Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop running really slow and sometimes freezing up. FRST log included


  • This topic is locked This topic is locked
56 replies to this topic

#1 WILD RACING

WILD RACING

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 05 July 2015 - 10:36 PM

I have a Compaq Presario R3000 using XP w/ SP3.



Lately anything I try to open, be it a browser, web page or any other program from my desktop, it tends to load very slowly and more and more often lately the computer will just freeze up until I get so frustrated all I can do is hold the power button untill it shuts down and try again.



Sometimes it works better for a little while but inevitably I'm always left in the same boat.



I did have a post in the "Am I infected" forum where I was directed through a few scans which you can see here......

http://www.bleepingcomputer.com/forums/t/581238/laptop-running-really-slow-and-sometimes-freezing-up/#entry3753168

I was then directed to post here.

Here are the FRSt logs......

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by User (administrator) on USER-DRXYHZGBOO on 05-07-2015 23:01:15
Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C2ZF3Z0T
Loaded Profiles: User (Available Profiles: User & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(America Online, Inc.) C:\Program Files\America Online 9.0\waol.exe
(America Online, Inc.) C:\Program Files\America Online 9.0\shellmon.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Farbar) C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C2ZF3Z0T\FRST[1].exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1283192 2015-07-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-05-01] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKU\S-1-5-21-484763869-573735546-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-484763869-573735546-839522115-1004\...\Run: [ReasonSecurityStart] => C:\Program Files\Reason\Security\rsUI.exe [2045200 2015-05-17] (Reason Software Company Inc.)
HKU\S-1-5-21-484763869-573735546-839522115-1004\...\Run: [AOL Fast Start] => C:\Program Files\America Online 9.0\AOL.EXE [50776 2005-07-12] (America Online, Inc.)
HKU\S-1-5-21-484763869-573735546-839522115-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmarque.scr [20992 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Del177584843] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-484763869-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-484763869-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-484763869-573735546-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-484763869-573735546-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.233.214.34 64.233.214.41 192.168.1.1
Tcpip\..\Interfaces\{8FE5007A-BDE1-4FA0-AC70-BF9A14B65256}: [DhcpNameServer] 64.233.214.34 64.233.214.41 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-01-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-01-10] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-484763869-573735546-839522115-1004: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\User\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-01-09] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2010-04-23] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-03-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-05-02] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-05-02] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-05-02] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-05-02] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-05-02] (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-05-02] (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml [2010-04-23]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]

Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2010-12-14]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-06-16] (SurfRight B.V.)
S3 hpqwmi; C:\Program Files\HPQ\SHARED\HPQWMI.exe [98304 2004-11-18] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [858232 2015-07-01] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [164600 2015-07-02] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [81168 2015-05-17] (Reason Software Company Inc.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker.sys [88136 2015-07-01] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [66128 2015-07-01] (360.cn)
R1 360Box; C:\WINDOWS\System32\DRIVERS\360Box.sys [203856 2015-07-01] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera.sys [34888 2015-07-01] (360.cn)
R1 360SelfProtection; C:\WINDOWS\System32\drivers\360SelfProtection.sys [174536 2015-07-01] (360安全中心)
S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 AIM_USBdriver; C:\WINDOWS\System32\Drivers\AIM_USBdrv10_01.sys [24704 2004-10-01] (AIM Applicazioni Industriali Microprocessori s.r.l.) [File not signed]
S4 ATWPKT2; C:\WINDOWS\system32\drivers\ATWPKT2.SYS [24664 2005-07-07] (America Online)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [169040 2015-07-01] (Qihu 360 Software Co., Ltd.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [371712 2005-05-11] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 DevUpper; C:\WINDOWS\System32\DRIVERS\tiumflt.sys [8448 2003-08-08] (Texas Instruments Inc.)
R1 eabfiltr; C:\WINDOWS\System32\drivers\EABFiltr.sys [7432 2004-04-14] (Hewlett-Packard Company)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5220 2003-06-06] (Hewlett-Packard Company)
R1 EfiMon; C:\WINDOWS\System32\Drivers\Efimon.sys [23752 2015-07-01] (360安全中心)
R0 HookPort; C:\WINDOWS\System32\Drivers\Hookport.sys [58440 2015-07-01] (360安全中心)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21120 2003-12-02] (NVIDIA Corporation)
S3 NWUSBCDFIL; C:\WINDOWS\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-06-15] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\WINDOWS\System32\DRIVERS\nwusbser2.sys [174720 2009-06-03] (Novatel Wireless Inc.)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
R1 qutmdserv; C:\WINDOWS\System32\DRIVERS\qutmdrv.sys [287056 2015-07-01] (360.cn)
R1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [45896 2015-07-01] (360.cn)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2003-10-23] (Realtek Semiconductor Corporation )
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2009-03-20] (Smith Micro Inc.)
R3 tiumfwl; C:\WINDOWS\System32\drivers\tiumfwl.sys [42092 2003-02-18] (Texas Instruments Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S2 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 23:00 - 2015-07-05 23:01 - 00000000 ___DC C:\FRST
2015-07-05 02:00 - 2015-07-05 02:00 - 00023688 ____C C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-04 17:44 - 2015-07-04 17:44 - 00000000 ___DC C:\Program Files\Viewpoint
2015-07-04 17:44 - 2015-07-04 17:44 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Viewpoint
2015-07-04 15:23 - 2015-07-04 15:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 13:39 - 2015-07-04 13:39 - 00090112 _____ C:\WINDOWS\Minidump\Mini070415-01.dmp
2015-07-04 13:30 - 2015-07-04 13:30 - 00142032 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-04 05:54 - 2015-07-04 05:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961118$
2015-07-04 05:50 - 2015-07-04 05:55 - 00016662 _____ C:\WINDOWS\KB961118.log
2015-07-03 21:01 - 2015-07-04 15:25 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2015-07-03 17:15 - 2015-07-03 17:15 - 00000744 ____C C:\Documents and Settings\All Users\Desktop\Removal Tool.lnk
2015-07-03 17:15 - 2015-07-03 17:15 - 00000000 ___DC C:\Documents and Settings\User\Application Data\9-lab
2015-07-03 17:07 - 2015-07-03 17:07 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\9-lab Removal Tool
2015-07-03 17:05 - 2015-07-03 17:05 - 00000000 ___DC C:\Program Files\9-lab
2015-07-03 17:05 - 2015-07-03 17:05 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\9-lab
2015-07-03 14:57 - 2015-07-03 14:57 - 00000780 ____C C:\Documents and Settings\All Users\Desktop\Crystal Security.lnk
2015-07-03 14:57 - 2015-07-03 14:57 - 00000000 ___DC C:\Program Files\Crystal Security
2015-07-03 14:57 - 2015-07-03 14:57 - 00000000 ___DC C:\Documents and Settings\User\Application Data\Crystal Security
2015-07-03 13:10 - 2009-01-09 15:19 - 01089593 ____C C:\WINDOWS\system32\dllcache\ntprint.cat
