Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows xp problems


  • This topic is locked This topic is locked
18 replies to this topic

#1 Scottish558

Scottish558

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 January 2016 - 08:44 AM

Xp machine running slow , here is the result of FARBAR scan:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by Bob (administrator) on BOB-HOME (29-01-2016 20:47:57)
Running from C:\Documents and Settings\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Intel® Corporation) C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
() C:\WINDOWS\system32\C2MP\UpdateChecker.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files\EMET 4.1\EMET_agent.exe [88272 2014-05-28] (Microsoft Corporation)
HKLM\...\Run: [PRONoMgr.exe] => C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [86016 2003-03-11] (Intel® Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd.exe [49152 2003-08-04] (Hewlett-Packard)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2010-10-20] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2814864 2016-01-26] ()
HKLM\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2008-03-15] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-583907252-1214440339-682003330-1004\...\Run: [Codec Pack Update Checker] => C:\WINDOWS\system32\C2MP\UpdateChecker.exe [55992 2015-03-05] ()
HKU\S-1-5-21-583907252-1214440339-682003330-1004\...\MountPoints2: D - D:\autorun.exe
HKU\S-1-5-21-583907252-1214440339-682003330-1004\...\MountPoints2: {c0f48d18-fe6f-11d5-bcce-000cf19b19a1} - FIXITP~1\LAUNCH~1.EXE
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmyst.scr [18944 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-22] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
BootExecute: autocheck autochk * sdnclean.exeC:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{82DB91F1-D2FD-4E1C-ACB4-EBBC237380B4}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-583907252-1214440339-682003330-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} URL =
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2016-01-26] (AVG)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1414114738218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1414168148968
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: AVG Secure Search
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-18] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [2006-11-03] (Yahoo! Inc.)
FF user.js: detected! => C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\user.js [2014-11-20]
FF SearchPlugin: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\searchplugins\avg-secure-search.xml [2016-01-26]
FF Extension: AVG Web TuneUp - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\extensions\avg@toolbar.xpi [2016-01-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\Extensions\adblockpopups@jessehakanen.net.xpi [2015-08-15]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-01-28]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-15]
FF Extension: Adblock Plus - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-22]
FF Extension: User Agent Switcher - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-08-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-11-15] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=888596&fr=yo-yhp-ch"
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html", "chrome-extension://jjjgoniibiigbcfeipbhfcconfgmgmkc/blank.html"
CHR DefaultSearchURL: Default -> hxxp://mysearch.avg.com/search?cid={51BA58C8-0693-4472-8CB4-47D80286A10C}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-04-18 15:32:48&v=3.0.0.2&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (YouTube) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-29]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-30]
CHR Extension: (Google Search) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-29]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [659872 2015-12-09] ()
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel® Corporation) [File not signed]
S4 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [65536 2008-03-15] (New Boundary Technologies, Inc.) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2449624 2015-08-04] (AVG Technologies)
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [36568 2015-08-04] (AVG Technologies)
R2 vToolbarUpdater40.2.4; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-16] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-16] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [730092 2008-03-15] (Realtek Semiconductor Corp.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [245168 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [194992 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2013-09-10] () [File not signed]
R1 bdselfpr; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\bdselfpr.sys [135600 2015-12-09] (BitDefender LLC)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2005-07-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-07-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2005-07-07] (HP)
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1075685 2008-03-15] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [481305 2008-03-15] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [50805 2008-03-15] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [31440 2008-03-15] (Intel Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [11232 2015-11-20] ()
