Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow, Old PC Infected Multiple Times


  • This topic is locked This topic is locked
33 replies to this topic

#1 tntnb

tntnb

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 08 March 2014 - 09:25 PM

Hi. My wife's old PC (Windows xP) is slow and has been infected numerous times over the past year or so. I've cleaned it up as best I can but I am quite sure it is very, very messy. Any help to get things running faster would be so appreciated.

The DDS.txt log is below and the Attach.txt log is attached. Thank you for your help.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_35
Run by Terri at 21:14:58 on 2014-03-08
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1031 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRunOnce: [XP_EOS] c:\windows\system32\xp_eos.exe /r
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1294114081838
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{659FCEF1-BE7A-4F68-86B4-945F417313D6} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terri\application data\mozilla\firefox\profiles\8rsu53jp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.blackle.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2011-01-04 20:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-22 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-22 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-1 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-1 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-1 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-22 66336]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2011-12-1 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2011-12-1 57440]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\terri\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\terri\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\terri\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\terri\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S3 RADAR;RADAR;\??\c:\docume~1\terri\locals~1\temp\mfe_rr.sys --> c:\docume~1\terri\locals~1\temp\mfe_rr.sys [?]
.
=============== Created Last 30 ================
.
2014-03-07 17:57:40    13312    -c----w-    c:\windows\system32\dllcache\xp_eos.exe
2014-03-07 17:57:40    13312    ------w-    c:\windows\system32\xp_eos.exe
2014-02-22 19:14:15    --------    d-----w-    c:\program files\Defraggler
2014-02-22 18:05:59    --------    d-----w-    c:\windows\pss
.
==================== Find3M  ====================
.
2014-02-05 23:26:52    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 23:26:43    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-02-05 22:24:05    385024    ----a-w-    c:\windows\system32\html.iec
2014-01-04 03:13:05    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-31 01:31:29    12872    ----a-w-    c:\windows\system32\bootdelete.exe
.
============= FINISH: 21:17:22.31 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:44 AM

Posted 10 March 2014 - 05:47 AM

:welcome:

Hello tntnb,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 06:09 AM

Hi Jo. Thank you for your help!

 

Here is the checkup.txt log. I will post the other requested logs as soon as I've run the OTL program.

 

=========

 

 Results of screen317's Security Check version 0.99.80  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Trojan Remover 6.8.2   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 35  
 Java version out of Date!
  Adobe Flash Player     11.7.700.224 Flash Player out of Date!  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox 4.0b10 Firefox out of Date!  
 Mozilla Thunderbird (24.3.0)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````
 



#4 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 06:28 AM

Hi Jo. I am sending this reply from a different computer than the one which is infected.

 

I started the OTL program and it began to run, but after a couple of minutes I got the following error message:

 

Cannot open file

C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Defalut\preferences

 

I clicked OK on the error message. The OTL program has been stuck on "Scanning Chrome settings" for about 10 minutes now. Please advise. Thanks.



#5 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:44 AM

Posted 10 March 2014 - 06:36 AM

Hello tntnb,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 08:08 AM

Hello tntnb,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Hi Jo. The Malwarebytes program did indeed find malware but I did not Clean it, as you instructed. I will now move on to run AdwCleaner.

 

The Malwarebytes program generated two logs, both of which I've pasted below.

 

=======

 

This is MBAR-log-***.txt:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: DOWNSTAIRS-PC [administrator]

3/10/2014 7:47:04 AM
mbar-log-2014-03-10 (07-47-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243066
Time elapsed: 1 hour(s), 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\RECYCLER\S-1-5-18\$f3a8fcc45d6ee153f5320eebe32ffeb6 (Trojan.Siredef.C) -> No action taken.
C:\RECYCLER\S-1-5-21-1275210071-1060284298-839522115-1004\$f3a8fcc45d6ee153f5320eebe32ffeb6 (Trojan.Siredef.C) -> No action taken.