2015-07-02 22:37 - 2015-07-02 22:37 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Reason
2015-07-02 22:33 - 2015-07-05 02:00 - 00000386 _____ C:\WINDOWS\Tasks\ReasonSecurityScheduledScan.job
2015-07-02 22:29 - 2015-07-02 22:29 - 00023296 ____C C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-02 22:28 - 2015-07-02 22:28 - 00065536 _____ C:\WINDOWS\system32\config\Reason.evt
2015-07-02 22:28 - 2015-07-02 22:28 - 00000759 ____C C:\Documents and Settings\All Users\Desktop\Reason Core Security.lnk
2015-07-02 22:28 - 2015-07-02 22:28 - 00000000 ___DC C:\Program Files\Reason
2015-07-02 22:28 - 2015-07-02 22:28 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Reason Core Security
2015-07-02 22:14 - 2015-07-04 13:40 - 00002886 _____ C:\WINDOWS\spupdsvc.log
2015-07-02 22:14 - 2015-07-02 22:16 - 00000000 ___DC C:\0251d81acbd5f210442963
2015-07-02 22:14 - 2008-07-06 08:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-07-02 22:14 - 2008-07-06 08:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-07-02 22:14 - 2008-07-06 08:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-07-02 22:14 - 2008-07-06 08:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-07-02 22:14 - 2008-07-06 08:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-07-02 22:14 - 2008-07-06 08:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-07-02 22:14 - 2008-07-06 06:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-07-02 07:07 - 2015-07-02 07:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2660649$
2015-07-02 07:06 - 2015-07-02 07:07 - 00015340 _____ C:\WINDOWS\KB2660649.log
2015-07-02 07:05 - 2015-07-02 07:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB943232-v2$
2015-07-02 07:04 - 2015-07-02 07:06 - 00013780 _____ C:\WINDOWS\KB943232-v2.log
2015-07-02 07:04 - 2015-07-02 07:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB982316$
2015-07-02 07:04 - 2008-10-23 09:39 - 00713216 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sxs.dll
2015-07-02 07:03 - 2015-07-02 07:04 - 00014559 _____ C:\WINDOWS\KB982316.log
2015-07-02 07:03 - 2015-07-02 07:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB953155$
2015-07-02 07:01 - 2015-07-04 05:55 - 00037099 _____ C:\WINDOWS\FaxSetup.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00017736 _____ C:\WINDOWS\ocgen.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00014154 _____ C:\WINDOWS\tsoc.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00012192 _____ C:\WINDOWS\comsetup.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00007398 _____ C:\WINDOWS\ntdtcsetup.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00005707 _____ C:\WINDOWS\iis6.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00002052 _____ C:\WINDOWS\ocmsn.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00001854 _____ C:\WINDOWS\msgsocm.log
2015-07-02 07:01 - 2015-07-04 05:55 - 00001355 _____ C:\WINDOWS\imsins.log
2015-07-02 07:01 - 2015-07-02 07:07 - 00001355 _____ C:\WINDOWS\imsins.BAK
2015-07-02 07:01 - 2015-07-02 07:06 - 00000744 _____ C:\WINDOWS\updspapi.log
2015-07-02 07:01 - 2015-07-02 07:03 - 00016002 _____ C:\WINDOWS\KB953155.log
2015-07-02 07:01 - 2015-07-02 07:01 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-02 07:01 - 2015-07-02 07:01 - 00000000 _____ C:\WINDOWS\setupact.log
2015-07-02 07:01 - 2008-08-28 03:46 - 00104960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32spl.dll
2015-07-02 07:01 - 2008-08-28 03:46 - 00074752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msw3prt.dll
2015-07-02 07:00 - 2015-07-02 07:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951830$
2015-07-02 06:56 - 2015-07-02 06:56 - 00000742 ____C C:\Documents and Settings\User\Desktop\Toolwiz Smart Defrag FREE.lnk
2015-07-02 06:56 - 2008-04-21 14:44 - 00330752 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipnathlp.dll
2015-07-02 06:55 - 2015-07-02 06:57 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Toolwiz Smart Defrag FREE
2015-07-02 06:55 - 2015-07-02 06:55 - 00000000 ___DC C:\Program Files\Toolwiz Smart Defrag FREE
2015-07-02 06:47 - 2015-07-02 06:47 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\360SD
2015-07-02 06:45 - 2015-07-05 22:56 - 00000000 _SHDC C:\$360Section
2015-07-02 01:23 - 2015-07-02 01:23 - 00000000 ___DC C:\Documents and Settings\LocalService\Application Data\360safe
2015-07-01 22:27 - 2015-07-05 22:56 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\360Quarant
2015-07-01 22:25 - 2015-07-02 06:57 - 00000000 ___DC C:\Documents and Settings\User\Application Data\360safe
