Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU usage 100% - cmd.exe, msiexec.exe, notepad.exe all open


  • This topic is locked This topic is locked
11 replies to this topic

#1 Sevenel

Sevenel

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 10 July 2015 - 10:14 AM

Hello, long time no see...thankfully!
As I was sitting on my couch yesterday, I noticed the fan in my computer was getting VERY loud. As I check the Task Manager, I noticed my CPU usage was at 100% and the computer was dragging. There are about 6 "cmb.exe"s open, about 4 "msiexec.exe"s open, and a notepad.exe. I try to close them and they just come right back. They start up immediately when restarting the computer. I ran Malware Bytes and it found about 7 infections and deleted them, but it didn't fix it. I do notice that when I run it in Safe Mode without Networking, they don't pop up (however, explorer.exe has a LOT of memory usage and it's still slow). When I open in Safe Mode w/ Netorking, they pop up again, so that worries me. I did try searching for similar topics, and came across a few, but the solutions were all different, so I thought I'd start my own.
 
Please take a look at my logs and reply when you can. Thanks for all you do in advance! I did run this in Safe Mode if that matters...the computer is so slow, it wouldn't even open the .exe file to install it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2015
Ran by Troy (administrator) on HOME-2A733F591F on 10-07-2015 10:43:27
Running from C:\Documents and Settings\Troy\Desktop
Loaded Profiles: Troy (Available Profiles: Troy)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-09] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [Windstream_McciTrayApp] => C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe [2115072 2015-06-30] (Alcatel-Lucent)
HKLM\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-299502267-1284227242-839522115-1003\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Troy\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c221492b0a5d47d6adffd16fb4af823f-6048fe619b414becfcc3ad241f25f1b67516ff1e /CMPID=1113 (the data entry has 1 more characters).
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2010-12-30]
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-299502267-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
HKU\S-1-5-21-299502267-1284227242-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {3EB01910-7700-44A0-8BA9-284D6555672A} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {4CA49F2D-938B-46CB-B7EB-CE05C5C7167A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {5EFE8722-4858-415D-87C5-520CF95538A9} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {BA57E160-EA61-45DD-AB97-70484BF5D219} URL = http://delicious.com/search?p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23] (Yahoo! Inc.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293737178578
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FF4AED9-D082-445D-8F39-0465F409009C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56941255-5141-40C5-88C4-882B85A793C8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{90431DA0-7F5D-484F-A798-FF8ACD2A1C82}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9311887-D36C-4F3E-9016-A1C66F9B3286}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\rw52s4sa.default-1398629176046
FF SelectedSearchEngine: Yahoo
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-07] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2012-09-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll No File
FF Plugin: @Motive.com/NpMotive,version=1.1 -> C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\npMotive.dll [2015-06-30] (Windstream Communications)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2014-09-11] (Windstream)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-09] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-10-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-10-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-09] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-299502267-1284227242-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Troy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2012-05-11] (Unity Technologies ApS)
FF Extension: Windstream Extension - C:\Program Files\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-06-09]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-08-23]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-02]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-18]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-09]
FF HKU\S-1-5-21-299502267-1284227242-839522115-1003\...\Firefox\Extensions: [{E4D1CF9F-F333-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Troy\Local Settings\Application Data\{E4D1CF9F-F333-11E1-8270-B8AC6F996F26}
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-09]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-28]
CHR Extension: (Google Drive) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-28]
CHR Extension: (YouTube) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-28]
CHR Extension: (Google Search) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-28]
CHR Extension: (Windstream Extension) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2015-01-02]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-04-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Troy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-28]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-08-31]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2014-12-26]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\...\Chrome\Extension: [plbchhheadikfkckdpjghciknmlfkfcj] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S2 IAANTMon; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [86140 2005-06-17] (Intel Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-04] (Oracle Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
S2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2014-10-20] (Alcatel-Lucent) [File not signed]
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S2 Windstream MAHostService; C:\Program Files\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe [321024 2015-06-30] (Alcatel-Lucent) [File not signed]
S2 WSWNDA3100; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-06-04] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 BCMH43XX; C:\WINDOWS\System32\DRIVERS\bcmwlhigh5.sys [632576 2009-05-05] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-22] (Adaptec, Inc.) [File not signed]