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [408280 2015-12-09] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [30632 2015-06-25] (TuneUp Software)
S3 WUSB54GPV4SRV; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [245376 2005-10-17] (Ralink Technology Inc.)
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120094 2008-03-15] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [96858 2008-03-15] (Intel Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 20:47 - 2016-01-29 20:48 - 00020905 _____ C:\Documents and Settings\Bob\Desktop\FRST.txt
2016-01-29 20:34 - 2016-01-29 20:47 - 00000000 ____D C:\FRST
2016-01-29 20:26 - 2016-01-29 20:27 - 01721856 _____ (Farbar) C:\Documents and Settings\Bob\Desktop\FRST.exe
2016-01-29 19:59 - 2016-01-29 19:59 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-01-21 22:14 - 2016-01-21 22:14 - 00010314 _____ C:\Documents and Settings\Bob\My Documents\VolumeC(after defrag.).txt
2016-01-18 19:58 - 2016-01-27 09:44 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2016-01-08 08:12 - 2016-01-08 18:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-06 12:22 - 2016-01-06 12:22 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2016-01-02 09:06 - 2016-01-02 09:06 - 00001812 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2016-01-02 09:06 - 2016-01-02 09:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 20:48 - 2008-03-15 15:51 - 00000000 ____D C:\Documents and Settings\Bob\Local Settings\Temp
2016-01-29 20:47 - 2014-03-26 09:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-29 20:22 - 2014-05-09 01:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 19:52 - 2015-11-29 14:38 - 00000000 ____D C:\Documents and Settings\Bob\Desktop\Antivirus programs !! (Do not delete)
2016-01-29 19:48 - 2010-10-20 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2016-01-29 19:30 - 2015-10-19 18:01 - 00000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-01-29 19:30 - 2014-10-24 23:59 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-29 19:30 - 2014-10-23 19:13 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-01-29 19:30 - 2014-05-09 01:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 19:30 - 2008-03-15 12:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 19:27 - 2008-03-15 15:50 - 00032028 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-29 19:26 - 2014-11-17 14:09 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-01-29 19:26 - 2008-03-15 15:51 - 00000178 ___SH C:\Documents and Settings\Bob\ntuser.ini
2016-01-29 19:26 - 2008-03-15 15:51 - 00000000 ____D C:\Documents and Settings\Bob
2016-01-28 17:24 - 2014-03-25 15:38 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-01-27 00:30 - 2014-10-23 19:13 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-01-26 07:24 - 2014-04-18 14:31 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-01-23 22:00 - 2014-10-24 12:47 - 00000516 _____ C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Disk Defrag Console Defragmentation.job
2016-01-22 22:29 - 2008-03-15 15:51 - 00000000 ___RD C:\Documents and Settings\Bob\My Documents
2016-01-21 22:15 - 2014-10-24 00:36 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-21 14:02 - 2015-03-01 14:04 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-21 02:13 - 2014-03-31 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2016-01-21 02:13 - 2008-03-15 07:34 - 00000000 ____D C:\WINDOWS\inf
2016-01-18 19:58 - 2011-01-01 12:47 - 00002425 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
2016-01-18 19:48 - 2008-03-17 08:48 - 00000000 ____D C:\Documents and Settings\Bob\Local Settings\Application Data\Adobe
2016-01-18 19:45 - 2012-04-12 07:34 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-18 19:45 - 2012-04-12 07:34 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-18 19:25 - 2008-03-15 07:38 - 00000239 __RSH C:\boot.ini
2016-01-18 19:25 - 2003-03-31 07:00 - 00000572 _____ C:\WINDOWS\win.ini
2016-01-18 19:25 - 2003-03-31 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-01-13 13:46 - 2014-10-25 15:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-13 13:46 - 2008-03-15 07:38 - 00165912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-13 13:46 - 2008-03-15 07:34 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-01-13 13:45 - 2008-03-15 15:58 - 00000000 ___DC C:\WINDOWS\$NtServicePackUninstall$
2016-01-13 03:11 - 2013-10-15 07:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 03:00 - 2008-03-15 17:52 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-08 15:00 - 2014-10-24 23:59 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-06 12:22 - 2015-11-28 16:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2016-01-02 09:06 - 2015-12-05 11:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-01-01 00:30 - 2014-10-23 19:13 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-12-30 10:24 - 2014-11-15 15:35 - 00000000 __SHD C:\Documents and Settings\Bob\PrivacIE
2015-12-30 10:23 - 2014-11-15 16:06 - 00000000 __SHD C:\Documents and Settings\Bob\IECompatCache
2015-12-30 08:41 - 2014-11-15 15:20 - 00000000 __SHD C:\Documents and Settings\Bob\IETldCache

