SVRTservice.exe version 2.5.4
2015-09-21 02:06:53.328 Component engine\osdp.dll version 1.44.1.2210
2015-09-21 02:06:53.328 Component engine\veex.dll version 3.61.0.2210
2015-09-21 02:06:53.328 Component engine\savi.dll version 8.1.8.2210
2015-09-21 02:06:53.328 Component rkdisk.dll version 1.5.30.0
2015-09-21 02:06:53.328 Version info: Product version 2.5.4
2015-09-21 02:06:53.328 Version info: Detection engine 3.61.0
2015-09-21 02:06:53.328 Version info: Detection data 5.19G
2015-09-21 02:06:53.328 Version info: Build date 9/15/2015
2015-09-21 02:06:53.328 Version info: Data files added 198
2015-09-21 02:06:53.328 Version info: Last successful update 9/20/2015 6:06:28 PM

2015-09-21 03:51:33.031 >>> Virus 'Mal/Generic-S' found in file C:\Documents and Settings\Owner\My Documents\Downloads\Autodesk Mech KGen\1stry\Autodesk_Autocad_Mechanical_keygen_by_ACME.exe
2015-09-21 03:51:33.078 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-09-21 03:51:33.093 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-09-21 03:51:33.125 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-09-21 03:51:33.328 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-09-21 03:51:33.359 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-09-21 03:51:33.375 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file C:\Documents and Settings\Owner\My Documents\Downloads\Autodesk Mech KGen\1stry\key.exe
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-09-21 03:51:45.390 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-09-21 04:33:20.421 Could not check C:\Program Files\SolidWorks Corp\SolidWorks (2)\api\swutilitiesapivb6.chm\/script/ax2005.js (format not supported)
2015-09-21 04:33:20.421 Could not check C:\Program Files\SolidWorks Corp\SolidWorks (2)\api\swutilitiesapivb6.chm (virus scan failed)
2015-09-21 05:00:41.687 Could not open C:\WINDOWS\Temp\hlktmp
2015-09-21 05:01:06.031 The following items will be cleaned up:
2015-09-21 05:01:06.031 Mal/Generic-S

Broni · Sep 20, 2015

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Broni · Sep 25, 2015

The issue seems to be resolved.

Solved Trojan & Indexer.exe was looping under Symantic

Posts: 10 +0

Posts: 7,855 +919

Posts: 56,041 +516

Posts: 10 +0

Posts: 56,041 +516

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Posts: 10 +0

Posts: 56,041 +516

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Attachments

Posts: 10 +0

Posts: 56,041 +516

Posts: 10 +0

Posts: 10 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads