Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows cannot open this program because it has been prevented by a software...


  • This topic is locked This topic is locked
12 replies to this topic

#1 mary9915

mary9915

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 March 2015 - 11:55 AM

I am trying to clean a friends computer.  It is a Windows XP machine running sp 3.  AVG is installed and should be running on it.  It doesn't start automatically and when I try to manually start it I get the error message "Windows cannot open this program because it has been prevented by a software restriction policy..."

 

Could you please help me fix this?  I do not know how to remove it.  Thanks!  I have copied the contents of the FRST.txt log below and will attach the addition.txt file.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on STEVESTROMSNESS on 11-03-2015 11:45:18
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available profiles: City Desk #2 & admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oki Data Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\WINDOWS\system32\NILaunch.exe
() C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
() C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
() C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
HKLM\...\Run: [Net-It Launcher] => C:\WINDOWS\system32\NILaunch.exe [24576 1998-02-05] ()
HKLM\...\Run: [IndexTray] => C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [106496 2003-01-22] ()
HKLM\...\Run: [SharpTray] => C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [28672 2003-01-22] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Network Scanner Tool.lnk
ShortcutTarget: Start Network Scanner Tool.lnk -> C:\Program Files\Sharp\Sharpdesk\sdFTP.exe (SHARP CORPORATION)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> {034FA70A-C432-4C1E-8FB7-4D4E94E4E4E3} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll [2003-01-22] ()
Tcpip\..\Interfaces\{F1939F4A-1E0D-4418-915B-57F9BC5FFF5E}: [NameServer] 205.171.3.65,205.171.2.65
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-12] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-12-27]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2012-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-05]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-01] (Oki Data Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [114904 2015-03-11] (Malwarebytes Corporation)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 staccel; C:\WINDOWS\System32\DRIVERS\staccel.sys [32864 2011-11-04] (ShoreTel, Inc)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 11:44 - 2015-03-11 11:45 - 00000000 ____D () C:\FRST
2015-03-11 11:19 - 2015-03-11 11:25 - 00006096 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\AVG2014
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Sun
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Sun
2015-03-10 16:20 - 2015-03-10 16:20 - 00000000 __SHD () C:\Documents and Settings\admin\PrivacIE
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2015
2015-03-10 16:18 - 2015-03-11 10:10 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2014
2015-03-10 16:18 - 2015-03-10 16:18 - 00000000 __SHD () C:\Documents and Settings\admin\IETldCache
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 11:46 - 2010-05-25 07:32 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{4462E783-4313-479E-9829-BE2BD83D7ED1}.job
2015-03-11 11:46 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Temp
2015-03-11 11:42 - 2012-08-23 08:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 11:36 - 2012-08-23 08:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-11 11:27 - 2007-11-12 16:40 - 00000000 ____D () C:\MDT
2015-03-11 11:27 - 2007-10-29 23:33 - 00064080 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-03-11 11:27 - 2004-08-11 18:13 - 01483898 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-11 11:27 - 2004-08-11 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-11 11:26 - 2014-04-10 07:20 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-11 11:26 - 2013-06-02 20:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-11 11:26 - 2012-08-23 08:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 11:26 - 2004-08-11 18:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-11 11:25 - 2008-01-03 12:37 - 00000278 ___SH () C:\Documents and Settings\admin\ntuser.ini
2015-03-11 11:25 - 2004-08-11 18:20 - 00032076 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-11 11:14 - 2007-11-29 12:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-11 11:09 - 2013-10-09 03:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-03-11 11:08 - 2011-02-24 15:01 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-03-11 10:17 - 2014-06-17 14:28 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 10:16 - 2014-06-17 14:28 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 10:16 - 2014-06-17 14:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 10:16 - 2014-06-17 14:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-11 09:41 - 2010-10-20 07:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-11 06:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2015-03-11 00:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2015-03-10 18:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2015-03-10 16:20 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin
2015-03-10 16:18 - 2008-01-03 12:37 - 00000788 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Windows Media Player.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000738 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Outlook Express.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Google
2015-03-10 16:18 - 2004-08-11 18:11 - 00055760 _____ () C:\WINDOWS\wmsetup.log
2015-03-10 16:06 - 2004-08-11 18:07 - 00554810 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 16:05 - 2011-11-28 10:46 - 00000000 ____D () C:\Documents and Settings\Steve Stromsness\My Documents\Outlook Files
2015-03-10 16:03 - 2012-05-16 11:35 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-10 15:29 - 2007-11-07 17:48 - 00000000 ____D () C:\Documents and Settings\City Desk #2
2015-03-10 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2015-03-08 15:00 - 2014-04-10 07:20 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-08 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-02-27 16:10 - 2007-12-07 15:53 - 00017468 _____ () C:\WINDOWS\system32\OPC5150N.cah
2015-02-19 21:37 - 2014-02-10 12:20 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-18 09:02 - 2012-04-11 07:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-18 09:02 - 2011-05-27 07:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-12 04:05 - 2004-08-11 18:21 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-11 04:11 - 2013-08-14 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 04:03 - 2011-02-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-11 04:03 - 2007-11-27 15:14 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 04:03 - 2004-08-11 18:00 - 00000603 _____ () C:\WINDOWS\win.ini
 
