Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely high bandwidth use


  • This topic is locked This topic is locked
28 replies to this topic

#1 Mojorig

Mojorig

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 28 February 2016 - 01:35 PM

At the end of January, we were contacted by our local internet provider about high bandwidth use. We had used our monthly allotment in four days (80gb, I believe) They said we likely had a virus or malware using the bandwidth. We are in need of some help. Thanks

BC AdBot (Login to Remove)

 


#2 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 28 February 2016 - 01:56 PM

Also during this time, we received a full hard drive message. Before this issue began, our hard drive was about 50% full.

#3 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 28 February 2016 - 03:55 PM

Here is my FRST log but my computer wont run Gmer without getting an error. We don't use Internet Explorer even though it said several restricted sites were visited using IE.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-02-2016
Ran by Jeremy (administrator) on JEREMY-2A56A8DE (28-02-2016 12:20:53)
Running from C:\Documents and Settings\Jeremy\My Documents\Downloads
Loaded Profiles: Jeremy & UpdatusUser (Available Profiles: Jeremy & UpdatusUser)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\WINDOWS\system\HsMgr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\AsusAudioCenter.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\ASUS Xonar DG Audio\CustomApp\Program\MXmon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Documents and Settings\Jeremy\My Documents\Downloads\1xgo9rj3.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165552 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-12-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKLM\...\Run: [Cmaudio8788] => RunDll32 cmicnfgp.cpl,CMICtrlWnd
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\MountPoints2: {147f0f9e-eecf-11e0-a021-0013207c28be} - J:\setup.exe -a
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{429D86F3-3FA7-4DE0-BF81-9F5C7E7579F2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AEE1006F-DB32-4EF6-A56F-039C27422D4C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-746137067-2147125855-1644491937-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_51_ff&cd=2XzuyEtN2Y1L1QzutCyEtAyDzz0BtDyBzytD0FyC0C0AyDyCtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByCyEyB0CtB0DyBtGtByDtAtAtGzyzz0F0AtGzyyCzzyEtGyEyByEyByByEyC0CzyyB0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0EzztA0E0CtCtCtG0CtByB0BtGyE0CyEtBtGzyyB0F0FtGzytA0EtA0F0EtByByE0ByD0D2Q&cr=221795413&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_14_51_ff&cd=2XzuyEtN2Y1L1QzutCyEtAyDzz0BtDyBzytD0FyC0C0AyDyCtN0D0Tzu0StCtDzztDtN1L2XzutAtFyCtFtCtDtFtCtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StByCyEyB0CtB0DyBtGtByDtAtAtGzyzz0F0AtGzyyCzzyEtGyEyByEyByByEyC0CzyyB0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0EzztA0E0CtCtCtG0CtByB0BtGyE0CyEtBtGzyyB0F0FtGzytA0EtA0F0EtByByE0ByD0D2Q&cr=221795413&ir=
SearchScopes: HKU\S-1-5-21-746137067-2147125855-1644491937-1004 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-07-10] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-07-10] (IObit)
Toolbar: HKU\S-1-5-21-746137067-2147125855-1644491937-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316879942640
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler: linkscanner - No CLSID Value -
Handler: WSISVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\pj0wf7cg.default-1438900958736
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-18] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-12-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-18] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2011-11-11]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - <no Path\update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
S4 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
S4 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-15] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit)
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S2 SMART Display Controller; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2013-11-10] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-12-15] (Creative)
S3 AX88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17920 2004-10-28] (ASIX Electronics Corp.)
R3 cmudaxp; C:\WINDOWS\System32\drivers\cmudaxp.sys [1753600 2011-03-10] (C-Media Inc) [File not signed]
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-02-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-12-15] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [829792 2014-12-15] (Ralink Technology, Corp.)