Files Detected: 1
C:\Documents and Settings\Kids\Desktop\drawing by b\BestCodecPack_Setup.exe (Adware.InstallBrain) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)


======

 

This is system-log.txt:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2145464320, free: 1452081152

Downloaded database version: v2014.03.10.03
Downloaded database version: v2014.02.20.01
Initializing...
======================
------------ Kernel report ------------
     03/10/2014 07:46:45
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\IntelC53.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\IntelC51.sys
\SystemRoot\system32\DRIVERS\IntelC52.sys
\SystemRoot\system32\DRIVERS\mohfilt.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\jswscimd.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\wsimd.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\System32\Drivers\wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\athuw.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a700ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-17\
Lower Device Object: 0xffffffff8a702b00
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a700ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a70a930, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a700ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a702b00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-17\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156232062
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Infected: C:\Documents and Settings\Kids\Desktop\drawing by b\BestCodecPack_Setup.exe --> [Adware.InstallBrain]
Infected: C:\RECYCLER\S-1-5-18\$f3a8fcc45d6ee153f5320eebe32ffeb6 --> [Trojan.Siredef.C]
Infected: C:\RECYCLER\S-1-5-21-1275210071-1060284298-839522115-1004\$f3a8fcc45d6ee153f5320eebe32ffeb6 --> [Trojan.Siredef.C]
Scan finished
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 



#7 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 08:13 AM

Here is the AdwCleaner log.

 

I did not click the Clean button. Should I do so?

 

 

========

 

 

 

# AdwCleaner v3.020 - Report created 10/03/2014 at 09:11:46
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Terri - DOWNSTAIRS-PC
# Running from : C:\Documents and Settings\Terri\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\searchplugins\my-web-search.xml
File Found : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\searchplugins\zonealarm.xml
File Found : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\user.js
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\Premium
Folder Found C:\Documents and Settings\Kids\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Documents and Settings\Kids\Local Settings\Application Data\Ilivid Player
Folder Found C:\Documents and Settings\Terri\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Program Files\1ClickDownload

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\TelevisionFanaticEI

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default\prefs.js ]


[ File : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "My Web Search");
Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Search Results");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q=");
Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=45ED5251-8157-4D18-9F5E-D9F1C97C0A86&n=77fce0c6&p2=^YO^xdm135^YY^us&si=176484");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.hp.lastGuardTime", 1336829143);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.hp.numGuards", 1);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.installDate", "2013061318");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerId", "^YO^xdm135^YY^us");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.partnerSubId", "176484");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.installation.toolbarId", "45ED5251-8157-4D18-9F5E-D9F1C97C0A86");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.lastActivePing", "1372532192540");
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.defaultSearch", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.homePageEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.keywordEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.options.tabEnabled", true);
Line Found : user_pref("extensions.toolbar.mindspark._1gMembers_.weather.location", "45201");
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "inboxace@mindspark.com");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "inboxace@mindspark.com");
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Found : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Kids\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url

*************************

AdwCleaner[R0].txt - [6385 octets] - [10/03/2014 09:11:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6445 octets] ##########
 


Edited by tntnb, 10 March 2014 - 08:14 AM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:44 AM

Posted 10 March 2014 - 08:21 AM

Hello tntnb,

Run Malwarebytes Anti-Rootkit again.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 10:28 AM

Hello tntnb,

Run Malwarebytes Anti-Rootkit again.

  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

Hi Jo. I ran the Malwarebytes tool again as you instructed, and clicked Cleanup. The report is below.

 

Note that when the computer rebooted after Cleanup, I got this message:

 

hmpsched.exe has encountered a problem and needs to close.

 

Also, a System Configuration Utility box popped up that I have never seen before. I made a screen capture of the box and uploaded it here for you to see:

 

http://imgur.com/5brdyiB

 

I will await further instructions.

 

====

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.10.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: DOWNSTAIRS-PC [administrator]

3/10/2014 9:56:26 AM
mbar-log-2014-03-10 (09-56-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 243082
Time elapsed: 1 hour(s), 17 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\RECYCLER\S-1-5-18\$f3a8fcc45d6ee153f5320eebe32ffeb6 (Trojan.Siredef.C) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1275210071-1060284298-839522115-1004\$f3a8fcc45d6ee153f5320eebe32ffeb6 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 1
C:\Documents and Settings\Kids\Desktop\drawing by b\BestCodecPack_Setup.exe (Adware.InstallBrain) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#10 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:44 AM

Posted 10 March 2014 - 10:50 AM

Hello tntnb,
 

Also, a System Configuration Utility box popped up that I have never seen before. I made a screen capture of the box and uploaded it here for you to see:

In this box you can check the option that it does not appear again.
Did you use msconfig to change some auto start items?

hmpsched.exe => HitmanPro Scheduler from SurfRight B.V
We will not use this tool here.
 