2015-07-01 22:25 - 2015-07-02 06:45 - 00000000 ____D C:\WINDOWS\Tasks\360Disabled
2015-07-01 22:24 - 2015-07-05 22:59 - 00000000 ___DC C:\Documents and Settings\User\Application Data\360WD
2015-07-01 22:24 - 2015-07-04 15:18 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\360TotalSecurity
2015-07-01 22:24 - 2015-07-01 22:24 - 00000000 ___DC C:\Documents and Settings\User\Application Data\360TotalSecurity
2015-07-01 22:23 - 2015-07-01 22:25 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\360safe
2015-07-01 22:23 - 2015-07-01 22:23 - 00000802 ____C C:\Documents and Settings\All Users\Desktop\360 Total Security.lnk
2015-07-01 22:23 - 2015-07-01 22:23 - 00000000 RSHDC C:\360SANDBOX
2015-07-01 22:23 - 2015-07-01 22:23 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\360 Security Center
2015-07-01 22:23 - 2015-07-01 11:17 - 00287056 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmdrv.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00203856 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00174536 _____ (360安全中心) C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00169040 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2015-07-01 22:23 - 2015-07-01 11:17 - 00088136 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00066128 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00058440 _____ (360安全中心) C:\WINDOWS\system32\Drivers\hookport.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00045896 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmipc.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00034888 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera.sys
2015-07-01 22:23 - 2015-07-01 11:17 - 00023752 _____ (360安全中心) C:\WINDOWS\system32\Drivers\efimon.sys
2015-07-01 22:21 - 2015-07-01 22:21 - 00000000 ___DC C:\Program Files\360
2015-06-30 20:40 - 2015-07-04 05:55 - 00008053 _____ C:\WINDOWS\setupapi.log
2015-06-30 20:38 - 2015-06-30 20:38 - 00020030 ____C C:\Documents and Settings\User\Desktop\Result.txt
2015-06-30 20:37 - 2015-06-30 20:37 - 01005568 ____C (Farbar) C:\Documents and Settings\User\Desktop\MiniToolBox.exe
2015-06-30 20:17 - 2015-06-30 20:17 - 00852662 ____C C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2015-06-30 20:10 - 2015-06-30 20:10 - 00753184 ____C C:\Documents and Settings\User\Desktop\Adware-Removal-Tool-v3.9.1.exe
2015-06-29 22:07 - 2015-06-29 22:07 - 02244096 ____C C:\Documents and Settings\User\Desktop\adwcleaner_4.207.exe
2015-06-29 22:03 - 2015-06-29 22:03 - 00001705 ____C C:\Documents and Settings\User\Desktop\JRT.txt
2015-06-29 21:55 - 2015-06-29 21:55 - 02950579 ____C (Malwarebytes Corporation) C:\Documents and Settings\User\Desktop\JRT.exe
2015-06-29 21:41 - 2015-06-29 21:41 - 158158304 ____C C:\Documents and Settings\User\Desktop\mwav.exe
2015-06-29 21:15 - 2015-07-04 15:07 - 00000000 ____C C:\Documents and Settings\User\My Documents\DID NOT RUN.txt
2015-06-29 19:34 - 2015-06-29 19:34 - 00001975 ____C C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0
2015-06-28 21:33 - 2015-06-28 21:33 - 00001554 ____C C:\Documents and Settings\All Users\Start Menu\Programs\PrivaZer.lnk
2015-06-28 21:33 - 2015-06-28 21:33 - 00001548 ____C C:\Documents and Settings\All Users\Desktop\PrivaZer.lnk
2015-06-28 21:33 - 2015-06-28 21:33 - 00000000 ___DC C:\Documents and Settings\User\Start Menu\Programs\PrivaZer
2015-06-28 21:32 - 2015-06-28 22:43 - 00000000 ___DC C:\Documents and Settings\User\Local Settings\Application Data\PrivaZer
2015-06-28 21:32 - 2015-06-28 21:33 - 00000000 ___DC C:\Program Files\PrivaZer
2015-06-28 21:32 - 2015-06-28 21:32 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\privazer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-05 23:02 - 2011-12-18 18:47 - 00000000 ___DC C:\Documents and Settings\User\Local Settings\temp
2015-07-05 22:47 - 2014-03-09 23:47 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2015-07-05 22:47 - 2010-05-02 19:42 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 22:11 - 2012-03-30 19:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-05 20:47 - 2010-05-02 19:42 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 17:11 - 2013-12-10 23:41 - 00031880 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-05 05:14 - 2013-12-10 23:42 - 01906086 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-04 18:50 - 2013-10-17 19:55 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-07-04 18:38 - 2003-03-31 15:00 - 00000633 _____ C:\WINDOWS\win.ini
2015-07-04 18:22 - 2011-04-26 15:29 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job