S3 ctdvda2k; C:\WINDOWS\System32\drivers\ctdvda2k.sys [340704 2005-07-13] (Creative Technology Ltd)
S1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
S3 bvrp_pci; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 10:43 - 2015-07-10 10:43 - 00020981 _____ C:\Documents and Settings\Troy\Desktop\FRST.txt
2015-07-10 10:43 - 2015-07-10 10:43 - 00000000 ____D C:\FRST
2015-07-09 15:40 - 2015-07-09 15:40 - 02112512 _____ (Farbar) C:\Documents and Settings\Troy\Desktop\FRST64.exe
2015-07-09 15:38 - 2015-07-09 15:38 - 01636352 _____ (Farbar) C:\Documents and Settings\Troy\Desktop\FRST.exe
2015-07-09 14:44 - 2015-07-09 14:44 - 00001597 _____ C:\AdwCleaner[S2].txt
2015-07-09 14:43 - 2015-07-09 14:44 - 00001380 _____ C:\AdwCleaner[R2].txt
2015-07-09 14:41 - 2015-07-09 14:41 - 00000000 ____D C:\WINDOWS\CSC
2015-07-09 14:07 - 2015-07-09 14:58 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 12:22 - 2015-07-09 12:22 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-09 12:21 - 2015-07-09 12:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-09 12:20 - 2015-07-09 12:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-09 12:20 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-09 12:20 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-09 12:13 - 2015-07-09 12:15 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{DB3C4174-4971-4588-828E-E1479B90D5D2}
2015-07-09 12:13 - 2015-07-09 12:14 - 00000000 ___HD C:\13c933c6
2015-07-09 09:38 - 2015-07-09 11:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-30 10:20 - 2015-06-30 10:20 - 00000000 ____D C:\Documents and Settings\Troy\Local Settings\Application Data\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 10:43 - 2012-09-14 23:27 - 00000000 ____D C:\Documents and Settings\Troy\Local Settings\temp
2015-07-09 18:01 - 2013-01-28 00:57 - 00000216 _____ C:\WINDOWS\wiadebug.log
2015-07-09 18:01 - 2010-12-30 15:14 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2015-07-09 18:01 - 2010-12-30 15:14 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2015-07-09 18:01 - 2010-12-30 13:40 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-09 18:01 - 2010-12-30 13:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-09 18:01 - 2010-12-30 13:36 - 02035312 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-09 17:59 - 2010-12-30 13:42 - 00000178 ___SH C:\Documents and Settings\Troy\ntuser.ini
2015-07-09 17:44 - 2010-12-30 17:05 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job
2015-07-09 17:43 - 2014-12-26 18:28 - 00000000 ____D C:\Program Files\Windstream Support Center
2015-07-09 17:43 - 2013-01-28 00:57 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-09 17:43 - 2012-12-23 00:14 - 00000284 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1284227242-839522115-1003.job
2015-07-09 17:43 - 2012-12-23 00:14 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job
2015-07-09 17:43 - 2010-12-30 14:03 - 00029204 _____ C:\WINDOWS\system32\nvapps.xml
2015-07-09 17:42 - 2014-04-28 14:33 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 17:42 - 2014-03-20 08:18 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-09 15:37 - 2010-12-30 13:34 - 00000000 ____D C:\WINDOWS\Registration
2015-07-09 14:50 - 2011-04-03 20:05 - 00000000 ____D C:\WINDOWS\pss
2015-07-09 14:23 - 2014-07-17 01:14 - 00000000 ____D C:\Documents and Settings\Troy\Desktop\SD Card
2015-07-09 14:18 - 2012-12-12 19:50 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-07-09 14:14 - 2014-04-28 14:33 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 12:23 - 2011-04-27 15:26 - 00000000 ____D C:\Documents and Settings\Troy\Application Data\Malwarebytes
2015-07-09 12:20 - 2011-04-27 15:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-07-09 12:14 - 2014-10-23 10:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-07-09 11:16 - 2012-07-06 02:02 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-07-09 09:38 - 2012-04-04 19:41 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-09 09:38 - 2011-05-14 22:19 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-09 09:17 - 2010-12-30 14:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-09 09:15 - 2014-04-28 14:34 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-07-09 09:14 - 2011-01-29 00:28 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{4329069A-581F-41BE-8FCA-B3AC526EE1A0}.job
2015-07-09 09:11 - 2015-06-09 10:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-09 09:11 - 2012-05-25 21:43 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-09 09:11 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-07 10:48 - 2014-06-06 00:17 - 00000000 ____D C:\Documents and Settings\Troy\Application Data\vlc
2015-07-07 09:11 - 2014-09-23 20:45 - 00000000 ____D C:\Documents and Settings\Troy\Local Settings\Application Data\Adobe
2015-07-07 09:10 - 2013-01-09 18:18 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-07 09:10 - 2011-06-18 23:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-07 09:06 - 2012-02-23 23:53 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 09:06 - 2012-02-23 23:53 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-07-01 08:23 - 2014-12-26 18:28 - 00002404 _____ C:\Documents and Settings\All Users\Desktop\Windstream Support Center.lnk
2015-07-01 08:23 - 2014-12-26 18:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Motive
2015-07-01 08:21 - 2014-12-26 18:27 - 00000000 ____D C:\Program Files\Common Files\Motive
2015-06-30 10:23 - 2014-10-23 10:34 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-30 10:23 - 2014-03-31 09:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-30 10:23 - 2012-09-18 17:35 - 00287394 _____ C:\WINDOWS\setupapi.log
2015-06-18 23:07 - 2014-01-07 00:15 - 00002040 _____ C:\WINDOWS\wmsetup.log
2015-06-14 22:43 - 2010-12-30 20:45 - 00222720 _____ C:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-10 09:23 - 2013-08-14 21:12 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 09:10 - 2010-12-30 15:34 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2010-12-30 20:45 - 2015-06-14 22:43 - 0222720 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-11 00:48 - 2012-08-11 00:48 - 0027520 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\dt.dat
2010-12-30 13:45 - 2010-12-30 13:45 - 0000127 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\fusioncache.dat
2012-08-31 02:21 - 2012-09-05 19:48 - 0000000 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ

Some files in TEMP:
====================
C:\Documents and Settings\Troy\Local Settings\temp\DivXSetup.exe
C:\Documents and Settings\Troy\Local Settings\temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\Troy\Local Settings\temp\install_flash_player_18_active_x.exe
C:\Documents and Settings\Troy\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Troy\Local Settings\temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\Troy\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.4-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
\Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by Troy at 2015-07-10 10:44:54
Running from C:\Documents and Settings\Troy\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-299502267-1284227242-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-299502267-1284227242-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-299502267-1284227242-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-299502267-1284227242-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-299502267-1284227242-839522115-1002 - Limited - Disabled)
Troy (S-1-5-21-299502267-1284227242-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Troy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Parental Control (HKLM\...\InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}) (Version: 1.0.0.1 - ATI Technologies)
ATI Parental Control (Version: 1.0.0.1 - ATI Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Commander Keen Complete Pack (HKLM\...\Steam App 9180) (Version: - id Software)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Creative MediaSource (HKLM\...\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}) (Version: 3.00 - )
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.5 - DivX, LLC)
DOOM II: Hell on Earth (HKLM\...\Steam App 2300) (Version: - id Software)
Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
Final DOOM (HKLM\...\Steam App 2290) (Version: - id Software)
Garmin City Navigator North America NT 2013.10 Update (HKLM\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
Heretic: Shadow of the Serpent Riders (HKLM\...\Steam App 2390) (Version: - Raven Software)
HeXen: Beyond Heretic (HKLM\...\Steam App 2360) (Version: - Raven Software)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Master Levels for DOOM II (HKLM\...\Steam App 9160) (Version: - id Software)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MyTomTom 3.2.0.1116 (HKLM\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.0.0.133 - NETGEAR)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )
Quake (HKLM\...\Steam App 2310) (Version: - id Software)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Radialpoint Servicepoint Dashboard Extensions version 14.11.5.45116 (HKLM\...\RadialpointServicepointDashboardExtensions_is1) (Version: 14.11.5.45116 - )
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Secunia PSI (2.0.0.3003) (HKLM\...\Secunia PSI) (Version: - )
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4600.0 - SigmaTel)
Skulltag (HKLM\...\Skulltag) (Version: 98d - Skulltag)
SMPlayer 14.9.0.6812 (HKLM\...\SMPlayer) (Version: 14.9.0.6812 - Ricardo Villalba)
Sound Blaster X-Fi (HKLM\...\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Ultimate DOOM (HKLM\...\Steam App 2280) (Version: - id Software)
Unity Web Player (HKU\S-1-5-21-299502267-1284227242-839522115-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell™ 1.0 (HKLM\...\PowerShell) (Version: 1 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windstream Support Center (HKLM\...\Windstream-Windstream Support Center) (Version: 9.0.1.51 - Windstream Communications)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Wolfenstein 3D (HKLM\...\Steam App 2270) (Version: - id Software)
Wolfenstein 3D: Spear of Destiny (HKLM\...\Steam App 9000) (Version: - id Software)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - )
Zandronum (HKLM\...\Zandronum) (Version: 1.0 - Zandronum)
ZDaemon (remove only) (HKLM\...\ZDaemon) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-299502267-1284227242-839522115-1003_Classes\CLSID\{3524C287-A22F-4AFE-8EB2-632A0F5EF905}\InprocServer32 -> C:\Documents and Settings\All Users\Application Data\{DB3C4174-4971-4588-828E-E1479B90D5D2}\localui.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-299502267-1284227242-839522115-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\Troy\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 07:00 - 2012-09-14 23:24 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1284227242-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1284227242-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{4329069A-581F-41BE-8FCA-B3AC526EE1A0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C76EDAC3