==================== Files in the root of some directories =======

2015-11-18 17:42 - 2015-10-22 16:28 - 4990480 _____ (Cybertron Software Co., Ltd.                                ) C:\Program Files\privacy-eraser-setup.exe
2008-03-15 16:03 - 2004-10-01 15:00 - 0040960 _____ () C:\Program Files\Uninstall_CDS.exe
2008-03-18 17:23 - 2008-03-18 17:23 - 0000126 _____ () C:\Documents and Settings\Bob\Local Settings\Application Data\fusioncache.dat
2014-03-26 09:24 - 2014-03-26 09:24 - 0000308 _____ () C:\Documents and Settings\Bob\Local Settings\Application Data\poetsch.bat

Some files in TEMP:
====================
C:\Documents and Settings\Bob\Local Settings\Temp\avguirn_081152517497.exe
C:\Documents and Settings\Bob\Local Settings\Temp\avguirn_081492710829.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Bob (2016-01-29 20:49:53)
Running from C:\Documents and Settings\Bob\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2008-03-15 18:01:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-583907252-1214440339-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-583907252-1214440339-682003330-1005 - Limited - Enabled)
Bob (S-1-5-21-583907252-1214440339-682003330-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bob
Guest (S-1-5-21-583907252-1214440339-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-1214440339-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-583907252-1214440339-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1300 (Version: 40.0.115.000 - Hewlett-Packard) Hidden
1300_Help (Version: 40.0.115.000 -  Hewlett-Packard) Hidden
1300Tour (Version: 40.0.115.000 -  Hewlett-Packard) Hidden
1300Trb (Version: 40.0.115.000 -  Hewlett-Packard) Hidden
Ad-Aware Antivirus (HKLM\...\{56FDBD41-0B9B-4CEA-B2A4-8DBAAB0F7318}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.124 - Lavasoft)
AdAwareInstaller (Version: 11.9.696.8769 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.696.8769 - Lavasoft) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 40.0.115.000 - Hewlett-Packard) Hidden
AIOMinimal (Version: 40.0.115.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 40.0.115.000 - Hewlett-Packard) Hidden
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version:  - AVG)
AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM\...\AVG PC TuneUp) (Version: 15.0.1001.638 - AVG Technologies)
AVG PC TuneUp 2015 (Version: 15.0.1001.638 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.2.4.155 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 5.35.0.065 - Hewlett-Packard) Hidden
CreativeProjects (Version: 5.35.0.059 - Hewlett-Packard) Hidden
Director (Version: 5.35.0.051 - Hewlett-Packard) Hidden
DocProc (Version: 3.5.0.0 - Hewlett-Packard) Hidden
DVD Solution (HKLM\...\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}) (Version:  - )
EMET 4.1 Update 1 (HKLM\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
Fax (Version: 40.0.115.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Gateway Drivers and Applications Recovery (HKLM\...\Gateway Drivers and Applications Recovery) (Version:  - )
Gateway IE Customizations (HKLM\...\Gateway IE Customizations) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Software Update (HKLM\...\{34957B51-9676-41CE-9E52-44AE91B73F1C}) (Version: 1.0.22.20030804 - Hewlett-Packard)
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 3.5.0.21 - Hewlett-Packard) Hidden
Intel® 537EP Data Fax Modem (HKLM\...\Intel® 537EP Data Fax Modem) (Version:  - )
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
Media Player Codec Pack 4.3.6 (HKLM\...\Media Player - Codec Pack) (Version: 4.3.6 - Media Player Codec Pack)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Launcher (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Overland (Version: 2.1.4 - Hewlett-Packard) Hidden
PhotoGallery (Version: 40.0.111.000 - Hewlett-Packard) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - CyberLink Corporation)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PrintScreen (Version: 5.35.0.035 - Hewlett-Packard) Hidden
Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 4.7.2.1729 - Cybertron Software Co., Ltd.)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 5.35.0.047 - Hewlett-Packard) Hidden
Readme (Version: 40.0.115.000 - Hewlett-Packard) Hidden
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Scrabble v2.0 (HKLM\...\Scrabble v2.0) (Version:  - )
SkinsHP1 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TrayApp (Version: 5.35.0.035 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.1 - Tweaking.com)
Unload (Version: 3.5.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Disk Defrag Console Defragmentation.job => C:\Program Files\AVG\AVG PC Tuneup 2011\cdefrag.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Documents and Settings\Bob\Desktop\XPCleanup.lnk -> C:\XP-CLNUP.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-11-28 17:04 - 2015-12-16 18:21 - 01164688 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2015-12-09 17:57 - 2015-12-09 17:57 - 02595576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareShellExtension.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 02372816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\RCF.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_filesystem-vc120-mt-1_57.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00023296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_system-vc120-mt-1_57.dll
2014-10-23 19:11 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-23 19:11 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-28 15:23 - 2014-05-28 15:23 - 00089808 _____ () C:\Program Files\EMET 4.1\EMET_CE.DLL
2016-01-26 07:24 - 2016-01-26 07:24 - 02814864 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2015-12-16 18:22 - 2015-12-16 18:21 - 00533904 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\log4cplusU.dll
2015-11-01 07:48 - 2015-11-01 07:32 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2015-03-05 21:34 - 2015-03-05 21:34 - 00055992 _____ () C:\WINDOWS\system32\C2MP\UpdateChecker.exe
2016-01-29 19:31 - 2016-01-29 19:31 - 00011264 _____ () C:\Documents and Settings\Bob\Local Settings\Temp\nst6.tmp\System.dll
2003-05-30 09:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2003-05-30 09:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2002-12-12 00:14 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 08001760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe
2015-12-09 17:57 - 2015-12-09 17:57 - 00047368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_date_time-vc120-mt-1_57.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00089344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_thread-vc120-mt-1_57.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00032000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_chrono-vc120-mt-1_57.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00386816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_locale-vc120-mt-1_57.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 01731304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\HtmlFramework.dll
2015-12-09 17:57 - 2015-12-09 17:57 - 00867576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTrayDefaultSkin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 07:00 - 2016-01-02 09:06 - 00000770 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-583907252-1214440339-682003330-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe] => Disabled:Scrabble v2.0
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dplaysvr.exe] => Disabled:Microsoft DirectPlay Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner

==================== Restore Points =========================

21-01-2016 18:03:58 System Checkpoint
22-01-2016 19:18:36 System Checkpoint
23-01-2016 20:07:46 System Checkpoint
24-01-2016 21:07:57 System Checkpoint
25-01-2016 21:37:14 System Checkpoint
26-01-2016 22:36:44 System Checkpoint
27-01-2016 23:36:19 System Checkpoint
29-01-2016 00:36:56 System Checkpoint
29-01-2016 20:21:28 AA11

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 11:34:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/28/2016 11:33:37 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/18/2016 09:20:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application scrabble v2.0.exe, version 0.0.0.0, faulting module scrabble v2.0.exe, version 0.0.0.0, fault address 0x0004604e.
Processing media-specific event for [scrabble v2.0.exe!ws!]

Error: (01/15/2016 02:08:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2016 02:07:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2016 02:07:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2016 02:07:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2016 02:06:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2016 09:40:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application scrabble v2.0.exe, version 0.0.0.0, faulting module scrabble v2.0.exe, version 0.0.0.0, fault address 0x0004604e.
Processing media-specific event for [scrabble v2.0.exe!ws!]

Error: (01/13/2016 02:37:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/29/2016 08:23:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ad-Aware Service 11 service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/29/2016 07:37:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BITS service failed to start due to the following error:
%%1053

Error: (01/29/2016 07:37:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the BITS service to connect.

Error: (01/29/2016 07:36:49 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/29/2016 07:35:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (01/29/2016 07:35:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (01/29/2016 07:35:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error:
%%1053

Error: (01/29/2016 07:35:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Updating Service service to connect.

Error: (01/29/2016 07:35:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (01/29/2016 07:35:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.60GHz
Percentage of memory in use: 68%
Total physical RAM: 1270.73 MB
Available physical RAM: 405.18 MB
Total Virtual: 3030.65 MB
Available Virtual: 2329.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:11.63 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (SCRABBLEV20) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 7D067D06)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 


Edited by Scottish558, 30 January 2016 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 30 January 2016 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-583907252-1214440339-682003330-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} URL =
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: AVG Secure Search
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\user.js [2014-11-20]
FF SearchPlugin: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\searchplugins\avg-secure-search.xml [2016-01-26]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html", "chrome-extension://jjjgoniibiigbcfeipbhfcconfgmgmkc/blank.html"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-30]
R2 vToolbarUpdater40.2.4; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-16] (AVG Secure Search)
U3 TlntSvr; no ImagePath

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.
<<<>>>

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

How is the computer running now?

