Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown issue hijacking CD player/downloads/browser access


  • This topic is locked This topic is locked
29 replies to this topic

#1 shelbydog

shelbydog

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 30 June 2015 - 11:06 PM

Hi,

 

Thanks for having this forum.

The computer is an eMachines EL1200, WXP Pro

It was given to me to 'fix'.

I can access the Internet via IE 8, but can't download anything security related.

Even though there was no antivirus running, there was never a security center notification

I installed CCleaner

I installed Firefox (it can only access the Internet in safe mode)

I installed Chrome (it can only access the Internet in safe mode)

I installed AVG Free 2015 (it can only access the Internet in safe mode)

I installed Malwarebytes Free (it can only access the Internet in safe mode)

 

I have scanned and removed many things. However, I can never update the driver on the CD/DVD player so I could boot from a disc.

I tried hooked up an external DVD Player but the same problem, can't install a driver.

 

There are no pop ups to help me ID the virus or trojan or malware that is preventing me from all fixes.

I'm not even sure that is what is wrong, but it seems like it, since every security fix option is blocked.

 

Any help would be very much appreciated.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:44 PM

Posted 05 July 2015 - 11:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581460 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 06 July 2015 - 10:44 AM

Hi,

 

I do still need help. I am attaching the FRST log. The computer is running Windows XP Professional SP3 32 bit

I do have a Windows XP Professional disc, but I can't run any discs because the driver for the DVD/CD player is corrupted and I am blocked from updating it or from using an external DVD/CD drive.

 

If the problem can be manually removed, I am comfortable editing the registry. I just can't identify the problem.

 

Thank you.

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 07 July 2015 - 10:15 PM

Greetings shelbydog and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would like you to run FRST again but this time make sure to post both logs, FRST.txt and Addition.txt.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 07 July 2015 - 11:09 PM

Hi Gary, I am Clare.

I am very grateful for your help.

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by leslie (administrator) on ADMIN-C35F67CDA on 07-07-2015 23:53:30
Running from C:\Documents and Settings\leslie\Desktop
Loaded Profiles: leslie (Available Profiles: leslie)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18702336 2010-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-861567501-963894560-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-861567501-963894560-839522115-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-09-01] (Google Inc.)
HKU\S-1-5-21-861567501-963894560-839522115-1003\...\MountPoints2: {d4fef142-a95b-11df-9c6e-806d6172696f} - D:\autorun.exe
IFEO\Your Image File Name Here without a path: [Debugger]
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-861567501-963894560-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-861567501-963894560-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-15] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2013-03-14] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-15] (Oracle Corporation)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - !{83453B9B-B889-4659-9144-20F081542BDC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKU\S-1-5-21-861567501-963894560-839522115-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-861567501-963894560-839522115-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{D7835A99-90FC-4D60-8DA8-B5609CA412BB}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\leslie\Application Data\Mozilla\Firefox\Profiles\4u4ti0fg.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-03-15] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-27] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-18]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn [2013-03-14]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn [2013-04-11]

Chrome:
=======
CHR Profile: C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-28]
CHR Extension: (Google Docs) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-28]
CHR Extension: (YouTube) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-28]
CHR Extension: (Google Search) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-28]
CHR Extension: (Google Sheets) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-28]
CHR Extension: (Google Wallet) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-28]
CHR Extension: (Gmail) - C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-28]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\20.3.0.36\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-03-15] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 N360; C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation)
S2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
S2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2010-08-19] (Creative)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [997464 2013-03-21] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation)
S3 DrvAgent32; C:\WINDOWS\system32\Drivers\DrvAgent32.sys [23456 2015-06-29] (Phoenix Technologies) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-28] (Symantec Corporation)
R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSxpx86.sys [373728 2013-03-13] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2010-08-19] (Creative Technology Ltd.)
S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.003\NAVENG.SYS [93296 2013-03-28] (Symantec Corporation)
S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.003\NAVEX15.SYS [1603824 2013-03-28] (Symantec Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2015-06-29] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2015-06-29] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation)
S3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
S3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\N360\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-03-14] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1403010.016\Ironx86.SYS [175264 2012-11-15] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1403010.016\SYMTDI.SYS [394656 2013-01-30] (Symantec Corporation)
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S4 IntelIde; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 SMR322; System32\drivers\SMR322.SYS [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
U1 WS2IFSL; No ImagePath
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 23:53 - 2015-07-07 23:54 - 00016408 ____C C:\Documents and Settings\leslie\Desktop\FRST.txt
2015-07-07 23:53 - 2015-07-07 23:53 - 01636352 ____C (Farbar) C:\Documents and Settings\leslie\Desktop\FRST.exe
2015-07-06 11:22 - 2015-07-07 23:53 - 00000000 ___DC C:\FRST
2015-06-30 23:17 - 2015-06-30 23:17 - 00388608 ____C (Trend Micro Inc.) C:\Documents and Settings\leslie\Desktop\HijackThis.exe
2015-06-29 14:37 - 2015-06-29 14:33 - 00442368 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nvunrm.exe
2015-06-29 14:37 - 2015-06-29 14:33 - 00005836 ____C C:\WINDOWS\system32\nvnrm.nvu
2015-06-29 14:14 - 2015-06-29 14:14 - 00023456 ____C (Phoenix Technologies) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2015-06-29 14:14 - 2015-06-29 14:14 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\eSupport.com
2015-06-29 13:51 - 2015-06-29 15:27 - 00000000 ___DC C:\DVRXD09
2015-06-28 12:44 - 2015-06-28 12:44 - 00000078 ____C C:\lxdu.log
2015-06-28 11:00 - 2015-06-28 11:00 - 00001813 ____C C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-28 11:00 - 2015-06-28 11:00 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-06-28 10:56 - 2015-06-28 10:56 - 00415232 ____C (Farbar) C:\Documents and Settings\leslie\Desktop\FSS.exe
2015-06-28 10:00 - 2015-06-28 10:00 - 00000000 ___DC C:\Documents and Settings\leslie\Application Data\AVG2015
2015-06-28 09:59 - 2015-06-28 09:59 - 00000702 ____C C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-28 09:59 - 2015-06-28 09:59 - 00000000 __HDC C:\$AVG
2015-06-28 09:59 - 2015-06-28 09:59 - 00000000 ___DC C:\Documents and Settings\leslie\Application Data\TuneUp Software
2015-06-28 09:59 - 2015-06-28 09:59 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-28 09:59 - 2015-06-28 09:59 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\AVG2015
2015-06-28 09:58 - 2015-06-28 09:58 - 00000000 ___DC C:\Program Files\AVG
2015-06-28 09:36 - 2015-06-28 12:25 - 00098520 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 07:00 - 2015-06-28 07:01 - 01005568 ____C (Farbar) C:\Documents and Settings\leslie\Desktop\MiniToolBox.exe
2015-06-27 22:41 - 2015-06-27 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
2015-06-27 22:41 - 2015-06-27 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
2015-06-27 22:41 - 2015-06-27 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2015-06-27 22:41 - 2015-06-27 22:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2015-06-27 22:40 - 2015-06-27 22:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2015-06-27 22:38 - 2015-07-07 23:53 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-27 22:38 - 2015-06-28 10:07 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\Avg2015
2015-06-27 22:38 - 2015-06-27 22:38 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\MFAData
2015-06-27 21:04 - 2015-06-27 21:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
