Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HD full MBAM Error Windows XP


  • This topic is locked This topic is locked
12 replies to this topic

#1 XPSystem

XPSystem

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 02 December 2014 - 11:01 AM

I have a Windows XP computer that the hard drive was filling up even after running CCleaner.  Ran Malwarebytes, but it required a new installation under a new folder.  Trojan found and removed.

 

However, I get the following message when trying to start Malwarebytes and a similiar message for Microsoft Security Essentials.

 

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe

 

C:\Program Files\Microsoft Security Client\msseces.exe

 

"Windows cannot open this program because it has been prevented by a software restriction policy.  For more information, open Event Viewer or contact your system administrator."

 

After some assistance cleaning this computer, I would like to remove MSE, since it is unsupported, and replace it with something else recommended here.  However, I am unable to access MSE at this time too.

 

Thanks in advance!

 

Here is the DDE log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.55.2
Run by Owner at 10:27:01 on 2014-12-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.602 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: F-Secure Anti-Virus 2007 7.01 *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
uInternet Connection Wizard,ShellNext = hxxp://us8.hpwis.com/
uProxyOverride = 192.168.0.1;systemcontrolcenter.com;localhost
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: Run = "c:\documents and settings\owner\application data\microsoft\windows\ieupdate\wsmanhttpconfig.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153861844546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181853118406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.392650463
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{E54B5D89-FC20-4385-97A0-21BFC992FBE9} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E54B5D89-FC20-4385-97A0-21BFC992FBE9} : DHCPNameServer = 208.180.42.68 208.180.42.100
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellObj Class - {F552DDE6-2090-4bf4-B924-6141E87789A5} - c:\program files\greatis\regrunsuite\RRShell.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\zjaov6tl.default\
FF - ExtSQL: !HIDDEN! 1970-05-29 00:24; {BF1630DC-C705-B275-3C9C-4CEAA449CD59}; -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 231960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-5 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-9-12 47640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 09438403;09438403; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-12-1 114904]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-8-27 24416]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2014-12-02 04:52:53 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-02 04:52:17 -------- d-----w- c:\documents and settings\all users\application data\RogueKiller
2014-12-02 01:49:33 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-02 01:49:32 -------- d-----w- c:\program files\VirusFix2
2014-12-01 12:25:21 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-12-01 12:25:15 -------- d-----w- c:\program files\VirusFix
2014-11-27 17:48:50 -------- d-----w- c:\program files\Western Digital
2014-11-27 00:57:59 -------- d-----w- c:\documents and settings\all users\application data\CuksUdkor
2014-11-26 22:30:23 -------- d-----w- c:\windows\system32\winrm
2014-11-26 22:30:19 -------- d-----w- c:\windows\system32\GroupPolicy
2014-11-26 22:26:12 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-11-24 23:42:48 -------- d-----w- c:\documents and settings\owner\application data\FrameworkUpdate
2014-11-22 16:50:07 3584 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2014-11-22 16:50:05 -------- d-----w- c:\program files\Windows Installer Clean Up
2014-11-22 16:26:01 -------- d-----w- c:\program files\WinDirStat
2014-11-22 15:12:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\Ojfjics
2014-11-22 15:11:23 -------- d-----w- c:\documents and settings\owner\local settings\application data\Ewftion
.
==================== Find3M  ====================
.
2014-12-01 17:53:10 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 16:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:28:31.95 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 07 December 2014 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 XPSystem

XPSystem
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 07 December 2014 - 03:12 PM

Dear Nasdaq,

 

Thank you for the assistance!

 

After running the two programs above, I tried to start MBAM.  This time MBAM started and requested to update the database, which it did.  Then it asked for permission to install the new version.  After clicking OK, now it has an installer error message which says "Please log in as an administrator to install the new version of Malwarebytes Anti-Malware."

 

I only attempted to see if the computer would give the same error and this is new.  The user I am logging on with had Administrator rights.

 

I attempted to start Microsoft Security Essentials (MSE), even though it is outdated and the plan is to remove it and it gave the same message as in the first post.  "Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator."