==================== Files in the root of some directories =======
 
2000-08-14 17:28 - 2000-08-14 17:28 - 0464296 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7.ocx
2000-08-14 19:28 - 2000-08-14 19:28 - 0419240 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7L.ocx
 
Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\dotnetfx.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv_799b9130.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 12:21 PM

:welcome:

Hello mary9915,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 March 2015 - 02:39 PM

Hi Jo,

 

Thanks for the quick reply!  

 

Here is the notepad document for the SecurityCheck executable:

 

 Results of screen317's Security Check version 0.99.97  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 60  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 11.6.602.180 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (3.6.3) Firefox out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
***************
 
I ran the Malware Anti-Rootkit.  I got the message:
 
"Scan Finished - No Malware Found!"
 
*****************
 
Next up, AdwCleaner.exe.  Here is a copy of the adwCleaner.txt file. 
 
Note:  I did not run the cleaning button.  Just created the logfile and exited.  There is nothing I can see that I want to keep.
 
 
 

# AdwCleaner v4.112 - Logfile created 11/03/2015 at 14:26:00
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - STEVESTROMSNESS
# Running from : C:\Documents and Settings\TEMP\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found : C:\Program Files\AVG SafeGuard toolbar
Folder Found : C:\Program Files\AVG\AVG10\Toolbar
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v40.0.2214.115
 
*************************
 
AdwCleaner[R0].txt - [2563 bytes] - [11/03/2015 14:26:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2622 bytes] ##########
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 11 March 2015 - 03:22 PM

Hello mary9915,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 11 March 2015 - 03:51 PM

Hello again,

 

Here is a copy of the adwCleaner(s0).txt file:

 

# AdwCleaner v4.112 - Logfile created 11/03/2015 at 15:30:30
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - STEVESTROMSNESS
# Running from : C:\Documents and Settings\TEMP\My Documents\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v40.0.2214.115
 
 
*************************
 
AdwCleaner[R0].txt - [2701 bytes] - [11/03/2015 14:26:00]
AdwCleaner[R1].txt - [2760 bytes] - [11/03/2015 15:25:59]
AdwCleaner[S0].txt - [2735 bytes] - [11/03/2015 15:30:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2794  bytes] ##########
 
 
 
********************************************************
 
Next up JRT.exe.  Here is that text file:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Microsoft Windows XP x86
Ran by admin on Wed 03/11/2015 at 15:41:47.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\wininit.ini"
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/11/2015 at 15:46:54.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
*************************************************
 
I will post these 2 now.  I will post the FRST log tomorrow.
 
Thanks again!