2015-06-27 21:04 - 2015-06-27 21:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2015-06-27 21:01 - 2015-06-27 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
2015-06-27 20:56 - 2015-06-27 20:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2015-06-27 20:54 - 2015-06-27 20:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2015-06-27 20:53 - 2015-06-27 20:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2015-06-27 20:51 - 2015-06-27 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2015-06-27 20:49 - 2015-06-27 20:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2015-06-27 20:45 - 2015-06-27 20:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2015-06-27 20:33 - 2015-06-27 20:33 - 00000000 ___DC C:\Program Files\Common Files\DESIGNER
2015-06-27 20:14 - 2015-06-27 20:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2015-06-27 19:16 - 2015-06-28 12:23 - 00000777 ____C C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 19:16 - 2015-06-28 12:23 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2015-06-27 19:16 - 2015-06-28 12:23 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-27 19:16 - 2015-06-27 19:16 - 00119512 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\cpcsswissarmy.sys
2015-06-27 19:16 - 2015-06-27 19:16 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-27 19:16 - 2015-06-18 08:41 - 00121560 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-27 19:16 - 2015-06-18 08:41 - 00023256 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-27 19:11 - 2015-06-27 19:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2015-06-27 18:55 - 2015-06-27 18:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2015-06-27 18:23 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-06-27 18:21 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-06-27 18:21 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-06-27 18:13 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2015-06-27 18:13 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-06-27 18:13 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2015-06-27 17:59 - 2015-06-27 17:59 - 00000730 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-27 17:59 - 2015-06-27 17:59 - 00000724 ____C C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-06-27 17:59 - 2015-06-27 17:59 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2015-06-27 17:59 - 2015-06-27 17:59 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2015-06-27 17:02 - 2015-06-27 17:02 - 00000682 ____C C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-06-27 17:02 - 2015-06-27 17:02 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-06-27 16:57 - 2015-06-27 16:57 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\Mozilla
2015-06-27 16:57 - 2015-06-27 16:57 - 00000000 ___DC C:\Documents and Settings\leslie\Application Data\Mozilla
2015-06-27 16:57 - 2015-06-27 16:57 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Mozilla
2015-06-27 16:52 - 2008-04-13 20:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-06-27 16:52 - 2008-04-13 20:11 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 23:54 - 2010-08-16 17:43 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Temp
2015-07-07 23:54 - 2010-08-16 13:30 - 00572762 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-07 23:53 - 2012-06-30 17:13 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-07 23:53 - 2010-08-16 17:37 - 01280047 ____C C:\WINDOWS\WindowsUpdate.log
2015-07-07 23:51 - 2012-02-25 20:39 - 00000424 ___HC C:\WINDOWS\Tasks\User_Feed_Synchronization-{1BD0EAB6-A6FF-4D66-A7A1-F26761249B43}.job
2015-07-07 23:50 - 2011-05-31 19:39 - 00000380 ____C C:\WINDOWS\Tasks\Free File Viewer Update Checker.job
2015-07-07 23:50 - 2010-09-01 19:55 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 23:50 - 2006-02-28 08:00 - 00012598 ____C C:\WINDOWS\system32\wpa.dbl
2015-07-07 23:49 - 2010-08-16 20:18 - 00000159 ____C C:\WINDOWS\wiadebug.log
2015-07-07 23:49 - 2010-08-16 20:18 - 00000048 ____C C:\WINDOWS\wiaservc.log
2015-07-07 23:49 - 2010-08-16 17:42 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-07-06 14:16 - 2010-08-16 17:43 - 00000178 __SHC C:\Documents and Settings\leslie\ntuser.ini
2015-07-06 14:16 - 2010-08-16 17:42 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-06 14:00 - 2010-09-01 19:55 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 23:12 - 2010-08-19 22:37 - 00000000 ___DC C:\WINDOWS\pss
2015-06-30 23:09 - 2010-08-16 17:43 - 00000000 ___DC C:\Documents and Settings\leslie
2015-06-29 14:53 - 2010-08-16 13:29 - 00000211 _RSHC C:\boot.ini
2015-06-29 14:53 - 2006-02-28 08:00 - 00000507 ____C C:\WINDOWS\win.ini
2015-06-29 14:53 - 2006-02-28 08:00 - 00000246 ____C C:\WINDOWS\system.ini
2015-06-29 14:46 - 2010-08-16 13:30 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2015-06-29 14:45 - 2010-08-23 20:03 - 00000000 ___DC C:\Documents and Settings\leslie\Application Data\mjusbsp
2015-06-29 14:33 - 2010-08-16 17:47 - 00199168 ____C (NVIDIA Corporation) C:\WINDOWS\system32\fdco1ins.dll
2015-06-29 14:33 - 2010-08-16 17:47 - 00009216 ____C (NVIDIA Corporation) C:\WINDOWS\system32\bdco1ins.dll
2015-06-29 14:33 - 2008-02-19 18:13 - 00199168 ____C (NVIDIA Corporation) C:\WINDOWS\system32\fdco1.dll
2015-06-29 14:33 - 2008-01-29 12:37 - 00950272 ____C (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvnrm.sys