2015-07-04 18:22 - 2010-04-23 13:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-04 18:22 - 2010-04-23 09:07 - 00000300 _____ C:\WINDOWS\wiadebug.log
2015-07-04 18:22 - 2010-04-23 09:07 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-04 17:56 - 2010-04-23 13:20 - 00000178 __SHC C:\Documents and Settings\User\ntuser.ini
2015-07-04 15:24 - 2011-12-07 22:19 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-07-04 15:15 - 2010-04-23 09:04 - 00641912 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-04 14:52 - 2011-12-19 11:14 - 00000000 ___DC C:\Documents and Settings\Administrator\Local Settings\temp
2015-07-04 14:51 - 2011-12-07 17:28 - 00000178 __SHC C:\Documents and Settings\Administrator\ntuser.ini
2015-07-04 03:53 - 2013-10-17 20:04 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2015-07-03 20:50 - 2011-03-07 23:31 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
2015-07-03 20:50 - 2011-03-07 23:31 - 00000000 ____D C:\Program Files\Xvid
2015-07-03 15:19 - 2012-02-23 13:28 - 00000000 ___DC C:\Program Files\MALWAREBYTES ANTI-MALWARE
2015-07-02 22:15 - 2010-04-23 08:59 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-02 22:09 - 2010-04-23 09:04 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2015-07-02 07:48 - 2012-03-30 19:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-02 07:48 - 2011-06-20 08:06 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-02 07:47 - 2003-03-31 15:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-02 07:23 - 2010-04-27 23:33 - 00000000 ___DC C:\Program Files\Common Files\Adobe AIR
2015-07-02 07:23 - 2010-04-27 23:33 - 00000000 ___DC C:\Program Files\Adobe
2015-07-02 07:23 - 2010-04-27 23:29 - 00000000 ___DC C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2015-07-02 07:23 - 2010-04-27 02:10 - 00000000 ___DC C:\Documents and Settings\User\Application Data\Adobe
2015-07-02 07:12 - 2014-01-03 19:52 - 00002347 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-02 07:10 - 2011-12-19 20:06 - 00000000 ___DC C:\Program Files\Common Files\Adobe
2015-07-02 07:10 - 2010-04-23 08:59 - 00000000 ____D C:\WINDOWS\security
2015-07-02 07:06 - 2010-04-26 11:38 - 00000000 ____D C:\WINDOWS\$hf_mig$
2015-07-02 06:46 - 2014-03-10 21:40 - 00000000 ___DC C:\Program Files\ImgBurn
2015-07-02 06:46 - 2011-08-23 21:05 - 00000000 ___DC C:\Documents and Settings\User\Application Data\vlc
2015-07-01 22:17 - 2014-02-04 03:03 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-07-01 22:12 - 2012-09-06 19:44 - 00000000 ___DC C:\Program Files\Free Easy CD DVD Burner
2015-07-01 22:11 - 2010-05-02 16:12 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\AOL
2015-07-01 21:55 - 2011-12-19 11:14 - 00000000 ___DC C:\Documents and Settings\NetworkService\Local Settings\temp
2015-06-29 22:14 - 2013-12-22 17:07 - 00000000 ___DC C:\AdwCleaner
2015-06-29 19:35 - 2010-04-26 22:38 - 00000000 _SHDC C:\Documents and Settings\User\IECompatCache
2015-06-29 19:35 - 2010-04-26 22:35 - 00000000 _SHDC C:\Documents and Settings\User\PrivacIE
2015-06-28 22:43 - 2011-09-29 19:51 - 00000000 ___DC C:\Documents and Settings\User\Application Data\dvdcss
2015-06-28 22:43 - 2010-11-11 18:43 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-06-28 22:42 - 2015-02-01 19:50 - 00000000 ___DC C:\Documents and Settings\User\My Documents\IMG_4890
2015-06-28 22:42 - 2015-02-01 19:22 - 00000000 ___DC C:\Documents and Settings\User\My Documents\IMG_5687
2015-06-28 22:42 - 2014-10-31 18:29 - 00000000 ___DC C:\Documents and Settings\User\My Documents\IMG_6077
2015-06-28 22:42 - 2013-03-28 19:57 - 00000000 ___DC C:\Documents and Settings\User\My Documents\katfinalfinal
2015-06-28 22:42 - 2011-09-19 15:02 - 00000000 ___DC C:\Documents and Settings\User\My Documents\DSCN5930
2015-06-28 22:40 - 2010-04-26 11:38 - 00000000 ____D C:\WINDOWS\ie8updates
2015-06-28 22:15 - 2012-02-10 20:07 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-28 22:15 - 2010-09-11 18:12 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-28 22:15 - 2010-07-13 21:47 - 00000000 ___DC C:\Documents and Settings\User\Local Settings\Application Data\Temp
2015-06-28 22:15 - 2010-04-23 08:59 - 00000000 ____D C:\WINDOWS\repair
2015-06-28 22:13 - 2011-12-07 22:19 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-06-28 19:23 - 2010-04-28 21:57 - 00001717 ____C C:\Documents and Settings\User\My Documents\FORUMS.txt
2015-06-16 21:19 - 2014-03-04 18:44 - 10113976 ____C (SurfRight B.V.) C:\Documents and Settings\User\Desktop\HitmanPro.exe