 

 

Ran programs per your instructions -

 

Log files from AdwCleaner:

 

# AdwCleaner v4.104 - Report created 07/12/2014 at 14:36:37
# Updated 05/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - XX
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner_4.104.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

[x] Not Disinfected : C:\Documents and Settings\Owner\Desktop\Master Forex VPS 3.lnk
[x] Not Disinfected : C:\Documents and Settings\Owner\Desktop\Master Forex VPS 4.lnk

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v31.0 (x86 en-US)

*************************

AdwCleaner[R2].txt - [769 octets] - [07/12/2014 14:23:52]
AdwCleaner[S1].txt - [863 octets] - [07/12/2014 14:36:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [922 octets] ##########

 

 

Log File from Farbar Recovery Scan Tool (32 bit):

Addition File is Attached

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by Owner (administrator) on XX on 07-12-2014 14:45:33
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & F7 USER & LogMeInRemoteUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
() C:\Program Files\Softex\OmniPass\omniServ.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Softex\OmniPass\OPXPApp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2007-04-17] (LogMeIn, Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\OPXPGina: C:\Program Files\Softex\OmniPass\opxpgina.dll ()
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\...\Policies\Explorer: [Run] "C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\IEUpdate\wsmanhttpconfig.exe"
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-27] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?complete=0&hl=en
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> DefaultScope {7C60FB52-F81E-41CD-ABDA-1B18151E668D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> {7C60FB52-F81E-41CD-ABDA-1B18151E668D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153861844546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181853118406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37871.392650463
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
ShellExecuteHooks: ShellObj Class - {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll [335943 2009-04-06] (Greatis Software, LLC)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
Tcpip\..\Interfaces\{E54B5D89-FC20-4385-97A0-21BFC992FBE9}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zjaov6tl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.10.835 -> C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.1136 -> C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF Plugin: @real.com/nprpjplug;version=6.0.11.847 -> C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2770722059-3209407230-421947889-1003: @macromedia.com/FlashPlayer9 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin HKU\S-1-5-21-2770722059-3209407230-421947889-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: CddbPLGenRank Class - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zjaov6tl.default\Extensions\{BF1630DC-C705-B275-3C9C-4CEAA449CD59} [2014-11-22]
FF Extension: Printing Helper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zjaov6tl.default\Extensions\mwdhlnjiuz@mwdhlnjiuz.org.xpi [2004-08-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-09]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [69632 2006-08-03] (Adobe Systems) [File not signed]
S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2008-04-13] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation) [File not signed]
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 Fax; C:\WINDOWS\system32\fxssvc.exe [267776 2008-04-13] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\System32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation) [File not signed]
R2 MSFtpsvc; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\System32\nvsvc32.exe [65536 2003-03-03] (NVIDIA Corporation) [File not signed]
R2 omniserv; C:\Program Files\Softex\OmniPass\Omniserv.exe [68704 2003-02-21] () [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 SMTPSVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [73216 2008-04-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation) [File not signed]
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-13] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS\System32\advapi32.dll [617472 2009-02-09] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.) [File not signed]
R0 agp440; C:\WINDOWS\System32\DRIVERS\agp440.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ALCXSENS; C:\WINDOWS\System32\drivers\ALCXSENS.SYS [391424 2004-02-17] (Sensaura Ltd) [File not signed]
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.) [File not signed]
S1 AmdK7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [37760 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\DRIVERS\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\system32\Drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\DRIVERS\drvmcdb.sys [82784 2002-10-21] (VERITAS Software, Inc.) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [141824 2003-02-22] (Promise Technology, Inc.) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-14] (HP) [File not signed]
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-14] (HP) [File not signed]
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-14] (HP) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ip6fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [624369 2003-03-08] (LT) [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-01] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28276 2003-04-10] (MusicMatch, Inc.) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation) [File not signed]
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13568 2002-09-06] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\system32\Drivers\PCIIde.sys [3328 2004-08-04] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2011-02-21] (Padus, Inc.) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Processor; C:\WINDOWS\System32\DRIVERS\processr.sys [35840 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ps2; C:\WINDOWS\System32\DRIVERS\PS2.sys [19072 2005-12-12] (Hewlett-Packard Company) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