#6 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 March 2015 - 11:35 AM

Here is the result of the Farbar scan (I did not do the fix, just the scan). 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on STEVESTROMSNESS on 12-03-2015 11:29:14
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available profiles: City Desk #2 & admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oki Data Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\WINDOWS\system32\NILaunch.exe
() C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
() C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
() C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
HKLM\...\Run: [Net-It Launcher] => C:\WINDOWS\system32\NILaunch.exe [24576 1998-02-05] ()
HKLM\...\Run: [IndexTray] => C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [106496 2003-01-22] ()
HKLM\...\Run: [SharpTray] => C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [28672 2003-01-22] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Network Scanner Tool.lnk
ShortcutTarget: Start Network Scanner Tool.lnk -> C:\Program Files\Sharp\Sharpdesk\sdFTP.exe (SHARP CORPORATION)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> {034FA70A-C432-4C1E-8FB7-4D4E94E4E4E3} URL =
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll [2003-01-22] ()
Tcpip\..\Interfaces\{F1939F4A-1E0D-4418-915B-57F9BC5FFF5E}: [NameServer] 205.171.3.65,205.171.2.65

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-12] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-12-27]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2012-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-05]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-01] (Oki Data Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 staccel; C:\WINDOWS\System32\DRIVERS\staccel.sys [32864 2011-11-04] (ShoreTel, Inc)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:27 - 2015-03-12 11:27 - 00000271 _____ () C:\Documents and Settings\admin\Desktop\Bleeping Link.url
2015-03-11 15:46 - 2015-03-11 15:46 - 00000962 _____ () C:\Documents and Settings\admin\Desktop\JRT.txt
2015-03-11 15:40 - 2015-03-11 15:40 - 00015560 _____ () C:\Documents and Settings\admin\Desktop\download.htm
2015-03-11 14:25 - 2015-03-11 15:30 - 00000000 ____D () C:\AdwCleaner
2015-03-11 13:44 - 2015-03-11 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-03-11 11:44 - 2015-03-12 11:29 - 00000000 ____D () C:\FRST
2015-03-11 11:19 - 2015-03-11 11:25 - 00006096 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\AVG2014
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Sun
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Sun
2015-03-10 16:20 - 2015-03-10 16:20 - 00000000 __SHD () C:\Documents and Settings\admin\PrivacIE
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2015
2015-03-10 16:18 - 2015-03-11 10:10 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2014
2015-03-10 16:18 - 2015-03-10 16:18 - 00000000 __SHD () C:\Documents and Settings\admin\IETldCache
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:29 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Temp
2015-03-12 11:28 - 2011-02-24 15:01 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-03-12 11:28 - 2010-03-31 14:18 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-12 11:28 - 2008-01-03 12:37 - 00000278 ___SH () C:\Documents and Settings\admin\ntuser.ini
2015-03-12 11:28 - 2004-08-11 18:20 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-12 11:27 - 2008-01-29 12:36 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Adobe
2015-03-12 11:26 - 2010-05-25 07:32 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{4462E783-4313-479E-9829-BE2BD83D7ED1}.job
2015-03-12 11:26 - 2007-11-12 16:40 - 00000000 ____D () C:\MDT
2015-03-12 11:26 - 2004-08-11 18:13 - 01547200 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-12 11:26 - 2004-08-11 18:11 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-12 11:26 - 2004-08-11 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-12 11:24 - 2004-08-11 18:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 10:42 - 2012-08-23 08:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-12 10:36 - 2012-08-23 08:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 09:51 - 2010-10-20 07:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-12 06:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2015-03-12 03:14 - 2011-02-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-12 03:13 - 2004-08-11 18:00 - 00000603 _____ () C:\WINDOWS\win.ini
2015-03-12 03:02 - 2013-08-14 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 03:02 - 2007-11-27 15:14 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-12 00:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2015-03-11 21:36 - 2012-08-23 08:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 18:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2015-03-11 13:44 - 2014-06-17 14:28 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 13:42 - 2014-06-17 14:27 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-11 12:59 - 2012-03-28 11:30 - 00000000 ____D () C:\Documents and Settings\Steve Stromsness\My Documents\Stanley Vidmar Stacker Crane
2015-03-11 12:32 - 2004-08-11 18:11 - 00056403 _____ () C:\WINDOWS\wmsetup.log
2015-03-11 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2015-03-11 11:27 - 2007-10-29 23:33 - 00064080 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-03-11 11:26 - 2014-04-10 07:20 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-11 11:26 - 2013-06-02 20:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-11 11:14 - 2007-11-29 12:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-11 11:09 - 2013-10-09 03:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-03-11 10:16 - 2014-06-17 14:28 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 10:16 - 2014-06-17 14:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 10:16 - 2014-06-17 14:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-10 16:20 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin
2015-03-10 16:18 - 2008-01-03 12:37 - 00000788 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Windows Media Player.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000738 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Outlook Express.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Google
2015-03-10 16:06 - 2004-08-11 18:07 - 00554810 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 16:05 - 2011-11-28 10:46 - 00000000 ____D () C:\Documents and Settings\Steve Stromsness\My Documents\Outlook Files
2015-03-10 16:03 - 2012-05-16 11:35 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-10 15:29 - 2007-11-07 17:48 - 00000000 ____D () C:\Documents and Settings\City Desk #2
2015-03-08 15:00 - 2014-04-10 07:20 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-03-08 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-02-27 16:10 - 2007-12-07 15:53 - 00017468 _____ () C:\WINDOWS\system32\OPC5150N.cah
2015-02-19 21:37 - 2014-02-10 12:20 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-18 09:02 - 2012-04-11 07:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-18 09:02 - 2011-05-27 07:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-12 04:05 - 2004-08-11 18:21 - 00000000 ____D () C:\WINDOWS\Microsoft.NET