S3 smrtdrv; C:\WINDOWS\System32\DRIVERS\smrtdrv.sys [2432 2004-04-22] (SMART Technologies Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2014-12-15] ()
S0 cerc6; no ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath
U3 pwtdrfob; \??\C:\DOCUME~1\Jeremy\LOCALS~1\Temp\pwtdrfob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 12:20 - 2016-02-28 12:20 - 00000000 ____D C:\FRST
2016-02-01 13:50 - 2016-02-28 12:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 13:50 - 2016-02-28 12:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf6a491a5ff78c.job
2016-02-01 13:50 - 2016-02-28 12:16 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-02-01 13:50 - 2016-02-28 12:16 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-01 13:50 - 2016-02-13 00:21 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2016-02-01 13:50 - 2016-02-08 15:00 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-30 19:49 - 2016-01-30 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 12:21 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\Jeremy\Local Settings\Temp
2016-02-28 12:17 - 2014-01-20 09:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-02-28 12:16 - 2015-05-30 22:24 - 01179648 _____ C:\WINDOWS\system32\config\Nano.evt
2016-02-28 12:16 - 2015-01-23 14:37 - 00000282 _____ C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2016-02-28 12:16 - 2014-02-10 12:48 - 00008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2016-02-28 12:16 - 2011-09-24 09:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-28 10:38 - 2012-12-21 10:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-28 09:58 - 2014-12-15 13:03 - 00001822 _____ C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 8.lnk
2016-02-28 09:57 - 2008-04-13 17:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-14 19:37 - 2013-08-03 09:10 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-02-14 19:36 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\Jeremy
2016-02-14 17:55 - 2011-11-11 07:32 - 00032482 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2016-02-14 16:54 - 2012-04-25 18:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-14 16:54 - 2011-09-24 04:20 - 00384816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-13 08:55 - 2015-12-18 20:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-10 07:38 - 2012-12-21 10:46 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-10 07:38 - 2011-10-04 14:35 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-10 03:12 - 2005-07-22 09:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 03:00 - 2011-09-25 06:00 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 12:44 - 2015-09-09 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2016-02-07 12:44 - 2013-10-13 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Corel Applications
2016-02-07 12:44 - 2012-05-20 15:53 - 00000000 ____D C:\Documents and Settings\Jeremy\Desktop\Serif
2016-02-07 12:31 - 2013-05-15 15:36 - 00352256 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-07 12:31 - 2013-05-15 15:36 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 41058304 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 00053248 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-07 12:31 - 2011-09-25 05:59 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-03 13:53 - 2011-09-26 08:44 - 00104504 _____ C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-02-03 13:25 - 2014-12-24 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Program Files\Corel
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Program Files\Common Files\Ulead Systems
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ulead Systems
2016-01-31 17:01 - 2014-12-24 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2016-01-31 12:48 - 2011-10-04 14:44 - 00000000 ____D C:\Program Files\IObit
2016-01-31 12:45 - 2012-03-17 19:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Serif Applications
2016-01-31 12:45 - 2012-03-17 19:12 - 00000000 ____D C:\Program Files\Serif
2016-01-31 12:38 - 2011-10-04 14:44 - 00000000 ____D C:\Documents and Settings\Jeremy\Application Data\IObit
2016-01-31 00:30 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-01-30 19:43 - 2011-09-24 09:35 - 00000278 ___SH C:\Documents and Settings\Jeremy\ntuser.ini
2016-01-30 19:43 - 2011-09-24 09:35 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2016-01-30 19:40 - 2013-10-13 12:31 - 00000000 ____D C:\Documents and Settings\Jeremy\My Documents\STREAM
2016-01-30 19:27 - 2011-09-24 09:45 - 00000000 ____D C:\Program Files\Realtek