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-299502267-1284227242-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\network diagnostic\xpnetdiag.exe] => Enabled:Network Diagnostic for Windows XP
StandardProfile\AuthorizedApplications: [C:\Program Files\Zandronum\zandronum.exe] => Enabled:Zandronum
StandardProfile\AuthorizedApplications: [C:\ZDaemon\zlauncher.exe] => Enabled:ZDaemon Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Quake\Winquake.exe] => Enabled:Quake
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Quake\qwcl.exe] => Enabled:Quake
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Quake\Glquake.exe] => Enabled:Quake
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Quake\glqwcl.exe] => Enabled:Quake
StandardProfile\AuthorizedApplications: [C:\Program Files\Skulltag\skulltag.exe] => Enabled:Skulltag
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Spear of Destiny\base\dosbox.exe] => Enabled:Wolfenstein 3D: Spear of Destiny
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\Hexen\base\dosbox.exe] => Enabled:HeXen: Beyond Heretic
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2015 06:00:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/09/2015 06:00:52 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/09/2015 06:00:48 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (07/09/2015 09:55:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [dllhost.exe!ws!]

Error: (07/09/2015 09:14:58 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/09/2015 09:14:57 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/09/2015 09:14:52 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.

Error: (07/07/2015 11:48:15 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/07/2015 11:48:14 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (07/07/2015 11:48:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.


System errors:
=============
Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
Avgtdix
ElRawDisk
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:43:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (07/10/2015 10:42:53 AM) (Source: DCOM) (EventID: 10005) (User: HOME-2A733F591F)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (07/10/2015 10:42:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office:
=========================
Error: (07/09/2015 06:00:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/09/2015 06:00:52 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (07/09/2015 06:00:48 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (07/09/2015 09:55:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe5.1.2600.55120.0.0.000000000

Error: (07/09/2015 09:14:58 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/09/2015 09:14:57 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (07/09/2015 09:14:52 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (07/07/2015 11:48:15 AM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (07/07/2015 11:48:14 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (07/07/2015 11:48:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)


==================== Memory info ===========================

Processor: Intel® Pentium® D CPU 3.00GHz
Percentage of memory in use: 24%
Total physical RAM: 1022.09 MB
Available physical RAM: 772.25 MB
Total Virtual: 2461.25 MB
Available Virtual: 2352.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.16 GB) (Free:531.02 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 14A014A0)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 13 July 2015 - 08:48 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 13 July 2015 - 08:54 AM