#3 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 January 2016 - 12:30 PM

Heres the results of JRT scan before I ran FRST script ;

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Microsoft Windows XP x86
Ran by Bob (Administrator) on Sat 01/30/2016 at 11:14:25.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Failed to delete: C:\WINDOWS\System32\c2mp (Folder)
Successfully deleted: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\searchplugins\avg-secure-search.xml (File)
Successfully deleted: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\user.js (File)

Deleted the following from C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\prefs.js
user_pref(avg.wtu.ext.extParams, {\action\:\extParams\,\data\:{\searchParams\:{\pid\:\wtu\,\cid\:\{6c5e22ed-335f-4ecc-98ba-44c07a74aac0}\,\mid\:\ec256a62
user_pref(browser.search.defaultenginename, AVG Secure Search);
user_pref(browser.search.defaultenginename.US, AVG Secure Search);
user_pref(extensions.VWvimoIKojR640CB.scode, (function(){try{if(window.self.location.href.indexOf(\rjYErTU6qjg5rHk4qjgEqHY9rHw\)>-1){return;}}catch(e){}try{var d=[[\tria



Registry: 10

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/30/2016 at 11:21:58.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Here are the results of  running FRST script  :>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Bob (2016-01-30 11:28:01) Run:1
Running from C:\Documents and Settings\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28
17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-583907252-1214440339-682003330-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} URL =
SearchScopes:
HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6F6A68BF-B179-4B8F-815F-C78711AB5F74}&mid=ec256a62db2c47d19f39d145b77ff052-73d65e1820e1b11ff2bdad70516b4543376b1de3&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-11-28 17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004
-> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.)
FF DefaultSearchEngine: AVG Secure Search
FF DefaultSearchEngine.US: AVG Secure Search
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\user.js [2014-11-20]
FF SearchPlugin: C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\searchplugins\avg-secure-search.xml [2016-01-26]
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html", "chrome-extension://jjjgoniibiigbcfeipbhfcconfgmgmkc/blank.html"
CHR
DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2015-11-30]
R2 vToolbarUpdater40.2.4; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-16] (AVG Secure Search)
U3 TlntSvr; no ImagePath

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
[2808] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe => process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
17:09:17&v=4.2.4.155&pid=wtu&sg=&sap=hp => Error: No automatic fix found for this entry.
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully.
"HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => key removed successfully.
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} => key not found.
HKCR\CLSID\{55DC29BC-31EA-4444-AA35-3E6A3EBD61E3} => key not found.
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-583907252-1214440339-682003330-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language} => Error: No automatic fix found for this entry.
HKU\S-1-5-21-583907252-1214440339-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}" => key removed successfully.
"HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value not found.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully.
HKU\Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004 => value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-583907252-1214440339-682003330-1004 => key not found.
-> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn9\yt.dll [2015-01-19] (Yahoo! Inc.) => Error: No automatic fix found for this entry.
FF DefaultSearchEngine: AVG Secure Search => not found
FF DefaultSearchEngine.US: AVG Secure Search => not found
"HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin" => key removed successfully.
C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\user.js => not found.
"C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\duubko0z.default-1425509338812\searchplugins\avg-secure-search.xml" => not found.
Chrome HomePage => not found.
NewTab => not found.
CHR => Error: No automatic fix found for this entry.
DefaultSearchKeyword: Default -> mysearch.avg.com => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL => not found.
C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn => not found.
vToolbarUpdater40.2.4 => service not found.
TlntSvr => service removed successfully.
EmptyTemp: => 2.7 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:39:16 ====

 

 

                          >>>>>>>>>>>>>>>>>>>   Here is JRT after the script and reboot :>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Microsoft Windows XP x86
Ran by Bob (Administrator) on Sat 01/30/2016 at 12:09:28.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Failed to delete: C:\WINDOWS\System32\c2mp (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/30/2016 at 12:25:41.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 30 January 2016 - 02:21 PM

How is the computer running now?

#5 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 30 January 2016 - 04:36 PM

Still very slow but It is an outdated computer, From what you saw is there any more noticeable problems ? maybe i'm just running to much and using up the memory.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 31 January 2016 - 08:27 AM

You AVG is protecting you so what I would do is remove any of these program using the Control panel Add/Remove programs applet.
Remove all the programs that you see.