==================== Files in the root of some directories =======

2000-08-14 17:28 - 2000-08-14 17:28 - 0464296 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7.ocx
2000-08-14 19:28 - 2000-08-14 19:28 - 0419240 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7L.ocx

Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\dotnetfx.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv_799b9130.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\UNINSTALL.EXE

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

*************************************************

 

The computer is responsive, but I am still not able to run AVG.  I get the same error message "Windows cannot open this program because it has been prevented by a software restriction policy."



#7 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 12 March 2015 - 11:55 AM

Hello mary9915,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
You used:
Running from C:\Documents and Settings\admin\My Documents\Downloads
 
start
EmptyTemp:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 March 2015 - 12:28 PM

I created the file in notepad and saved it.

I ran FRST and did fix. I got a message that Windows closed the program unexpectededly. I can attach a copy of that word document if you'd like.

Here is copy of the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by admin at 2015-03-12 12:07:21 Run:1
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available profiles: City Desk #2 & admin & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
EmptyTemp:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
end


*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => Key deleted successfully.


I then reran FRST and did a scan. Here is the FRST.txt file from that:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on STEVESTROMSNESS on 12-03-2015 12:18:38
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available profiles: City Desk #2 & admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\logonui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oki Data Corporation) C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\WINDOWS\system32\NILaunch.exe
() C:\Program Files\Sharp\Sharpdesk\IndexTray.exe
() C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
() C:\PROGRA~1\Sharp\SHARPD~1\Indexer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SHARP CORPORATION) C:\Program Files\Sharp\Sharpdesk\sdFTP.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\logon.scr
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\msagent\agentsvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
HKLM\...\Run: [Net-It Launcher] => C:\WINDOWS\system32\NILaunch.exe [24576 1998-02-05] ()
HKLM\...\Run: [IndexTray] => C:\Program Files\Sharp\Sharpdesk\IndexTray.exe [106496 2003-01-22] ()
HKLM\...\Run: [SharpTray] => C:\Program Files\Sharp\Sharpdesk\SharpTray.exe [28672 2003-01-22] ()
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{91140000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start Network Scanner Tool.lnk
ShortcutTarget: Start Network Scanner Tool.lnk -> C:\Program Files\Sharp\Sharpdesk\sdFTP.exe (SHARP CORPORATION)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071030
HKU\S-1-5-21-1189176069-3049997921-698496590-1007\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> {034FA70A-C432-4C1E-8FB7-4D4E94E4E4E3} URL =
SearchScopes: HKU\S-1-5-21-1189176069-3049997921-698496590-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_60-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll [2003-01-22] ()
Tcpip\..\Interfaces\{F1939F4A-1E0D-4418-915B-57F9BC5FFF5E}: [NameServer] 205.171.3.65,205.171.2.65