S3 RegGuard; C:\WINDOWS\system32\Drivers\regguard.sys [24416 2014-12-01] (Greatis Software)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) [File not signed]
S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [166912 2004-08-03] (S3 Graphics, Inc.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 Serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [260736 2003-02-26] (Silicon Integrated Systems Corporation) [File not signed]
R0 SISAGP; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [30848 2002-12-25] (Silicon Integrated Systems Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ViaIde; C:\WINDOWS\System32\DRIVERS\viaide.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [112288 2003-03-14] (Intel Corporation) [File not signed]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [78496 2003-03-14] (Intel Corporation) [File not signed]
S3 09438403; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
S0 viaagp1; System32\DRIVERS\viaagp1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 14:45 - 2014-12-07 14:46 - 00038558 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-12-07 14:44 - 2014-12-07 14:45 - 00000000 ___DC () C:\FRST
2014-12-07 14:44 - 2014-12-07 14:44 - 01111040 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-12-07 14:23 - 2014-12-07 14:36 - 00000000 ___DC () C:\AdwCleaner
2014-12-07 14:23 - 2014-12-07 14:23 - 02153472 _____ () C:\Documents and Settings\Owner\Desktop\adwcleaner_4.104.exe
2014-12-07 14:23 - 2014-12-07 14:23 - 00000055 ____C () C:\AdwCleanerDebug.txt
2014-12-02 10:28 - 2014-12-02 10:28 - 00022497 _____ () C:\Documents and Settings\Owner\Desktop\attach.txt
2014-12-02 10:28 - 2014-12-02 10:28 - 00009555 _____ () C:\Documents and Settings\Owner\Desktop\dds.txt
2014-12-02 10:20 - 2014-12-06 16:58 - 00002521 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Office Outlook 2003.lnk
2014-12-02 09:11 - 2014-12-07 14:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-12-02 09:11 - 2014-12-02 09:11 - 00023658 ____C () C:\ComboFix.txt
2014-12-02 09:11 - 2014-12-02 09:11 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-02 09:11 - 2014-12-02 09:11 - 00000000 ____D () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\temp
2014-12-02 09:11 - 2014-12-02 09:11 - 00000000 ____D () C:\Documents and Settings\F7 USER\Local Settings\temp
2014-12-02 09:11 - 2014-12-02 09:11 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-12-02 09:11 - 2014-12-02 09:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-12-02 01:14 - 2014-12-02 01:14 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
2014-12-02 00:47 - 2014-12-02 00:47 - 00000748 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.lnk
2014-12-01 23:52 - 2014-12-01 23:52 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-01 23:52 - 2014-12-01 23:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-01 22:07 - 2014-12-01 20:56 - 15196248 _____ () C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
2014-12-01 22:05 - 2014-12-02 10:43 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Malware Software New
2014-12-01 21:44 - 2014-12-01 23:28 - 2911318110 ____C () C:\avenger.txt
2014-12-01 20:50 - 2014-12-01 20:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VirusFix2
2014-12-01 20:49 - 2014-12-01 20:49 - 00000000 ____D () C:\Program Files\VirusFix2
2014-12-01 20:49 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-01 12:36 - 2014-12-01 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-12-01 07:25 - 2014-12-01 20:51 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-12-01 07:25 - 2014-12-01 07:25 - 00000617 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2014-12-01 07:25 - 2014-12-01 07:25 - 00000000 ____D () C:\Program Files\VirusFix
2014-12-01 07:25 - 2014-12-01 07:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Virus Fix
2014-11-29 08:44 - 2014-11-29 10:23 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-28 14:07 - 2014-11-29 08:03 - 00000000 ____C () C:\d3d9caps.dat
2014-11-27 12:48 - 2014-11-27 12:48 - 00000000 ____D () C:\Program Files\Western Digital
2014-11-27 12:40 - 2014-12-07 14:37 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-11-27 12:40 - 2014-12-07 14:37 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-11-26 19:57 - 2014-11-26 19:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CuksUdkor
2014-11-26 17:35 - 2014-11-26 18:23 - 00196608 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-11-26 17:35 - 2014-11-26 17:35 - 00065536 _____ () C:\WINDOWS\system32\config\Microsof.evt
2014-11-26 17:31 - 2014-11-26 17:31 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-11-26 17:30 - 2014-11-26 17:30 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-11-26 17:30 - 2014-11-26 17:30 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-26 17:26 - 2014-11-26 17:33 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-11-24 18:43 - 2014-11-27 12:21 - 00000520 _____ () C:\Documents and Settings\All Users\Application Data\@system.temp
2014-11-24 18:43 - 2014-11-27 12:21 - 00000256 ____H () C:\Documents and Settings\All Users\Application Data\@system3.att
2014-11-24 18:42 - 2014-11-24 18:42 - 00000480 ____H () C:\Documents and Settings\Owner\Application Data\麽鎒駓覜
2014-11-24 18:42 - 2014-11-24 18:42 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\FrameworkUpdate
2014-11-22 11:50 - 2014-11-22 11:51 - 00002327 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Windows Install Clean Up.lnk
2014-11-22 11:50 - 2014-11-22 11:50 - 00000000 ____D () C:\Program Files\Windows Installer Clean Up
2014-11-22 11:26 - 2014-11-22 11:26 - 00000717 _____ () C:\Documents and Settings\Owner\Desktop\WinDirStat.lnk
2014-11-22 11:26 - 2014-11-22 11:26 - 00000000 ____D () C:\Program Files\WinDirStat
2014-11-22 11:26 - 2014-11-22 11:26 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\WinDirStat
2014-11-22 10:12 - 2014-11-22 10:13 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Ojfjics
2014-11-22 10:11 - 2014-11-26 05:11 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Ewftion