==================== Files in the root of some directories =======

2010-09-14 21:59 - 2010-09-15 10:31 - 0000000 ____C () C:\Documents and Settings\User\Application Data\Trance Pad
2014-03-09 23:47 - 2014-03-09 23:47 - 0000046 ____C () C:\Documents and Settings\User\Application Data\WB.CFG
2015-06-29 19:34 - 2015-06-29 19:34 - 0001975 ____C () C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0
2011-12-07 16:41 - 2011-12-07 16:51 - 0011000 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4
2011-12-12 11:57 - 2011-12-12 11:57 - 0001418 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361
2011-12-11 08:07 - 2011-12-11 08:07 - 0001154 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c
2010-05-02 14:55 - 2015-04-18 06:32 - 0102912 ____C () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 19:06 - 2012-12-01 19:06 - 0027520 ____C () C:\Documents and Settings\User\Local Settings\Application Data\dt.dat
2011-12-09 09:57 - 2011-12-09 09:57 - 0001140 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
2011-08-19 00:11 - 2011-08-19 00:11 - 0000000 ____C () C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1}

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


Some files in TEMP:
====================
C:\Documents and Settings\User\Local Settings\temp\rscp_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by User at 2015-07-05 23:03:44
Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C2ZF3Z0T
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-484763869-573735546-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-484763869-573735546-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-484763869-573735546-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-484763869-573735546-839522115-1002 - Limited - Disabled)
User (S-1-5-21-484763869-573735546-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Disabled - Up to date) {5EEE8B0C-BEB2-4f05-BA7E-5EF3A65B8ECC}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM\...\360TotalSecurity) (Version: 7.0.0.1051 - 360 Security Center)
9-lab Removal Tool (HKLM\...\9-lab Removal Tool) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Agere Systems AC'97 Modem (HKLM\...\Agere Systems Soft Modem) (Version: - )
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version: - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Security (HKLM\...\Crystal Security 3.5.0.129) (Version: 3.5.0.129 - Kardo Kristal)
Crystal Security (Version: 3.5.0.129 - Kardo Kristal) Hidden
Dragster Suite (HKLM\...\{8BA2BF97-005C-4231-8B90-3DC7BDAEC35B}) (Version: - AIM)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DynoLog (HKLM\...\ST5UNST #1) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FastStone Image Viewer 4.1 (HKLM\...\FastStone Image Viewer) (Version: 4.1 - FastStone Soft)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-484763869-573735546-839522115-1004\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS ) (HKLM\...\Rocket Division Software Grab & Burn_is1) (Version: - Rocket Division Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
HP Integrated Wireless LAN W400-W500 Driver (HKLM\...\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}) (Version: - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InterVideo DVD Check (HKLM\...\{5D97A4A7-C274-4B63-86D9-07A33435F505}) (Version: - )
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.662 - InterVideo Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.06.002.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (Version: 2.03.06.002.14 - Novatel Wireless) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA nForce Drivers (HKLM\...\NVIDIA nForce Drivers) (Version: - )
PCI 1620 Cardbus Controller and Software (HKLM\...\InstallShield_{B1E8784B-A465-4A00-8D5D-E694A1D34A98}) (Version: 1.02.0008 - Texas Instruments Inc)
PrivaZer (HKLM\...\PrivaZer) (Version: 2.32.0.0 - Goversoft LLC)
Quick Launch Buttons 5.10 B5 (HKLM\...\{CEB326EC-8F40-47B2-BA22-BB092565D66F}) (Version: 5.10 B5 - Hewlett-Packard Company)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup (HKLM\...\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason Core Security (HKLM\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.4 - Hewlett-Packard)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4010 - Analog Devices)
TI1620/1520 (Version: 1.02.0008 - Texas Instruments Inc) Hidden
Toolwiz Smart Defrag 2011 (HKLM\...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
Verizon Wireless MiFi-2200 Firmware Updates (HKLM\...\{6BC271BA-C4ED-4BDA-8D80-437C0919F3E6}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
VZAccess Manager (HKLM\...\{195F69A5-A4A0-421C-AC4B-2B2471C34037}) (Version: 7.0.10.1 - Smith Micro Software Inc.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Xvid 1.2.1 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-484763869-573735546-839522115-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1259\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-484763869-573735546-839522115-1004_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

==================== Restore Points =========================

01-06-2015 18:40:20 Software Distribution Service 3.0
02-06-2015 21:43:14 Software Distribution Service 3.0
03-06-2015 22:39:12 Software Distribution Service 3.0
05-06-2015 21:37:39 System Checkpoint
06-06-2015 19:57:32 Software Distribution Service 3.0
08-06-2015 19:25:26 Software Distribution Service 3.0
10-06-2015 18:31:55 Software Distribution Service 3.0
10-06-2015 18:56:09 Software Distribution Service 3.0
11-06-2015 19:22:46 Software Distribution Service 3.0
12-06-2015 20:25:27 Software Distribution Service 3.0
13-06-2015 20:25:52 System Checkpoint
13-06-2015 21:19:27 Software Distribution Service 3.0
14-06-2015 23:17:35 System Checkpoint
15-06-2015 19:41:52 Software Distribution Service 3.0
16-06-2015 21:44:35 Software Distribution Service 3.0
17-06-2015 22:31:22 System Checkpoint
18-06-2015 07:01:33 Software Distribution Service 3.0
18-06-2015 19:54:50 Software Distribution Service 3.0
18-06-2015 20:56:02 Software Distribution Service 3.0
18-06-2015 21:37:08 Software Distribution Service 3.0
19-06-2015 22:41:59 System Checkpoint
20-06-2015 21:00:26 Software Distribution Service 3.0
21-06-2015 22:11:02 Software Distribution Service 3.0
22-06-2015 23:03:36 System Checkpoint
23-06-2015 20:06:53 Software Distribution Service 3.0
24-06-2015 21:27:58 System Checkpoint
25-06-2015 22:16:44 Software Distribution Service 3.0
27-06-2015 07:33:15 Software Distribution Service 3.0
27-06-2015 08:07:54 Software Distribution Service 3.0
28-06-2015 02:18:33 Software Distribution Service 3.0
28-06-2015 21:59:25 Restore point
29-06-2015 19:57:17 Software Distribution Service 3.0
01-07-2015 21:50:38 Software Distribution Service 3.0
01-07-2015 22:13:41 Removed Java™ 6 Update 18
02-07-2015 07:01:09 Installed Windows XP KB951830.
02-07-2015 07:03:15 Installed Windows XP KB953155.
02-07-2015 07:04:42 Installed Windows XP KB982316.
02-07-2015 07:06:08 Installed Windows XP KB943232-v2.
02-07-2015 07:07:43 Installed Windows XP KB2660649.
02-07-2015 22:14:41 Installed Windows KB954550-v5.
02-07-2015 22:15:12 Printer Driver Microsoft XPS Document Writer Installed
02-07-2015 22:15:48 Printer Driver Microsoft XPS Document Writer Installed
03-07-2015 14:56:59 Installed Crystal Security
04-07-2015 03:01:01 Software Distribution Service 3.0
05-07-2015 04:26:37 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-12-18 18:49 - 2015-07-04 18:25 - 00002022 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com