==================== Files in the root of some directories =======

2013-10-13 12:04 - 2007-04-25 02:49 - 0000328 ____N () C:\Program Files\GuideMenuSetup.iss
2013-10-13 12:08 - 2007-04-05 21:28 - 0001237 ____N () C:\Program Files\WinDVDSetup.iss
2013-02-09 21:39 - 2015-09-22 15:59 - 0016384 _____ () C:\Documents and Settings\Jeremy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 12:25 - 2014-10-13 12:25 - 0001774 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c5f4016c.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-02-2016
Ran by Jeremy (2016-02-28 12:30:00)
Running from C:\Documents and Settings\Jeremy\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-09-24 15:34:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-746137067-2147125855-1644491937-500 - Administrator - Enabled)
Guest (S-1-5-21-746137067-2147125855-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-746137067-2147125855-1644491937-1000 - Limited - Disabled)
Jeremy (S-1-5-21-746137067-2147125855-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jeremy
SUPPORT_388945a0 (S-1-5-21-746137067-2147125855-1644491937-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-746137067-2147125855-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
ASUS Xonar DG Audio (HKLM\...\C-Media Oxygen HD Sound) (Version:  - )
AVG 2012 (Version: 12.0.1809 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2114 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.02.01.01 - AlcorMicro)
Digital Media Reader (Version: 2.02.01.01 - AlcorMicro) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Index.dat Analyzer v2.5 (HKLM\...\Index.dat Analyzer_is1) (Version: 2.5 - Systenance Software)
InterVideo WinDVD SE (HKLM\...\InstallShield_{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}) (Version: 8.0-B6.196 - Corel Corporation)
InterVideo WinDVD SE (Version: 8.0-B6.196 - Corel Corporation) Hidden
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 1.0 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework Client Profile (HKLM\...\Microsoft.Net.Client.3.5) (Version: 3.5 - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.1.5879 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Panda Devices Agent (Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Privacy Mantra 3.00 (HKLM\...\Privacy Mantra 3.00) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
SAS 9.1 (HKLM\...\{68624FB8-2512-46B5-9664-64366DCCB3EB}) (Version:  - )
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1) (HKLM\...\e7b5d423e2fcc19f6c91a3c2b5238c8a) (Version:  - )
Serif PhotoPlus X5 (HKLM\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.1.011 - Serif (Europe) Ltd)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5FEF2583-382C-4795-947F-CE54E3F0E16A}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf6a491a5ff78c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-24 14:14 - 2013-06-28 09:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-13 12:04 - 2006-11-02 07:40 - 00174656 ____R () C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
2006-01-02 09:18 - 2004-07-22 03:57 - 00013600 _____ () C:\WINDOWS\system32\sasperf.dll
2014-12-01 20:19 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-12-01 20:19 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-06-04 18:58 - 2008-07-11 01:04 - 00200704 ____R () C:\WINDOWS\system\HsMgr.exe
2014-12-15 13:03 - 2013-01-15 17:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-06-04 18:57 - 2010-09-24 03:50 - 00090112 _____ () C:\Program Files\ASUS Xonar DG Audio\Customapp\Program\MXMon.exe
2014-01-20 09:14 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-02-28 12:19 - 2016-02-28 12:20 - 00380416 _____ () C:\Documents and Settings\Jeremy\My Documents\Downloads\1xgo9rj3.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:526C3661

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4792 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 17:00 - 2014-12-16 13:02 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-746137067-2147125855-1644491937-1005\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CineForm Status.lnk => C:\WINDOWS\pss\CineForm Status.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 =>
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GuideMenu => C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSMSGS =>
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u
MSCONFIG\startupreg: vProt =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\SAS\SAS 9.1\sas.exe] => Enabled:SAS 9.1 for Windows
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

31-01-2016 12:38:15 System Checkpoint
31-01-2016 12:39:14 Serif DrawPlus X5 restore point
31-01-2016 12:50:58 Canon My Image Garden restore point
31-01-2016 17:05:04 Removed Ulead DVD MovieFactory
02-02-2016 13:36:38 Configured WinDVD
01-02-2016 17:25:27 System Checkpoint
02-02-2016 18:25:28 System Checkpoint
03-02-2016 19:25:27 System Checkpoint
04-02-2016 20:25:27 System Checkpoint
05-02-2016 21:25:28 System Checkpoint
07-02-2016 13:00:51 System Checkpoint
08-02-2016 13:25:28 System Checkpoint
09-02-2016 14:25:27 System Checkpoint
10-02-2016 03:00:20 Software Distribution Service 3.0
12-02-2016 17:18:57 System Checkpoint
14-02-2016 17:28:24 System Checkpoint
28-02-2016 10:54:36 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2016 12:16:45 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 10:04:58 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 09:58:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/14/2016 04:55:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/12/2016 06:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/31/2016 12:30:35 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.5276.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/30/2016 07:45:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (01/30/2016 06:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/30/2016 06:39:17 PM) (Source: MsiInstaller) (EventID: 11711) (User: NT AUTHORITY)
Description: Product: Panda Free Antivirus -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.