***

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***

Run OTL again.
  • Double click on the OTL icon to run it.
  • Right click on the OTL icon and select[/color][/i] Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 11:24 AM

Here is the AdwCleaner log. Moving on to run the Junkware Removal Tool now.

 

======

 

# Updated 10/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Terri - DOWNSTAIRS-PC
# Running from : C:\Documents and Settings\Terri\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v15.0.1 (en-US)

[ File : C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default\prefs.js ]


[ File : C:\Documents and Settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2c5l9jj.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Kids\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6525 octets] - [10/03/2014 09:11:46]
AdwCleaner[R1].txt - [1337 octets] - [10/03/2014 12:03:08]
AdwCleaner[S0].txt - [6706 octets] - [10/03/2014 09:42:49]
AdwCleaner[S1].txt - [1258 octets] - [10/03/2014 12:16:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1318 octets] ##########
 



#12 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 11:44 AM

Here is the JRT.txt log. Moving on now to run OTL.

 

====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Terri on Mon 03/10/2014 at 12:28:04.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Terri\Application Data\mozilla\firefox\profiles\8rsu53jp.default\minidumps [31 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/10/2014 at 12:35:40.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#13 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 11:56 AM

Jo, I had the same problem with the OTL program as I did in a previous post. I started the program and it began to run, but after a couple of minutes I got the following error message:

 

Cannot open file

C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Defalut\preferences

 

I clicked OK on the error message. The OTL program remained stuck on "Scanning Chrome settings" for several minutes, until I closed out of it as it appeared to be permanently stuck.

 

Please advise. Thanks.



#14 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:44 AM

Posted 10 March 2014 - 12:19 PM

Hi tntnb,

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 tntnb

tntnb
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 10 March 2014 - 12:30 PM

Here is the FRST.txt log, followed by the Addition.txt log.

 

=========

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-03-2014 02
Ran by Terri (administrator) on DOWNSTAIRS-PC on 10-03-2014 13:27:27
Running from C:\Documents and Settings\Terri\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros) C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1275210071-1060284298-839522115-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default
FF Homepage: hxxp://www.blackle.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default\searchplugins\wot-safe-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-08]
FF Extension: WOT - C:\Documents and Settings\Terri\Application Data\Mozilla\Firefox\Profiles\8rsu53jp.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-01]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-09-19]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-05]
CHR Extension: (YouTube) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-05]
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-05]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Terri\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-05]

========================== Services (Whitelisted) =================

R2 ACS; C:\WINDOWS\system32\acs.exe [495700 2009-02-20] (Atheros)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-23] (SurfRight B.V.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153584 2012-09-19] (Sun Microsystems, Inc.)
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [360529 2009-11-05] (Atheros Communications, Inc.)
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] ()