Greetings Sevenel and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this and if necessary do so in Safe Mode.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-299502267-1284227242-839522115-1003\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Troy\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c221492b0a5d47d6adffd16fb4af823f-6048fe619b414becfcc3ad241f25f1b67516ff1e /CMPID=1113 (the data entry has 1 more characters).
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {5EFE8722-4858-415D-87C5-520CF95538A9} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {BA57E160-EA61-45DD-AB97-70484BF5D219} URL = http://delicious.com/search?p={searchTerms}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-09]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-08-31]
S3 bvrp_pci; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
2015-07-09 12:13 - 2015-07-09 12:15 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{DB3C4174-4971-4588-828E-E1479B90D5D2}
2015-07-09 12:13 - 2015-07-09 12:14 - 00000000 ___HD C:\13c933c6
2012-08-31 02:21 - 2012-09-05 19:48 - 0000000 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
C:\Documents and Settings\Troy\Local Settings\temp\DivXSetup.exe
C:\Documents and Settings\Troy\Local Settings\temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\Troy\Local Settings\temp\install_flash_player_18_active_x.exe
C:\Documents and Settings\Troy\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Troy\Local Settings\temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\Troy\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.4-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.2.1-win32.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C76EDAC3
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • Junkware log
  • System Summary Information

Edited by Oh My!, 13 July 2015 - 08:55 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 13 July 2015 - 09:03 AM

I see that you are online so I just wanted to let you know I will be away from my computer for a few hours but you can anticipate my reply to your reply upon my return. :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Sevenel

Sevenel
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 13 July 2015 - 03:12 PM

Hi Gary! Thanks for helping me out! Name's Troy by the way.

 

Here's what you requested. I probably won't respond until tomorrow as I'm tied up in the evenings. Just so ya know! Thanks for being patient.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2015
Ran by Troy at 2015-07-13 15:24:51 Run:1
Running from C:\Documents and Settings\Troy\Desktop
Loaded Profiles: Troy (Available Profiles: Troy)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
HKU\S-1-5-21-299502267-1284227242-839522115-1003\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Troy\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=c221492b0a5d47d6adffd16fb4af823f-6048fe619b414becfcc3ad241f25f1b67516ff1e /CMPID=1113 (the data entry has 1 more characters).
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {5EFE8722-4858-415D-87C5-520CF95538A9} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-1284227242-839522115-1003 -> {BA57E160-EA61-45DD-AB97-70484BF5D219} URL = http://delicious.com/search?p={searchTerms}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Windstream Support Center\9.0.0.209\ma\bin\npMotive.dll No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-09]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ [2012-08-31]
S3 bvrp_pci; No ImagePath
S4 IntelIde; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
2015-07-09 12:13 - 2015-07-09 12:15 - 00000000 ___HD C:\Documents and Settings\All Users\Application Data\{DB3C4174-4971-4588-828E-E1479B90D5D2}
2015-07-09 12:13 - 2015-07-09 12:14 - 00000000 ___HD C:\13c933c6
2012-08-31 02:21 - 2012-09-05 19:48 - 0000000 _____ () C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
C:\Documents and Settings\Troy\Local Settings\temp\DivXSetup.exe
C:\Documents and Settings\Troy\Local Settings\temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\Troy\Local Settings\temp\install_flash_player_18_active_x.exe
C:\Documents and Settings\Troy\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Troy\Local Settings\temp\pcDesktopAlertNotifierX.dll
C:\Documents and Settings\Troy\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.4-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.2.1-win32.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C76EDAC3
*****************