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-12] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-04-01] (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-12-27]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2010-04-01]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2012-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-05]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-11]
CHR Extension: (Google Docs) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-11]
CHR Extension: (Google Drive) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-11]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-11]
CHR Extension: (Google Search) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-11]
CHR Extension: (Google Sheets) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-11]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-11]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 DCSLoader; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE [24576 2004-03-01] (Oki Data Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
R1 staccel; C:\WINDOWS\System32\DRIVERS\staccel.sys [32864 2011-11-04] (ShoreTel, Inc)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:27 - 2015-03-12 11:27 - 00000271 _____ () C:\Documents and Settings\admin\Desktop\Bleeping Link.url
2015-03-11 15:46 - 2015-03-11 15:46 - 00000962 _____ () C:\Documents and Settings\admin\Desktop\JRT.txt
2015-03-11 15:40 - 2015-03-11 15:40 - 00015560 _____ () C:\Documents and Settings\admin\Desktop\download.htm
2015-03-11 14:25 - 2015-03-11 15:30 - 00000000 ____D () C:\AdwCleaner
2015-03-11 13:44 - 2015-03-11 14:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-03-11 11:44 - 2015-03-12 12:18 - 00000000 ____D () C:\FRST
2015-03-11 11:19 - 2015-03-11 11:25 - 00006096 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-03-11 10:09 - 2015-03-11 10:09 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\AVG2014
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Sun
2015-03-10 16:24 - 2015-03-10 16:24 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Sun
2015-03-10 16:20 - 2015-03-10 16:20 - 00000000 __SHD () C:\Documents and Settings\admin\PrivacIE
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
2015-03-10 16:19 - 2015-03-10 16:19 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2015
2015-03-10 16:18 - 2015-03-11 10:10 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Avg2014
2015-03-10 16:18 - 2015-03-10 16:18 - 00000000 __SHD () C:\Documents and Settings\admin\IETldCache
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FM20.DLL