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 14:47 - 2010-11-13 00:53 - 01960839 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-07 14:42 - 2003-04-09 17:06 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-12-07 14:39 - 2014-04-09 10:13 - 00000746 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-12-07 14:39 - 2003-09-07 10:56 - 00000189 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-12-07 14:39 - 2003-04-10 00:05 - 00012670 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-07 14:39 - 2003-04-09 17:13 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-07 14:38 - 2012-08-28 00:34 - 00000372 _____ () C:\WINDOWS\system32\PARTIZAN.TXT
2014-12-07 14:38 - 2008-07-09 11:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-12-07 14:38 - 2003-04-10 00:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-12-07 14:38 - 2003-04-10 00:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-07 14:38 - 2003-04-09 17:13 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-12-07 14:37 - 2007-02-14 22:06 - 00065536 _____ () C:\WINDOWS\system32\config\Internet.evt
2014-12-07 14:37 - 2003-04-10 00:22 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-07 14:37 - 2003-04-10 00:22 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-12-03 07:01 - 2003-04-10 00:22 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-12-02 12:47 - 2012-05-12 12:00 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-02 12:47 - 2012-05-12 12:00 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 12:45 - 2003-04-10 00:22 - 00000000 ____D () C:\Documents and Settings\Owner
2014-12-02 10:20 - 2007-06-14 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-12-02 09:11 - 2010-11-12 23:54 - 00000000 ____D () C:\Qoobox
2014-12-02 09:02 - 2003-04-10 00:05 - 00000227 ____C () C:\WINDOWS\system.ini
2014-12-02 01:44 - 2003-04-10 01:52 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Adobe
2014-12-01 21:44 - 2011-05-24 18:26 - 00000000 ____D () C:\WINDOWS\Sun
2014-12-01 20:50 - 2012-08-15 22:43 - 00000676 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-01 20:49 - 2009-04-18 14:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-12-01 12:57 - 2012-08-27 23:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RegRun
2014-12-01 12:53 - 2012-08-27 23:50 - 00024416 _____ (Greatis Software) C:\WINDOWS\system32\Drivers\regguard.sys
2014-12-01 12:32 - 2003-09-07 11:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallQ328310$
2014-12-01 07:20 - 2009-04-18 14:41 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Malware Software
2014-11-29 10:10 - 2006-07-25 09:30 - 00000000 ____D () C:\WINDOWS\system32\Logfiles
2014-11-27 13:42 - 2003-04-10 02:03 - 00000000 ____D () C:\Program Files\Easy Internet signup
2014-11-27 13:40 - 2003-09-07 17:40 - 00000074 _____ () C:\WINDOWS\eFaxView.ini
2014-11-27 13:36 - 2010-07-06 19:48 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Angelic Protection
2014-11-27 04:34 - 2003-04-10 01:36 - 00000000 ____D () C:\Program Files\Real
2014-11-26 18:18 - 2003-04-09 17:06 - 00000000 ____D () C:\WINDOWS\security
2014-11-26 18:01 - 2003-04-10 02:48 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-11-26 17:58 - 2003-06-04 19:47 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-11-26 17:33 - 2003-04-09 17:06 - 00000000 ____D () C:\WINDOWS\Help
2014-11-26 17:29 - 2003-04-09 17:10 - 00697974 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-22 11:49 - 2009-12-15 16:16 - 00000000 ____D () C:\Program Files\MSECache
2014-11-13 09:02 - 2013-12-15 09:14 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 07 December 2014 - 04:49 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?complete=0&hl=en
SearchScopes: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
S3 09438403; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
S0 viaagp1; System32\DRIVERS\viaagp1.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 XPSystem

XPSystem
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 09 December 2014 - 01:34 PM

Nasdaq -

 

Both MBAM and MSE will run now.  MSE is turned off and I did not run MBAM, other than seeing if it would open.  No error messages on either program.