HKU\S-1-5-21-299502267-1284227242-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5EFE8722-4858-415D-87C5-520CF95538A9}" => key removed successfully.
HKCR\CLSID\{5EFE8722-4858-415D-87C5-520CF95538A9} => key not found.
"HKU\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BA57E160-EA61-45DD-AB97-70484BF5D219}" => key removed successfully.
HKCR\CLSID\{BA57E160-EA61-45DD-AB97-70484BF5D219} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully.
"HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => key removed successfully.
C:\Program Files\mozilla firefox\defaults\pref\itms.js => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\./0123456789:;<=>?@ABCDEFGHIJKLM" => key removed successfully.
C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ => moved successfully.
bvrp_pci => Service removed successfully.
IntelIde => Service removed successfully.
MREMPR5 => Service removed successfully.
MRENDIS5 => Service removed successfully.
C:\Documents and Settings\All Users\Application Data\{DB3C4174-4971-4588-828E-E1479B90D5D2} => moved successfully.
C:\13c933c6 => moved successfully.
"C:\Documents and Settings\Troy\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ" => File/Folder not found.
C:\Documents and Settings\Troy\Local Settings\temp\DivXSetup.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\DWPUpgradeInstaller.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\install_flash_player_18_active_x.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\lowproc.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\pcDesktopAlertNotifierX.dll => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\stubhelper.dll => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.4-win32.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.0.5-win32.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.1.5-win32.exe => moved successfully.
C:\Documents and Settings\Troy\Local Settings\temp\vlc-2.2.1-win32.exe => moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":7631EA83" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":C76EDAC3" ADS removed successfully..

==== End of Fixlog 15:27:24 ====

 

 

 

 

 

 

ComboFix 15-07-12.01 - Troy 07/13/2015  15:34:15.5.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.493 [GMT -4:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2015-06-13 to 2015-07-13  )))))))))))))))))))))))))))))))
.
.
2015-07-10 14:43 . 2015-07-13 19:27    --------    d-----w-    C:\FRST
2015-07-09 18:07 . 2015-07-09 18:58    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-09 16:20 . 2015-07-09 16:21    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2015-07-09 16:20 . 2015-04-14 13:37    120024    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-07-09 16:20 . 2015-04-14 13:37    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-06-30 14:20 . 2015-06-30 14:20    --------    d-----w-    c:\documents and settings\Troy\Local Settings\Application Data\Avg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-09 13:38 . 2012-04-04 23:41    778416    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2015-07-09 13:38 . 2011-05-15 02:19    142512    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 13:57 . 2014-06-17 20:17    213472    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2015-05-14 17:49 . 2011-12-23 17:32    29664    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2015-05-12 18:46 . 2010-11-12 18:19    213984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2015-05-12 18:45 . 2012-04-19 08:50    190944    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2015-05-12 18:45 . 2010-09-07 08:48    169440    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2015-05-07 17:52 . 2012-08-09 17:56    290272    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2015-04-15 17:05 . 2010-12-08 09:12    206816    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-06-16 3727824]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-09 295512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"Windstream_McciTrayApp"="c:\program files\Windstream Support Center\9.0.1.51\ma\bin\pcTrayApp.exe" [2015-06-30 2115072]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-12-30 3272704]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]
2013-09-19 12:47    1093976    ----a-w-    c:\program files\Garmin\Express Tray\ExpressTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-01-17 20:24    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-09 23:11    295512    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Zandronum\\zandronum.exe"=
"c:\\ZDaemon\\zlauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Quake\\Winquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Quake\\qwcl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Quake\\Glquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Quake\\glqwcl.exe"=
"c:\\Program Files\\Skulltag\\skulltag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Spear of Destiny\\base\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Hexen\\base\\dosbox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 190944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 35808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 213984]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 290272]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 4:06 PM 132576]
S1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [6/17/2014 4:17 PM 213472]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 29664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 206816]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [6/23/2014 8:22 PM 22312]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6/16/2015 5:21 PM 3461072]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6/16/2015 5:13 PM 312816]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [9/19/2013 8:46 AM 250200]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416]
S2 Windstream MAHostService;Windstream MAHostService;c:\program files\Windstream Support Center\9.0.1.51\ma\bin\MAHostService.exe [6/30/2015 3:29 PM 321024]
S2 WSWNDA3100;WSWNDA3100;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [12/30/2010 2:22 PM 278528]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [12/30/2010 2:22 PM 632576]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [6/23/2014 8:35 PM 80184]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [4/23/2014 9:09 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [4/23/2014 9:09 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [4/23/2014 9:09 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [4/23/2014 9:09 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [4/23/2014 9:09 PM 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-09 13:14    991048    ----a-w-    c:\program files\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32    128512    ----a-w-    c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:38]
.
2014-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 18:32]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-28 18:32]
.
2015-07-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2015-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-18 01:59]
.
2015-07-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-07-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-299502267-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-07-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-03-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1284227242-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 21:13]
.
2015-07-13 c:\windows\Tasks\User_Feed_Synchronization-{4329069A-581F-41BE-8FCA-B3AC526EE1A0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\rw52s4sa.default-1398629176046\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-RadialpointServicepointDashboardExtensions_is1 - c:\docume~1\Troy\LOCALS~1\Temp\is-IC0P8.tmp\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-07-13 15:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2015-07-13  15:45:27 - machine was rebooted
ComboFix-quarantined-files.txt  2015-07-13 19:45
.
Pre-Run: 570,027,978,752 bytes free
Post-Run: 570,977,525,760 bytes free
.
- - End Of File - - 432D66D68B7881C1FA895863F41C60C6
8F558EB6672622401DA993E1E865C861
 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.7 (07.13.2015:1)
OS: Microsoft Windows XP x86
Ran by Troy on Mon 07/13/2015 at 15:46:46.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] yahooauservice [Reboot required]