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 12:18 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Temp
2015-03-12 12:16 - 2010-05-25 07:32 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{4462E783-4313-479E-9829-BE2BD83D7ED1}.job
2015-03-12 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2015-03-12 12:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2015-03-12 12:09 - 2009-12-31 15:05 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-03-12 12:07 - 2004-08-11 18:20 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-03-12 12:07 - 2004-08-11 18:07 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2015-03-12 11:42 - 2012-08-23 08:12 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-12 11:36 - 2012-08-23 08:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-12 11:36 - 2004-08-11 18:20 - 00032608 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-12 11:31 - 2010-03-31 14:18 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-03-12 11:28 - 2011-02-24 15:01 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-03-12 11:28 - 2008-01-03 12:37 - 00000278 ___SH () C:\Documents and Settings\admin\ntuser.ini
2015-03-12 11:27 - 2008-01-29 12:36 - 00000000 ____D () C:\Documents and Settings\admin\Application Data\Adobe
2015-03-12 11:26 - 2007-11-12 16:40 - 00000000 ____D () C:\MDT
2015-03-12 11:26 - 2004-08-11 18:13 - 01547200 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-12 11:26 - 2004-08-11 18:11 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-03-12 11:26 - 2004-08-11 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-12 11:24 - 2004-08-11 18:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 09:51 - 2010-10-20 07:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-12 06:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2015-03-12 03:14 - 2011-02-24 14:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-03-12 03:13 - 2004-08-11 18:00 - 00000603 _____ () C:\WINDOWS\win.ini
2015-03-12 03:12 - 2013-08-14 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-12 03:02 - 2007-11-27 15:14 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-12 00:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2015-03-11 21:36 - 2012-08-23 08:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 18:10 - 2009-12-31 13:11 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2015-03-11 13:44 - 2014-06-17 14:28 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 13:42 - 2014-06-17 14:27 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-11 12:59 - 2012-03-28 11:30 - 00000000 ____D () C:\Documents and Settings\Steve Stromsness\My Documents\Stanley Vidmar Stacker Crane
2015-03-11 12:32 - 2004-08-11 18:11 - 00056403 _____ () C:\WINDOWS\wmsetup.log
2015-03-11 11:27 - 2007-10-29 23:33 - 00064080 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-03-11 11:26 - 2014-04-10 07:20 - 00000236 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-11 11:26 - 2013-06-02 20:44 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-11 11:14 - 2007-11-29 12:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-03-11 11:09 - 2013-10-09 03:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-03-11 10:16 - 2014-06-17 14:28 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-11 10:16 - 2014-06-17 14:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-11 10:16 - 2014-06-17 14:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-10 16:20 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin
2015-03-10 16:18 - 2008-01-03 12:37 - 00000788 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Windows Media Player.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000738 _____ () C:\Documents and Settings\admin\Start Menu\Programs\Outlook Express.lnk
2015-03-10 16:18 - 2008-01-03 12:37 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Application Data\Google
2015-03-10 16:06 - 2004-08-11 18:07 - 00554810 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 16:05 - 2011-11-28 10:46 - 00000000 ____D () C:\Documents and Settings\Steve Stromsness\My Documents\Outlook Files
2015-03-10 16:03 - 2012-05-16 11:35 - 00000000 __SHD () C:\WINDOWS\CSC
2015-03-10 15:29 - 2007-11-07 17:48 - 00000000 ____D () C:\Documents and Settings\City Desk #2
2015-03-08 15:00 - 2014-04-10 07:20 - 00000230 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-02-27 16:10 - 2007-12-07 15:53 - 00017468 _____ () C:\WINDOWS\system32\OPC5150N.cah
2015-02-19 21:37 - 2014-02-10 12:20 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-02-18 09:02 - 2012-04-11 07:23 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-18 09:02 - 2011-05-27 07:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-12 04:05 - 2004-08-11 18:21 - 00000000 ____D () C:\WINDOWS\Microsoft.NET

==================== Files in the root of some directories =======

2000-08-14 17:28 - 2000-08-14 17:28 - 0464296 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7.ocx
2000-08-14 19:28 - 2000-08-14 19:28 - 0419240 _____ (VideoSoft) C:\Program Files\Common Files\Vsflex7L.ocx

Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\dotnetfx.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ApnStub.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\avguidx.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\CommonInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\iGearedHelper.dll
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv_799b9130.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\MachineIdCreator.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\ToolbarInstaller.exe
C:\Documents and Settings\City Desk #2\Local Settings\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#9 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 12 March 2015 - 12:56 PM

Hello mary9915,

you should be able to run AVG now.
Can you?
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 March 2015 - 01:27 PM

Jo,

 

AVG Antivirus is up and running and updated.  Thanks so much for all your help!

 

I am currently running the MBAM and ESET and will post logs when they complete.


Edited by mary9915, 12 March 2015 - 01:31 PM.


#11 mary9915

mary9915
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 12 March 2015 - 03:32 PM


Jo,

The MalwareBytes scan completed without finding any threats.

Additionally, no threats were found from running ESET.

Thanks,

Mary

#12 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 12 March 2015 - 03:49 PM

Hello mary9915,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:


***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
EmptyTemp:
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP is no longer supported from MS.
    This is a security risk anyway.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:03 AM

Posted 17 March 2015 - 04:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users