==================== Drivers (Whitelisted) ====================

R3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [175176 2013-06-27] ()
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [618880 2006-03-01] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2008-09-25] (Atheros Communications, Inc.)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2009-01-30] (Atheros Communications, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 RADAR; \??\C:\DOCUME~1\Terri\LOCALS~1\Temp\mfe_rr.sys [X]
S1 SASDIFSV; \??\C:\DOCUME~1\Terri\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S1 SASKUTIL; \??\C:\DOCUME~1\Terri\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-10 13:27 - 2014-03-10 13:27 - 00014514 _____ () C:\Documents and Settings\Terri\Desktop\FRST.txt
2014-03-10 13:27 - 2014-03-10 13:27 - 00000000 ____D () C:\FRST
2014-03-10 13:25 - 2014-03-10 13:25 - 01145856 _____ (Farbar) C:\Documents and Settings\Terri\Desktop\FRST.exe
2014-03-10 12:35 - 2014-03-10 12:35 - 00000739 _____ () C:\Documents and Settings\Terri\Desktop\JRT.txt
2014-03-10 12:27 - 2014-03-10 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-10 12:02 - 2014-03-10 12:02 - 01949184 _____ () C:\Documents and Settings\Terri\Desktop\AdwCleaner.exe
2014-03-10 11:59 - 2014-03-10 11:59 - 01037734 _____ (Thisisu) C:\Documents and Settings\Terri\Desktop\JRT.exe
2014-03-10 09:53 - 2014-03-10 09:53 - 00000610 _____ () C:\WINDOWS\setupapi.log
2014-03-10 09:11 - 2014-03-10 12:17 - 00000000 ____D () C:\AdwCleaner
2014-03-10 07:46 - 2014-03-10 09:56 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-10 07:46 - 2014-03-10 09:55 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-10 07:45 - 2014-03-10 11:14 - 00000000 ____D () C:\Documents and Settings\Terri\Desktop\mbar
2014-03-10 07:43 - 2014-03-10 07:43 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Terri\Desktop\mbar-1.07.0.1009.exe
2014-03-10 07:07 - 2014-03-10 07:07 - 00987442 _____ () C:\Documents and Settings\Terri\Desktop\SecurityCheck.exe
2014-03-10 07:07 - 2014-03-10 07:07 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Terri\Desktop\OTL.exe
2014-03-09 16:37 - 2014-03-09 16:38 - 00018954 _____ () C:\Documents and Settings\Terri\Desktop\Result.txt
2014-03-09 16:36 - 2014-03-09 16:36 - 00982016 _____ (Farbar) C:\Documents and Settings\Terri\Desktop\MiniToolBox.exe
2014-03-08 22:36 - 2014-03-10 12:20 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-08 22:36 - 2014-03-10 09:46 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-08 22:30 - 2014-03-08 22:30 - 00003841 _____ () C:\Documents and Settings\Terri\reset.log
2014-03-08 22:18 - 2014-03-08 22:18 - 00021623 _____ () C:\Documents and Settings\Terri\Desktop\attach.txt
2014-03-08 22:18 - 2014-03-08 22:17 - 00009590 _____ () C:\Documents and Settings\Terri\Desktop\dds.txt
2014-03-08 22:13 - 2014-03-08 22:13 - 00688992 ____R (Swearware) C:\Documents and Settings\Terri\Desktop\dds.com
2014-03-08 22:12 - 2014-03-08 22:12 - 00651696 _____ (Swearware) C:\Documents and Settings\Terri\Desktop\dds.com.part
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 13:57 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-07 13:57 - 2014-02-25 21:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-03 14:41 - 2014-03-07 14:59 - 00000000 ____D () C:\Documents and Settings\Terri\Desktop\C21 Questions
2014-02-22 15:14 - 2014-02-22 15:14 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2014-02-22 15:14 - 2014-02-22 15:14 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-22 15:14 - 2014-02-22 15:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2014-02-22 15:12 - 2014-02-22 15:13 - 04319176 _____ (Piriform Ltd) C:\Documents and Settings\Terri\Desktop\dfsetup217.exe
2014-02-22 14:55 - 2014-02-22 14:55 - 00179660 _____ () C:\Documents and Settings\Terri\My Documents\cc_20140222_135504.reg
2014-02-22 14:05 - 2014-03-08 21:56 - 00000000 ____D () C:\WINDOWS\pss
2014-02-13 04:40 - 2014-02-13 04:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$