2015-06-29 14:33 - 2008-01-29 12:37 - 00054016 ____C (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NVENETFD.sys
2015-06-29 14:33 - 2008-01-29 12:37 - 00022016 ____C (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvnetbus.sys
2015-06-29 14:33 - 2008-01-29 12:36 - 00009216 ____C (NVIDIA Corporation) C:\WINDOWS\system32\bdco1.dll
2015-06-29 14:33 - 2008-01-29 12:13 - 00035840 ____C (NVIDIA Corporation) C:\WINDOWS\system32\nvconrm.dll
2015-06-28 11:00 - 2010-09-01 19:55 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\Google
2015-06-28 10:59 - 2010-09-01 19:55 - 00000000 ___DC C:\Program Files\Google
2015-06-28 10:54 - 2011-05-24 19:47 - 00000000 ___DC C:\Program Files\Youtube Downloader
2015-06-28 09:52 - 2010-08-16 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975467_0$
2015-06-28 06:25 - 2010-08-16 13:29 - 00221632 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-27 22:32 - 2013-03-15 02:32 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-06-27 22:32 - 2011-11-10 04:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-06-27 21:14 - 2010-10-11 20:53 - 00000000 ___DC C:\WINDOWS\Microsoft.NET
2015-06-27 21:03 - 2010-08-16 20:14 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-06-27 20:45 - 2010-08-16 21:39 - 00034320 ____C C:\WINDOWS\system32\TZLog.log
2015-06-27 20:06 - 2010-08-16 21:35 - 00000000 ___DC C:\WINDOWS\ie8updates
2015-06-27 20:05 - 2013-03-15 02:33 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-06-27 19:49 - 2013-07-16 03:00 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-06-27 18:29 - 2013-03-15 02:38 - 00002347 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-27 18:28 - 2013-03-15 02:37 - 00000000 ___DC C:\Program Files\Common Files\Adobe
2015-06-27 18:16 - 2010-09-01 20:26 - 00000000 ___DC C:\Documents and Settings\leslie\Local Settings\Application Data\Adobe
2015-06-27 18:10 - 2010-08-25 20:00 - 00000000 ___DC C:\Program Files\Yahoo!
2015-06-27 17:08 - 2010-08-25 20:01 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Yahoo!
2015-06-27 17:06 - 2013-03-14 18:23 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\iolo
2015-06-27 17:05 - 2010-08-16 17:44 - 00000000 __HDC C:\Program Files\InstallShield Installation Information
2015-06-27 17:03 - 2012-03-16 21:34 - 00000000 ___DC C:\WINDOWS\Minidump
2015-06-27 17:02 - 2010-08-16 20:14 - 00000000 ___DC C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2011-05-18 17:00 - 2011-07-12 16:00 - 0001940 ____C () C:\Documents and Settings\leslie\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2010-10-23 13:48 - 2012-01-18 21:12 - 0061444 ____C () C:\Documents and Settings\All Users\lxduJSW.log
2011-06-25 22:57 - 2011-06-25 22:57 - 0977789 ____C () C:\Documents and Settings\All Users\SPL81.tmp
2010-10-11 20:48 - 2010-10-11 20:48 - 0000000 ____C () C:\Documents and Settings\All Users\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by leslie at 2015-07-07 23:54:34
Running from C:\Documents and Settings\leslie\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-861567501-963894560-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-861567501-963894560-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-861567501-963894560-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-861567501-963894560-839522115-1000 - Limited - Disabled)
leslie (S-1-5-21-861567501-963894560-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\leslie
SUPPORT_388945a0 (S-1-5-21-861567501-963894560-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 Online (Enabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Online (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AOL Messaging Toolbar (HKU\S-1-5-21-861567501-963894560-839522115-1003\...\AOL Messaging Toolbar) (Version:  - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
Clone Wars (HKU\S-1-5-21-861567501-963894560-839522115-1003\...\SOE-Clone Wars) (Version:  - Sony Online Entertainment)
Free Realms (HKU\S-1-5-21-861567501-963894560-839522115-1003\...\SOE-Free Realms) (Version:  - Sony Online Entertainment)
F-Secure PSC Prerequisites (Version: 1.0.6 - F-Secure Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4209.2358 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.153 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java™ 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.240 - Oracle)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Player Codec Pack 3.9.5 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13527 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Photo Transport (HKLM\...\{63CFD835-FF50-4F8B-91CD-5662A8C640F8}) (Version: 1.0.1 - CASIO COMPUTER CO., LTD.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5928 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30103 - Realtek Semiconductor Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Understanding Health Insurance: A Guide to Billing and Reimburs (HKLM\...\Understanding Health Insurance: A Guide to Billi~35254FEE_is1) (Version:  - Cengage Learning)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Virtual Medical Office 1.0 (HKLM\...\Virtual Medical Office_is1) (Version:  - Elsevier)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YouTube Uploader for CASIO (HKLM\...\{AE173BDA-D2A3-4E73-97A3-9B0E53E7CF09}) (Version: 2.0.0.8 - CASIO COMPUTER CO., LTD.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