There are 5 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\User\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReasonSecurityScheduledScan.job => C:\Program Files\Reason\Security\rsUI.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-01 22:23 - 2015-07-01 11:17 - 00087664 ____C () C:\Program Files\360\Total Security\deepscan\qutmload.dll
2003-03-31 15:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2003-03-31 15:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-07-02 22:37 - 2015-07-02 22:37 - 00164600 ____C () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-07-02 22:37 - 2015-07-02 22:37 - 00402168 ____C () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2005-07-12 01:17 - 2005-07-12 01:17 - 00045056 ____C () C:\Program Files\America Online 9.0\zlib.dll
2005-07-12 01:17 - 2005-07-12 01:17 - 00053248 ____C () C:\Program Files\America Online 9.0\xmlparse.dll
2005-07-12 01:17 - 2005-07-12 01:17 - 00081920 ____C () C:\Program Files\America Online 9.0\xmltok.dll
2015-07-01 22:23 - 2015-07-01 11:17 - 00559224 ____C () C:\Program Files\360\Total Security\safemon\wdui2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-484763869-573735546-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 64.233.214.34 - 64.233.214.41

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AGRSMMSG => AGRSMMSG.exe
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files\America Online 9.0\AOL.EXE" -b
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: AvgRemover => C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\BLTCQJ00\avg_remover_stf_x86_2014_4116[1].exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2014\" /avgdatadir="C:\Documents and Settings\All Users\Application Data\AVG2014\" /ndis_nextstep=4
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: eabconfg.cpl => C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
MSCONFIG\startupreg: FlashPlayerUpdate => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe -update activex
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1272831129\EE\AOLHostManager.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\1CPYSH1D\360TS_Setup_Mini[1].exe] => C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\1CPYSH1D\360TS_Setup_Mini[1].exe:*:Enabled:360 Total Security Online Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\360\Total Security\LiveUpdate360.exe] => Enabled:LiveUpdate360
StandardProfile\AuthorizedApplications: [C:\Program Files\360\Total Security\safemon\QHSafeTray.exe] => Enabled:360 Total Security
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2015 01:50:47 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: Open of service failed.

Error: (07/03/2015 05:16:08 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 crystal security.exe, P2 1.0.0.0, P3 5572df28, P4 system.windows.forms, P5 2.0.0.0, P6 4889dee7, P7 1521, P8 12f, P9 clr20r30, P10 clr20r31.

Error: (06/29/2015 09:27:46 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.5.216.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (06/29/2015 07:35:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application PrivaZer.exe, version 2.32.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (07/05/2015 10:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 09:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 08:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 07:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 06:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 05:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 04:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 03:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 02:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (07/05/2015 01:47:00 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office:
=========================
Error: (07/04/2015 01:50:47 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description:

Error: (07/03/2015 05:16:08 PM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3crystal security.exe1.0.0.05572df28system.windows.forms2.0.0.04889dee7152112fsystem.io.filenotfoundexceptionNIL

Error: (06/29/2015 09:27:46 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.5.216.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (06/29/2015 07:35:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PrivaZer.exe2.32.0.0hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: AMD Athlon™ 64 Processor 3200+
Percentage of memory in use: 50%
Total physical RAM: 766.98 MB
Available physical RAM: 380.12 MB
Total Virtual: 2768.62 MB
Available Virtual: 2354.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.25 GB) (Free:11.81 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 3940393F)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of log ============================

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 10 July 2015 - 04:18 PM

Greetings WILD RACING and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

Move FRST.exe onto your Desktop or if you'd like download it a second time to that location.
 

Running from C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\C2ZF3Z0T


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-18\...\RunOnce: [Del177584843] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} 
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S2 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
C:\WINDOWS\Tasks\At1.job
2015-06-29 19:34 - 2015-06-29 19:34 - 0001975 ____C () C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0
2011-12-07 16:41 - 2011-12-07 16:51 - 0011000 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4
2011-12-12 11:57 - 2011-12-12 11:57 - 0001418 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361
2011-12-11 08:07 - 2011-12-11 08:07 - 0001154 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c
2011-12-09 09:57 - 2011-12-09 09:57 - 0001140 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
2011-08-19 00:11 - 2011-08-19 00:11 - 0000000 ____C () C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1}
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\User\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 10 July 2015 - 09:30 PM

Thanks for helping. My name is Bill. I work days so most of my posting during the week will be later in the evening but I will always keep you updated.

I'm about to run the FRST fix now.

I will post back when I have that done or run into any issues.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 10 July 2015 - 09:31 PM

Very good Bill, thanks and welcome.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 10 July 2015 - 10:08 PM

I ran the FRST fix. At least I think it ran.

When the computer restarted all looked like it was going well untill I got the blue death screen

So I pressed the power button untill it shut down and retarted. It restarted fine but the Run as current user pop up is still showing up


Here's the log from the desktop.......