==================== One Month Modified Files and Folders =======

2014-03-10 13:27 - 2014-03-10 13:27 - 00014514 _____ () C:\Documents and Settings\Terri\Desktop\FRST.txt
2014-03-10 13:27 - 2014-03-10 13:27 - 00000000 ____D () C:\FRST
2014-03-10 13:25 - 2014-03-10 13:25 - 01145856 _____ (Farbar) C:\Documents and Settings\Terri\Desktop\FRST.exe
2014-03-10 13:24 - 2011-01-29 11:38 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F5830AFD-608B-436F-89E9-599054CE4DF1}.job
2014-03-10 13:24 - 2011-01-04 00:43 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{338FA118-61CB-4358-BACB-E27A3D8B78DD}.job
2014-03-10 13:10 - 2012-05-16 14:43 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 13:07 - 2011-01-10 23:27 - 00002515 _____ () C:\Documents and Settings\Terri\Desktop\Microsoft Office Word 2007.lnk
2014-03-10 12:54 - 2011-01-01 12:58 - 00032142 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-10 12:35 - 2014-03-10 12:35 - 00000739 _____ () C:\Documents and Settings\Terri\Desktop\JRT.txt
2014-03-10 12:27 - 2014-03-10 12:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-10 12:27 - 2011-01-01 12:32 - 01169907 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-10 12:21 - 2001-08-23 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-10 12:20 - 2014-03-08 22:36 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-10 12:20 - 2012-07-18 09:54 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-10 12:20 - 2012-05-16 14:43 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 12:20 - 2011-01-01 07:21 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-10 12:20 - 2011-01-01 07:21 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-10 12:19 - 2011-01-01 12:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-10 12:17 - 2014-03-10 09:11 - 00000000 ____D () C:\AdwCleaner
2014-03-10 12:17 - 2011-01-01 13:00 - 00000178 ___SH () C:\Documents and Settings\Terri\ntuser.ini
2014-03-10 12:02 - 2014-03-10 12:02 - 01949184 _____ () C:\Documents and Settings\Terri\Desktop\AdwCleaner.exe
2014-03-10 11:59 - 2014-03-10 11:59 - 01037734 _____ (Thisisu) C:\Documents and Settings\Terri\Desktop\JRT.exe
2014-03-10 11:21 - 2011-01-01 07:19 - 00556040 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-10 11:17 - 2011-01-01 13:00 - 00000000 ____D () C:\Documents and Settings\Terri
2014-03-10 11:14 - 2014-03-10 07:45 - 00000000 ____D () C:\Documents and Settings\Terri\Desktop\mbar
2014-03-10 11:13 - 2012-08-21 21:35 - 00000000 ____D () C:\Documents and Settings\Kids\Desktop\drawing by b
2014-03-10 11:13 - 2011-01-04 01:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-03-10 09:56 - 2014-03-10 07:46 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-10 09:55 - 2014-03-10 07:46 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-10 09:53 - 2014-03-10 09:53 - 00000610 _____ () C:\WINDOWS\setupapi.log
2014-03-10 09:46 - 2014-03-08 22:36 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-10 09:44 - 2011-01-28 21:18 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-03-10 09:42 - 2013-07-11 08:16 - 00000000 ____D () C:\Documents and Settings\Terri\Application Data\CheckPoint
2014-03-10 09:42 - 2013-07-08 15:00 - 00000000 ____D () C:\Documents and Settings\Kids\Application Data\CheckPoint
2014-03-10 07:43 - 2014-03-10 07:43 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Terri\Desktop\mbar-1.07.0.1009.exe
2014-03-10 07:07 - 2014-03-10 07:07 - 00987442 _____ () C:\Documents and Settings\Terri\Desktop\SecurityCheck.exe
2014-03-10 07:07 - 2014-03-10 07:07 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Terri\Desktop\OTL.exe
2014-03-09 18:58 - 2011-01-04 00:07 - 00000000 __SHD () C:\Documents and Settings\Terri\UserData
2014-03-09 16:38 - 2014-03-09 16:37 - 00018954 _____ () C:\Documents and Settings\Terri\Desktop\Result.txt
2014-03-09 16:36 - 2014-03-09 16:36 - 00982016 _____ (Farbar) C:\Documents and Settings\Terri\Desktop\MiniToolBox.exe
2014-03-09 15:36 - 2011-02-06 17:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-08 22:38 - 2011-01-01 07:17 - 00000327 ____H () C:\boot.ini
2014-03-08 22:38 - 2001-08-23 08:00 - 00000721 _____ () C:\WINDOWS\win.ini
2014-03-08 22:38 - 2001-08-23 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-08 22:31 - 2011-01-29 11:12 - 00000178 ___SH () C:\Documents and Settings\Kids\ntuser.ini
2014-03-08 22:30 - 2014-03-08 22:30 - 00003841 _____ () C:\Documents and Settings\Terri\reset.log
2014-03-08 22:18 - 2014-03-08 22:18 - 00021623 _____ () C:\Documents and Settings\Terri\Desktop\attach.txt
2014-03-08 22:17 - 2014-03-08 22:18 - 00009590 _____ () C:\Documents and Settings\Terri\Desktop\dds.txt
2014-03-08 22:13 - 2014-03-08 22:13 - 00688992 ____R (Swearware) C:\Documents and Settings\Terri\Desktop\dds.com
2014-03-08 22:12 - 2014-03-08 22:12 - 00651696 _____ (Swearware) C:\Documents and Settings\Terri\Desktop\dds.com.part
2014-03-08 21:56 - 2014-02-22 14:05 - 00000000 ____D () C:\WINDOWS\pss
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-07 19:28 - 2011-12-09 20:19 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-07 14:59 - 2014-03-03 14:41 - 00000000 ____D () C:\Documents and Settings\Terri\Desktop\C21 Questions
2014-03-06 17:38 - 2012-11-11 13:59 - 00002515 _____ () C:\Documents and Settings\Kids\Desktop\Microsoft Office Word 2007.lnk
2014-03-03 22:17 - 2012-05-16 14:45 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-03 13:53 - 2011-02-08 14:06 - 00000000 ___RD () C:\Documents and Settings\Kids\Desktop\
2014-03-02 15:28 - 2011-04-11 12:11 - 00000572 _____ () C:\Documents and Settings\Kids\My Documents\spider.sav
2014-02-28 13:27 - 2014-02-03 12:38 - 00015774 _____ () C:\Documents and Settings\Terri\Desktop\Copy of 2014 Mileage Reimbursement Form.xlsx
2014-02-28 10:58 - 2011-01-29 11:12 - 00000000 ____D () C:\Documents and Settings\Kids
2014-02-25 21:59 - 2014-03-07 13:57 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-25 21:59 - 2014-03-07 13:57 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 17:08 - 2012-08-27 12:28 - 00000000 ____D () C:\Documents and Settings\Terri\My Documents\My Scans
2014-02-25 13:45 - 2012-08-27 12:20 - 00000000 ____D () C:\Documents and Settings\Terri\Application Data\Image Zone Express
2014-02-25 07:52 - 2011-02-10 15:36 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-23 16:12 - 2011-05-11 17:57 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-22 15:14 - 2014-02-22 15:14 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
2014-02-22 15:14 - 2014-02-22 15:14 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-22 15:14 - 2014-02-22 15:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
2014-02-22 15:13 - 2014-02-22 15:12 - 04319176 _____ (Piriform Ltd) C:\Documents and Settings\Terri\Desktop\dfsetup217.exe
2014-02-22 14:55 - 2014-02-22 14:55 - 00179660 _____ () C:\Documents and Settings\Terri\My Documents\cc_20140222_135504.reg
2014-02-22 14:53 - 2013-12-30 15:57 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-02-22 14:33 - 2011-01-10 23:22 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-22 14:29 - 2011-12-14 13:35 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-02-22 14:27 - 2011-12-14 13:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-22 14:01 - 2011-03-18 17:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-02-22 14:00 - 2011-03-18 17:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-22 13:55 - 2011-12-09 20:17 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-22 13:47 - 2011-05-02 15:25 - 00000000 ____D () C:\SiMPLE
2014-02-22 13:46 - 2011-07-10 11:08 - 00000000 ____D () C:\Program Files\
2014-02-15 23:18 - 2012-10-06 19:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-02-13 05:04 - 2011-01-04 08:14 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 04:40 - 2014-02-13 04:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 04:26 - 2013-08-15 03:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 04:14 - 2011-01-04 00:26 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 04:11 - 2011-01-04 00:41 - 00000000 ____D () C:\WINDOWS\ie8updates