11-06-2015 20:40:44 System Checkpoint
27-06-2015 17:05:32 Removed CenturyLink Installer
27-06-2015 18:50:11 Software Distribution Service 3.0
27-06-2015 22:39:54 Software Distribution Service 3.0
28-06-2015 06:44:29 Software Distribution Service 3.0
29-06-2015 14:39:59 Installed NVIDIA ForceWare Network Access Manager
29-06-2015 14:45:59 Removed Windows Live ID Sign-in Assistant
06-07-2015 12:12:21 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 08:00 - 2006-02-28 08:00 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Free File Viewer Update Checker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe-shed C:\Program Files\RegWork\RegWork.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1BD0EAB6-A6FF-4D66-A7A1-F26761249B43}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2010-10-11 21:01 - 2008-04-30 20:41 - 00045056 ____C () C:\WINDOWS\system32\LXDUPMON.DLL
2010-10-11 21:01 - 2008-09-10 06:14 - 00086016 ____C () C:\WINDOWS\system32\LXDUOEM.DLL
2009-01-10 18:15 - 2009-01-10 18:15 - 00159744 _____ () C:\WINDOWS\system32\mmfinfo.dll
2009-11-14 14:11 - 2009-11-14 14:11 - 00024576 _____ () C:\WINDOWS\system32\mkunicode.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-861567501-963894560-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 68.105.28.11 - 68.105.29.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^YouTube Uploader for CASIO.lnk => C:\WINDOWS\pss\YouTube Uploader for CASIO.lnkCommon Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\iMesh Applications\iMesh\iMesh.exe] => Enabled:iMesh
StandardProfile\AuthorizedApplications: [C:\Program Files\SymplisIT\DriverMagic\DriverMagic.exe] => Enabled:DriverMagic Utilities
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Rhapsody\rhapsody.exe] => Enabled:RealNetworks Rhapsody
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\iMesh Applications\iMesh\iMesh.exe] => Enabled:iMesh
StandardProfile\AuthorizedApplications: [C:\Program Files\AIM\aim.exe] => Enabled:AIM
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\leslie\Application Data\mjusbsp\magicJack.exe] => Enabled:magicJack
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