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by User at 2015-07-10 22:47:01 Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKU\S-1-5-18\...\RunOnce: [Del177584843] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S2 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
C:\WINDOWS\Tasks\At1.job
2015-06-29 19:34 - 2015-06-29 19:34 - 0001975 ____C () C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0
2011-12-07 16:41 - 2011-12-07 16:51 - 0011000 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4
2011-12-12 11:57 - 2011-12-12 11:57 - 0001418 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361
2011-12-11 08:07 - 2011-12-11 08:07 - 0001154 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c
2011-12-09 09:57 - 2011-12-09 09:57 - 0001140 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
2011-08-19 00:11 - 2011-08-19 00:11 - 0000000 ____C () C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1}
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\User\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
emptytemp:
*****************
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del177584843 => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\CLSID\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} => not found.
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
cpuz134 => Service removed successfully.
IntelIde => Service removed successfully.
mbamchameleon => Service removed successfully.
ScsiPort => Service removed successfully.
TlntSvr => Service removed successfully.
C:\WINDOWS\Tasks\At1.job => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1} => moved successfully.
C:\WINDOWS\Tasks\At1.job not found.
EmptyTemp: => 302.4 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 22:48:15 ====

Edited by Oh My!, 10 July 2015 - 10:10 PM.


#6 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 10 July 2015 - 10:11 PM

 Not sure why that posted so small. 

 

I got the blue death screen when the computer restarted and the run as current user popup still appeared

 

Here's the log again.....

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by User at 2015-07-10 22:47:01 Run:1
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User (Available Profiles: User & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-18\...\RunOnce: [Del177584843] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
S3 cpuz134; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
S2 mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
C:\WINDOWS\Tasks\At1.job
2015-06-29 19:34 - 2015-06-29 19:34 - 0001975 ____C () C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0
2011-12-07 16:41 - 2011-12-07 16:51 - 0011000 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4
2011-12-12 11:57 - 2011-12-12 11:57 - 0001418 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361
2011-12-11 08:07 - 2011-12-11 08:07 - 0001154 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c
2011-12-09 09:57 - 2011-12-09 09:57 - 0001140 __SHC () C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k
2011-08-19 00:11 - 2011-08-19 00:11 - 0000000 ____C () C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1}
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\User\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
emptytemp:
*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Del177584843 => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-484763869-573735546-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\CLSID\BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\54a7vk3y.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} => not found.
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
cpuz134 => Service removed successfully.
IntelIde => Service removed successfully.
mbamchameleon => Service removed successfully.
ScsiPort => Service removed successfully.
TlntSvr => Service removed successfully.
C:\WINDOWS\Tasks\At1.job => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\00000000000000000000000.0x0 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\650848e6c536r875f682c4yse3n4 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\7x16sp6q23q361 => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\akftxf8s3buy4ral4dcn6i100y7c => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\klkseh2u8osn0otj2lxs4a878h7k => moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\{1A138341-CBA9-452B-AB8F-B48185D67DE1} => moved successfully.
C:\WINDOWS\Tasks\At1.job not found.
EmptyTemp: => 302.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 22:48:15 ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 10 July 2015 - 10:24 PM

OK, right click on the Task Bar and select Task Manager. Click Processes. Look under the User Name column and identify any entries saying RunAs.

Let me know what you find, if anything.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 10 July 2015 - 10:34 PM

None of them do.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 10 July 2015 - 10:50 PM

Thanks, I am assuming your pop up identifies the "User" Account name.

BTW, please see the information in my first post about how to Follow the Topic so you will be notified when I have replied.

Please do this.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 10 July 2015 - 11:04 PM

I just wanted to let you know I am ending for the evening but will be back online in the morning. A couple of things. If you disable your antivirus program but Combofix continues to warn you it is running run Combofix anyway.

Are you getting the RunAs pop up when you log in, when you try to launch a program, or......
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 11 July 2015 - 01:04 PM

Gonna have to try running combofix the second way you described.  Tried the first and it freezes up the computer when the 10 minute scan screen comes up.  So much so that the mouse doesn't move and even the clock stays at the time it freezes.

 

The Run As pop up appears everytime I start the computer.  Also, it seems that more and more I get the blue death screen on the first attempt of booting up.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 11 July 2015 - 01:13 PM

Hold off on Combofix for a bit and do this instead.

===================================================

Uploading Minidump Files

--------------------
  • Press the Windows Key + E at the same time then navigate to the following location:

C:\WINDOWS\Minidump

  • If they exist, upload the last 3 most recently dated files here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded files

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 11 July 2015 - 01:27 PM

Says I got it.  Only one it looked like.

 

GOttat go work in the garage for a while so I'll check back in a little later.

 

Thanks Gary.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:17 PM

Posted 11 July 2015 - 01:37 PM

No problem on the delay, please do this when you get a chance.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 WILD RACING

WILD RACING
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:17 AM

Posted 11 July 2015 - 07:37 PM

I tried the msinfo32 but go and error message that said windows could not find the file.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users