 

Once we are finished, I want some assistance in removing MSE and replacing it with something recommended from you.

 

Just advise what you want done next.

 

Thanks for the help!

 

No errors running FRST or SecurityCheck.

 

FRST fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-12-2014 01
Ran by Owner at 2014-12-09 11:15:28 Run:1
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & F7 USER & LogMeInRemoteUser & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\f-secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\NetworkService\Local Settings\Application Data\F-Secure <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?complete=0&hl=en
SearchScopes: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-2770722059-3209407230-421947889-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
S3 09438403; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 LMIRfsClientNP; No ImagePath
S0 viaagp1; System32\DRIVERS\viaagp1.sys [X]

End
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2770722059-3209407230-421947889-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-2770722059-3209407230-421947889-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKU\S-1-5-21-2770722059-3209407230-421947889-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} => value deleted successfully.
"HKCR\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" => Key not found.
09438403 => Service deleted successfully.
catchme => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
viaagp1 => Service deleted successfully.

==== End of Fixlog ====

 

 

SecurityCheck checkup log:

 

 Results of screen317's Security Check version 0.99.91 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 JavaFX 2.1.1   
 Java 7 Update 55 
 Java version 32-bit out of Date!
  Adobe Flash Player  11.9.900.117 Flash Player out of Date! 
 Mozilla Firefox 31.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 43% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 09 December 2014 - 02:39 PM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

JavaFX 2.1.1
Java 7 Update 55


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Our recommendations for an AV program is included in the link above.

#7 XPSystem

XPSystem
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 10 December 2014 - 11:01 AM

Nasdaq -

 

I have completed those updates.

 

My audio is missing from the computer.  Regardless of the source, i.e. website (webstream), local audio, CD or audio on the computer there is no audio out.  Speakers are fine.  Mixer is not muted.

 

Any thoughts on the problem with this?

 

Also, is there an uninstall guide for MSE as I understand it is difficult to fully remove.

 

Thanks!

 

Looks like we are getting there.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 10 December 2014 - 02:25 PM

Open the TaskManager and check under the Services is this service is enabled.

R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-13]


Also, is there an uninstall guide for MSE as I understand it is difficult to fully remove.

If you install a new AV it may work with it and will not interfer.

Use the Add/Remove programs to remove it.
It's a stand alone program.

#9 XPSystem

XPSystem
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 11 December 2014 - 10:38 AM

Nasdaq -

 

I am using Windows XP and the Windows Task Manager does not list this service and does not list services this way.  The processes tab does not list this and does not provide a path for anything listed in the window.  I am not sure on Windows XP if you need another place looked at.

 

Under Administrative Tools in the Windows XP control panel there is also services listed, but it looks much the same as Windows Task Manager.

 

Can you give me instructions on where to find the services listing for Windows XP?

 

Still no audio, even though I know the source is playing it.

 

Thanks!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 11 December 2014 - 11:38 AM

Sorry about that.

Run MSCONFIG

Refer to this page.
http://netsquirrel.com/msconfig/msconfig_xp.html

Look at the Services and Start up items.

any luck

#11 XPSystem

XPSystem
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 15 December 2014 - 05:50 PM

Nasdaq -

 

I did not have any luck using MSCONFIG, but I did locate a Microsoft Fix It for no audio on a Windows XP Computer.

 

I ran this fix it and it found a couple of problems and I selected the Fix mode.

 

The audio works fine now.

 

For your information, this Fix It for no audio on a Windows Computer is found at the following link:

 

http://windows.microsoft.com/en-us/windows/no-sound-help#no-sound=windows-xp&v1h=win8tab1&v2h=win7tab1&v3h=winvistatab1&v4h=winxptab1

 

This might be helpful to someone having the same problem.

 

I installed BitDefender after removing Microsoft Security Essentials as MSE is no longer supported on a Windows XP machine.

 

It appears now everything is working fine!

 

Thanks for all the help.  I really appreciate it.

 

This is a great forum.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 16 December 2014 - 09:02 AM

Glad we could help.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,736 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:27 PM

Posted 22 December 2014 - 11:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users