Name: ATAPI DVD A  DH16A6S SCSI CdRom Device
Description: CD-ROM Drive (force CDDA inaccurate)
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 11:53:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:52 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:52 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

Error: (07/07/2015 11:53:48 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:46 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/07/2015 11:53:45 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (07/07/2015 11:50:14 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer PDFConvertedPrinter failed to initialize because a suitable PDFConvertedPrinterDriver driver could not be found.

Error: (07/07/2015 11:50:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
redbook
SMR322

Error: (07/07/2015 11:49:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/07/2015 11:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdu_device service failed to start due to the following error:
%%2

Error: (07/06/2015 11:07:21 AM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer PDFConvertedPrinter failed to initialize because a suitable PDFConvertedPrinterDriver driver could not be found.

Error: (07/06/2015 11:07:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
redbook
SMR322

Error: (07/06/2015 11:06:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (07/06/2015 11:06:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdu_device service failed to start due to the following error:
%%2

Error: (06/30/2015 11:07:39 PM) (Source: Print) (EventID: 23) (User: NT AUTHORITY)
Description: Printer PDFConvertedPrinter failed to initialize because a suitable PDFConvertedPrinterDriver driver could not be found.

Error: (06/30/2015 11:07:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdrom
redbook
SMR322


Microsoft Office:
=========================
Error: (05/24/2011 07:54:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4937 seconds with 1800 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Athlon™ Processor 2650e
Percentage of memory in use: 63%
Total physical RAM: 894.42 MB
Available physical RAM: 329.21 MB
Total Virtual: 2166 MB
Available Virtual: 1706.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:127.87 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 4F6E0A17)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of log ============================

 

System Summary zip file attached.Attached File  Summary.zip   54.67KB   1 downloads

 

Many thanks again!

 

Clare



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 08 July 2015 - 08:08 PM

Hi Clare, it is nice to meet you and my pleasure to work on this together with you.

Thank you for your patience. Let's start with this please.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

AVG AntiVirus Free Edition 2015
Norton 360 Online


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-861567501-963894560-839522115-1003\...\MountPoints2: {d4fef142-a95b-11df-9c6e-806d6172696f} - D:\autorun.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - !{83453B9B-B889-4659-9144-20F081542BDC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKU\S-1-5-21-861567501-963894560-839522115-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe -service [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S4 IntelIde; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S0 SMR322; System32\drivers\SMR322.SYS [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
U1 WS2IFSL; No ImagePath
U2 wuaserv; No ImagePath
2011-06-25 22:57 - 2011-06-25 22:57 - 0977789 ____C () C:\Documents and Settings\All Users\SPL81.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Cdrom

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Registry key information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 July 2015 - 08:23 PM

Hi Gary,

 

I just wanted to drop a quick note.

I uninstalled Norton 360 Online quite awhile back.

It does not appear in the Control Panel Add/Remove Programs or in CCleaner Uninstall.

 

Is there some other way to remove it?

 

I am going to start working on the rest of it.

 

Thanks a million for helping me!

 

Clare



#8 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 July 2015 - 08:56 PM

AdwCleaner log

 

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 21:28:32
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : leslie - ADMIN-C35F67CDA
# Running from : C:\Documents and Settings\leslie\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Documents and Settings\leslie\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\leslie\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\leslie\Local Settings\Application Data\eSupport.com
Folder Deleted : C:\Documents and Settings\leslie\Local Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\leslie\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\leslie\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\leslie\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\leslie\Application Data\imeshbandmltbpi
Folder Deleted : C:\Documents and Settings\leslie\Application Data\Uniblue
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\W3I
Key Deleted : HKU\.DEFAULT\Software\AIM Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AIM Toolbar

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\leslie\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6421 bytes] - [08/07/2015 21:25:24]
AdwCleaner[S0].txt - [6425 bytes] - [08/07/2015 21:28:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6484  bytes] ##########
 

 

Junkware Removal Tool

 

I downloaded to my desktop.

I right clicked for Run As...

I chose the second radio button

The following user:

Administrator

 

I left the password blank. In the User Profiles, there is no plain old Administrator.

I went there awhile back trying to make sure that I was operating as Administrator.

 

So when I try to Run As Administrator I get a message from Junkware Removal Tool:

Red Circle with a White X in it.

Unable to log on.

Logon failure: user account restriction. Possible reasons are blank passwords are not allowed, logon hour restrictions, or a policy restriction has been enforced.

 

I was unable to continue this step.

 

P.S. The first option on the Run As dialog box was Current User (ADMIN-C35F67CDA\leslie)

I decided to see what would happen if I tried to run it under that user account.

JRT: error

Red Circle with a White X in it.