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Documents and Settings\Troy\local settings\application data\{4f8c7ce8-ea34-9e08-7449-abc6fa3bda75}



~~~ FireFox

Emptied folder: C:\Documents and Settings\Troy\Application Data\mozilla\firefox\profiles\rw52s4sa.default-1398629176046\minidumps [2 files]



~~~ Chrome


[C:\Documents and Settings\Troy\local settings\application data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Troy\local settings\application data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Troy\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Troy\local settings\application data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/13/2015 at 15:50:14.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 13 July 2015 - 03:21 PM

Hi Troy, nice to meet you. No problem on the delay. I very much appreciate you letting me know.

 

Looks like we got some good work done there. How is the computer running?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Sevenel

Sevenel
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 July 2015 - 09:11 AM

A LOT better, thank you! Appears to be back to normal! You guys are amazing as usual. I've monitored the Task Manager and nothing is popping up, and the CPU fan is quiet. Anything we need to do further?



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 14 July 2015 - 09:22 AM

That is great to hear Troy. Yes, we have some other things to do.

I will be away from my computer for a few hours but will be right back on as soon as I return.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Sevenel

Sevenel
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 July 2015 - 10:48 AM

Emsisoft Emergency Kit - Version 10.0
Last update: 7/14/2015 11:26:03 AM
User account: HOME-2A733F591F\Troy

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/14/2015 11:27:11 AM
Value: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\YAHOOPARTNERTOOLBAR     detected: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}     detected: Application.AdReg (A)

Scanned    72195
Found    8

Scan end:    7/14/2015 11:43:29 AM
Scan time:    0:16:18

Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}    Quarantined Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\YAHOOPARTNERTOOLBAR    Quarantined Application.Win32.YTool (A)
Value: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-299502267-1284227242-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    8
 

 

 

 Results of screen317's Security Check version 1.005  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Secunia PSI (2.0.0.3003)   
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 7  
 Java version 32-bit out of Date!
 Adobe Flash Player     18.0.0.194  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.130)
 Google Chrome (43.0.2357.132)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
 

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 14 July 2015 - 12:41 PM

That looks great. :thumbsup2:

 

Are there any remaining issues or question you may have before I post some final information for you to review and consider?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Sevenel

Sevenel
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 14 July 2015 - 12:45 PM

Not at this time, everything is back to it's former self! Thank you so much for your time Gary, I really appreciate what you guys do!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 14 July 2015 - 12:58 PM

You are quite welcome Troy, it is our pleasure to help.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. Here are our final steps and some follow up information.

Please do the following to remove Combofix from your computer.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK. Note: It may appear as if Combofix is installing again but it is uninstalling. Please allow the program to run its course.

run-box.jpg


Please do the following to remove any other tools or logs from your computer

If we used Emsisoft Emergency Kit simply delete the icon on your desktop as well as the C:\EEK folder. For everything else just delete the log files or desktop icons.

----------

Some final closing thoughts and information for your consideration:

Lawrence Abrams, founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:58 PM

Posted 15 July 2015 - 09:06 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users