Ad-Aware Antivirus (HKLM\...\{56FDBD41-0B9B-4CEA-B2A4-8DBAAB0F7318}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft)
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 1.0.1.124 - Lavasoft)
AdAwareInstaller (Version: 11.9.696.8769 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.696.8769 - Lavasoft) Hidden
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Java 2 Runtime Environment, SE v1.4.2 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142000}) (Version: 1.4.2 - Sun Microsystems, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If at one time McAfee was installed on this compute and removed I would still run their uninstaller.
Follow the instructions on this page.

https://service.mcafee.com/webcenter/portal/cp/home/articleview;jsessionid=yAiX0g2Pz8JgIKltFV-yxoHGsOhdd6IALMlzEFem3Bix9wqcH9Bg!-2046159503!-1745577616?articleId=TS101331&_afrLoop=3331554003691057#!%40%40%3F_afrLoop%3D3331554003691057%26articleId%3DTS101331%26centerWidth%3D100%25%26leftWidth%3D0%25%26rightWidth%3D0%25%26showFooter%3Dfalse%26showHeader%3Dfalse%26_adf.ctrl-state%3D46x1w4s5r_4

Any improvement?

#7 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 January 2016 - 08:50 AM

ok will do

 

here are the results

 

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Bob (2016-01-31 09:13:12) Run:2
Running from C:\Documents and Settings\Bob\Desktop
Loaded Profiles: Bob (Available Profiles: Bob)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: C:\WINDOWS\Tasks\Check
for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com
AlternateDataStreams:
C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4


End
*****************

Restore point was successfully created.
Processes closed successfully.
Task: C:\WINDOWS\Tasks\Check => not found.
for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe => Error: No automatic fix found for this entry.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => moved successfully
C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => moved successfully
C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => moved successfully
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak:SummaryInformation" => not found.
C:\WINDOWS\system32\wuauclt.exe.wusetup.1185171.bak => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully..
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully..
EmptyTemp: => 21.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:15:10 ====


Edited by Scottish558, 31 January 2016 - 09:27 AM.


#8 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 January 2016 - 09:42 AM

does anything look unusual here ?Attached File  screenshot.png   166.91KB   0 downloads


Edited by Scottish558, 31 January 2016 - 09:43 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 31 January 2016 - 10:11 AM

It's form AVG.
https://www.reasoncoresecurity.com/avgwdsvcx.exe-b85ec34b7f979687a4cbe5c81a65fd716d4c9a8b.aspx

#10 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 January 2016 - 12:12 PM

Sorry nasdaq, I didn't clarify, I know what was highlighted was from AVG . I just happened to click on that . What I meant was does it look normal the amount of memory that is being used and the comp is slow to open browsers ? I  just want to thank you for taking the time out to help .



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 31 January 2016 - 02:53 PM

The CPU usage may be high because your computer is slow.
What is causing this maybe AVG.
Running this tool will require you to Disable it.
Let see what happens.


Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

#12 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 January 2016 - 05:20 PM

I am currently running this program...when i downloded it my antivirus said it was infected, but i downloaded and ran anyway . it has taken over an hour to run... i see in my running services a program PEVZ.exe which is a trojan dropper . I assume this is part of the program.. can you explain please



#13 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 31 January 2016 - 06:22 PM

after 2 hrs. here are the results:

 

Attached File  zoek-results.txt   28.18KB   2 downloads



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 01 February 2016 - 08:20 AM

The Zoek log is showing these programs as being installed.
If you have already removed them then forget about it.

Ad-Aware Antivirus
Ad-Aware Browsing Protection
AdAwareInstaller
AdAwareUpdater
Java 2 Runtime Environment, SE v1.4.2
Spybot - Search & Destroy
Tweaking.com - Windows Repair



Copy all the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAwareTray]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall]

Restart the computer when completed.

You can delete the fixme.reg file when done.

===

A log of temporary files were removed.
I suggest you DEFRAG the hard disk.
This may take awhile also.
==

Keep me posted.

Edited by nasdaq, 01 February 2016 - 08:20 AM.


#15 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 01 February 2016 - 07:05 PM

I'm still wondering why I saw   Pevz.exe  running in my task manager under processes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users