Could not open archive file "C:\Documents and Settings\leslie\Desktop\JRT.exe"

Access is denied

 

 

Farbar's Recovery Scan Tool

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by leslie at 2015-07-08 21:50:28 Run:1
Running from C:\Documents and Settings\leslie\Desktop
Loaded Profiles: leslie (Available Profiles: leslie)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-861567501-963894560-839522115-1003\...\MountPoints2: {d4fef142-a95b-11df-9c6e-806d6172696f} - D:\autorun.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [OverlayPending] ->
{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - No Name - !{83453B9B-B889-4659-9144-20F081542BDC} -  No File
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKU\S-1-5-21-861567501-963894560-839522115-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe -service [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S4 IntelIde; No ImagePath
S3
RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S0 SMR322; System32\drivers\SMR322.SYS [X]
S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
U1 WS2IFSL; No ImagePath
U2 wuaserv; No ImagePath
2011-06-25 22:57 - 2011-06-25 22:57 - 0977789 ____C () C:\Documents and Settings\All Users\SPL81.tmp


*****************

"HKU\S-1-5-21-861567501-963894560-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4fef142-a95b-11df-9c6e-806d6172696f}" => key removed successfully.
HKCR\CLSID\{d4fef142-a95b-11df-9c6e-806d6172696f} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\OverlayExcluded" => key removed successfully.
HKCR\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [OverlayPending] -> => key not found.
HKCR\CLSID\ShellIconOverlayIdentifiers: [OverlayPending] -> => key not found.
{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\OverlayProtected" => key removed successfully.
HKCR\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\!{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{83453B9B-B889-4659-9144-20F081542BDC} => value removed successfully.
HKCR\CLSID\!{83453B9B-B889-4659-9144-20F081542BDC} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value removed successfully.
HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => key not found.
HKU\S-1-5-21-861567501-963894560-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
lxdu_device => Service removed successfully.
GEARAspiWDM => Service removed successfully.
IntelIde => Service removed successfully.
S3 => Error: No automatic fix found for this entry.
RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] => Error: No automatic fix found for this entry.
SMR322 => Service removed successfully.
USBCCID => Service removed successfully.
WS2IFSL => Service removed successfully.
wuaserv => Service removed successfully.
C:\Documents and Settings\All Users\SPL81.tmp => moved successfully.

==== End of Fixlog 21:51:46 ====

 

Farbar's MiniRegTool

 

The result that came up was:

 

Windows Registry Editor Version 5.00

 

 

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 08 July 2015 - 09:30 PM

Greetings,

We won't worry about Junkware for right now. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Exporting a Registry Key From the Run Box

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Cdrom"

  • A look.txt document will be placed on your desktop
  • Copy and past the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Look.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 July 2015 - 10:08 PM

Thank you again for all of this help.

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by leslie at 2015-07-08 23:04:40 Run:2
Running from C:\Documents and Settings\leslie\Desktop
Loaded Profiles: leslie (Available Profiles: leslie)
Boot Mode: Normal

==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]


*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\OverlayPending" => key removed successfully.
HKCR\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key not found.
RtsUIR => Service removed successfully.

==== End of Fixlog 23:04:40 ====

 

Look

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Cdrom]
"DependOnGroup"=hex(7):53,00,43,00,53,00,49,00,20,00,6d,00,69,00,6e,00,69,00,\
  70,00,6f,00,72,00,74,00,00,00,00,00
"ErrorControl"=dword:00000001
"Group"="SCSI CDROM Class"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001
"DisplayName"="CD-ROM Driver"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
  52,00,49,00,56,00,45,00,52,00,53,00,5c,00,63,00,64,00,72,00,6f,00,6d,00,2e,\
  00,73,00,79,00,73,00,00,00
"AutoRun"=dword:00000001
"AutoRunAlwaysDisable"=hex(7):4e,00,45,00,43,00,20,00,20,00,20,00,20,00,20,00,\
  4d,00,42,00,52,00,2d,00,37,00,20,00,20,00,20,00,00,00,4e,00,45,00,43,00,20,\
  00,20,00,20,00,20,00,20,00,4d,00,42,00,52,00,2d,00,37,00,2e,00,34,00,20,00,\
  00,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,48,00,41,00,4e,\
  00,47,00,52,00,20,00,44,00,52,00,4d,00,2d,00,31,00,38,00,30,00,34,00,58,00,\
  00,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,44,00,2d,00,52,\
  00,4f,00,4d,00,20,00,44,00,52,00,4d,00,2d,00,36,00,33,00,32,00,34,00,58,00,\
  00,00,50,00,49,00,4f,00,4e,00,45,00,45,00,52,00,20,00,43,00,44,00,2d,00,52,\
  00,4f,00,4d,00,20,00,44,00,52,00,4d,00,2d,00,36,00,32,00,34,00,58,00,20,00,\
  00,00,54,00,4f,00,52,00,69,00,53,00,41,00,4e,00,20,00,43,00,44,00,2d,00,52,\
  00,4f,00,4d,00,20,00,43,00,44,00,52,00,5f,00,43,00,33,00,36,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Cdrom\Enum]
"Count"=dword:00000000
"NextInstance"=dword:00000000
"INITSTARTFAILED"=dword:00000001
 