Some content of TEMP:
====================
C:\Documents and Settings\Terri\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-03-2014 02
Ran by Terri at 2014-03-10 13:28:13
Running from C:\Documents and Settings\Terri\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5183 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.23-060209a1-030546C-Dell - )
avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 53.0.13.000 - Hewlett-Packard) Hidden
calibre (HKLM\...\{8732F9DD-0E44-4F8A-B460-A0B769AB1C13}) (Version: 0.8.57 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Destinations (Version: 53.0.13.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Enterprise (Version: 50.0.227.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hello World 0.1 (HKLM\...\Hello World_is1) (Version:  - Manning Inc)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HP Image Zone Express (HKLM\...\{FE64AE29-0883-4C70-8388-DC026019C900}) (Version: 1.5.1.29 - Hewlett-Packard)
HP Imaging Device Functions 5.3 (HKLM\...\HP Imaging Device Functions) (Version: 5.3 - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP PSC & Officejet 5.3.B Corporate Edition (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version:  - HP)
HP Software Update (Version: 3.0.5.001 - HEWLET~1|Hewlett-Packard) Hidden
HP Solution Center & Imaging Support Tools 5.3 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 5.3 - HP)
HPProductAssistant (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version:  - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Puzzle Collection Trial (HKLM\...\Puzzle Collection Trial) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 15.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)
Mozilla Firefox 4.0b10 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0b10 (x86 en-US)) (Version: 4.0b10 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Python 2.5 Numeric-24.2 (HKLM\...\Numeric-py2.5) (Version:  - )
Python 2.5 pygame-1.7.1release (HKLM\...\pygame-py2.5) (Version:  - )
Python 2.5 PythonCard-0.8.2 (HKLM\...\PythonCard-py2.5) (Version:  - )
Python 2.5.1 (HKLM\...\{31800004-6386-4999-A519-518F2D78D8F0}) (Version: 2.5.1150 - Martin v. Löwis)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Readme (Version: 50.0.206.000 - Hewlett-Packard) Hidden
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 5.2.0.0 - Hewlett-Packard) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
SolutionCenter (Version: 50.0.152.000 - Hewlett-Packard) Hidden
SPE (HKLM\...\Stani's Python Editor_is1) (Version:  - www.stani.be)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 53.0.13.000 - Hewlett-Packard) Hidden
TrayApp (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Trojan Remover 6.8.2 (HKLM\...\Trojan Remover_is1) (Version: 6.8.2 - Simply Super Software)
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 53.0.13.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
wxPython 2.8.7.1 (unicode) for Python 2.5 (HKLM\...\wxPython2.8-unicode-py25_is1) (Version: 2.8.7.1-unicode - Total Control Software)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2011-11-26 03:36 - 2011-11-29 21:48 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{338FA118-61CB-4358-BACB-E27A3D8B78DD}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F5830AFD-608B-436F-89E9-599054CE4DF1}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-03-10 11:29 - 2014-03-10 04:33 - 02282496 _____ () C:\Program Files\AVAST Software\Avast\defs\14031000\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-01 23:03 - 2010-08-04 15:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2011-12-01 23:03 - 2010-03-10 15:50 - 00204800 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2011-12-01 23:03 - 2011-01-04 16:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
2011-12-01 23:03 - 2009-08-28 17:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
2012-07-04 21:18 - 2012-09-17 18:28 - 02244064 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

==================== Faulty Device Manager Devices =============

Name: RADEON X300 SE 128MB HyperMemory Secondary
Description: RADEON X300 SE 128MB HyperMemory Secondary
Class Guid:  TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2014 00:20:10 PM) (Source: Application Error) (User: )
Description: Faulting application hmpsched.exe, version 3.7.0.5, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [hmpsched.exe!ws!]

Error: (03/10/2014 00:20:08 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (03/10/2014 11:16:53 AM) (Source: Application Error) (User: )
Description: Faulting application hmpsched.exe, version 3.7.0.5, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [hmpsched.exe!ws!]

Error: (03/10/2014 11:16:47 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (03/10/2014 09:45:46 AM) (Source: Application Error) (User: )
Description: Faulting application hmpsched.exe, version 3.7.0.5, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [hmpsched.exe!ws!]

Error: (03/10/2014 09:45:32 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (03/09/2014 08:20:51 AM) (Source: Application Error) (User: )
Description: Fault bucket -1945270247.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/09/2014 04:13:40 AM) (Source: Application Error) (User: )
Description: Faulting application wna1100.exe, version 1.1.4.27, faulting module wna1100.exe, version 1.1.4.27, fault address 0x00043dd3.
Processing media-specific event for [wna1100.exe!ws!]

Error: (03/08/2014 10:33:30 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (03/04/2014 10:11:51 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed


System errors:
=============
Error: (03/10/2014 00:21:07 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (03/10/2014 00:21:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (03/10/2014 00:21:07 PM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.

Error: (03/10/2014 00:21:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (03/10/2014 00:21:06 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (03/10/2014 00:21:05 PM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.

Error: (03/10/2014 00:20:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/10/2014 00:20:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1066

Error: (03/10/2014 00:20:42 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).

Error: (03/10/2014 00:20:02 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address E091F54CAC3E has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 2046.07 MB
Available physical RAM: 1412.54 MB
Total Pagefile: 3938.96 MB
Available Pagefile: 3427.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:54.25 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users