 

 

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 08 July 2015 - 10:24 PM

Thank you, let's run this.

===================================================

Microsoft CD/DVD Drive Fix it

----------
  • Download MicrosoftFixit.dvd.Run.exe and save it to your desktop
  • Double click the icon and select OK then Run
  • Click Accept then allow the program to run
  • Select Detect problems and apply the fixes for me (Recommended)
  • Continue to follow the prompts
  • Once completed reboot your computer if not done automatically
  • Check to see if your CD/DVD drive is listed and works properly
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • How is your CD?
  • Update on overall computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 July 2015 - 10:45 PM

Wow, thanks so much for staying with me like this.

This kind of help is way more than I could have hoped for.

 

I downloaded MicrosoftFixit dvd run.exe top my desktop

As always, I get the Open File - Security Warning dialog box

I click on Run

 

I get the following message from Microsoft Fix it:

 

Red Circle with a white X in it

Troubleshooting cannot continue because an error has occurred

 

We're sorry, but the program encountered an error trying to contact the server. Please try again later.

To download a utility to troubleshoot this problem, click here.

 

[Code 80072EFD]

 

So after a few tries, I clicked there.

Name: DIAG_MATS_NETWORK_global,DiagCab

158kb

From download.microsoft.com

 

 

I saved it to my desktop, but it isn't an exe file.

 

Firefox and Chrome still cannot connect

AVG cannot update (update failed)

However...for the first time, AVG actually was able to start a scan.

Before, one of those black DOS boxes (forget what they're called) popped up for a second then closed, then AVG said No Threats Detected.

But the Scan was interrupted, no threats detected after about 45 seconds.

When I looked at the details, no items were scanned.

 

Then I tried to re-install the CD Rom driver from the Device Manager.

This time, the Hardware Update Wizard box said:

 

There was a problem installing this hardware:

CD-ROM Drive

Windows successfully loaded the device driver for this hardware but cannot find the hardware device [Code 41]

 

Before, I got a message about the driver being corrupted.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 08 July 2015 - 10:53 PM

Thanks for all the work. I know it is late for you so don't feel like you have to do this tonight. I will only be online for about 10-15 minutes.

We are going to run another program to look for malware. I don' know whether or not you have uninstalled the CD device. If you have not I am providing instructions to do so. The computer will attempt to reinstall the drive.

Please do this.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Uninstalling/Reinstalling a DVD/CD-Rom Device Driver

----------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type devmgmt.msc and press Enter
  • Expand the DVD/CD-Rom drives section by clicking + sign
  • Right click on the DVD/CD-Rom device, select Uninstall, then OK
  • Reboot your computer
  • Check the performance of your DVD/CD-Rom device
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Does your CD work?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 shelbydog

shelbydog
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 08 July 2015 - 11:09 PM

If you're still online:

 

Warning!!

 

ComboFix has detected the following real time scanner to be active:

 

antivirus: Norton 360 Online

 

Please disable this scanner before clicking ok

 

I can hear Jackie Gleason yelling NORTON!!!!!

 

I don't know how to disable this thing.

 

I checked the Task Manager processes tab but I didn't see anything that looked like Symantec or Norton.


Edited by shelbydog, 08 July 2015 - 11:09 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:44 AM

Posted 08 July 2015 - 11:12 PM

That is funny and since you hear Ralph yelling at Ed that tells me something about you. :)

Ignore the warning and run it anyway.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users