Error: (01/30/2016 06:39:13 PM) (Source: MsiInstaller) (EventID: 11711) (User: NT AUTHORITY)
Description: Product: Panda Free Antivirus -- Error 1711.An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the installation.


System errors:
=============
Error: (02/28/2016 12:16:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMART Display Controller service failed to start due to the following error:
%%3

Error: (02/28/2016 10:04:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMART Display Controller service failed to start due to the following error:
%%3

Error: (02/28/2016 10:00:48 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:48 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 5) (User: )
Description: \Device\Ide\IdePort1

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (02/28/2016 10:00:47 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 22%
Total physical RAM: 2542.24 MB
Available physical RAM: 1968.92 MB
Total Virtual: 4431.79 MB
Available Virtual: 3835.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.15 GB) (Free:43.67 GB) NTFS
Drive h: (RECOVERY) (Fixed) (Total:4.89 GB) (Free:1.21 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=4.9 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=144.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


Edited by Mojorig, 28 February 2016 - 03:57 PM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 28 February 2016 - 04:17 PM

Hello Mojorig and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Uninstall programs

Please uninstall these programs:

Advanced SystemCare 8
IObit Malware Fighter
AVG 2012 (any version present)


  • click Start, Settings, Control Panel, Add or Remove Programs
  • click on Advanced SystemCare 8 and then on Uninstall. Repeat this for the other programs listed above

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


Edited by satchfan, 28 February 2016 - 04:29 PM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 28 February 2016 - 04:54 PM

# AdwCleaner v5.037 - Logfile created 28/02/2016 at 15:37:20
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jeremy - JEREMY-2A56A8DE
# Running from : C:\Documents and Settings\Jeremy\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
[-] Folder Deleted : C:\Documents and Settings\Jeremy\Application Data\1H1Q1V1N1N1O1R
[-] Folder Deleted : C:\Documents and Settings\Jeremy\Application Data\DigitalSites
[-] Folder Deleted : C:\Documents and Settings\Jeremy\Local Settings\Application Data\Conduit
[-] Folder Deleted : C:\Documents and Settings\Jeremy\Local Settings\Application Data\DriverTuner
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\PC HealthBoost

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3718 bytes] - [28/02/2016 15:37:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [3663 bytes] - [28/02/2016 15:35:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3864 bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Microsoft Windows XP x86
Ran by Jeremy (Limited) on Sun 02/28/2016 at 15:42:23.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\Documents and Settings\Jeremy\Application Data\iobit\driver booster (Folder)
Successfully deleted: C:\Documents and Settings\Jeremy\Application Data\productdata (Folder)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\System32\grouppolicy\adm (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0DE3STIJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0PQ34H6J (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XMNCD2F (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C1QFGTIJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CD2R4HU7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHI78XAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLYNC1E3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5I78XYN (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0DE3STIJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0PQ34H6J (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XMNCD2F (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\C1QFGTIJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CD2R4HU7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHI78XAZ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLYNC1E3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5I78XYN (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/28/2016 at 15:47:16.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-02-2016
Ran by Jeremy (administrator) on JEREMY-2A56A8DE (28-02-2016 15:48:07)
Running from C:\Documents and Settings\Jeremy\Desktop
Loaded Profiles: Jeremy & UpdatusUser (Available Profiles: Jeremy & UpdatusUser)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\WINDOWS\system\HsMgr.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165552 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2014-12-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\system\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\MountPoints2: {147f0f9e-eecf-11e0-a021-0013207c28be} - J:\setup.exe -a
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{429D86F3-3FA7-4DE0-BF81-9F5C7E7579F2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AEE1006F-DB32-4EF6-A56F-039C27422D4C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-746137067-2147125855-1644491937-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-746137067-2147125855-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-15] (Oracle Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1316879942640
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
Handler: linkscanner - No CLSID Value -
Handler: WSISVCUchrome - No CLSID Value -
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\pj0wf7cg.default-1438900958736
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-10-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-15] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-02-28] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-02-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-03-18] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-15] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-01] (IObit)
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 ProtexisLicensing; C:\Program Files\Common Files\Protexis\License Service\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)
S2 SMART Display Controller; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2013-11-10] (Meetinghouse Data Communications) [File not signed]
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-12-15] (Creative)
S3 AX88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [17920 2004-10-28] (ASIX Electronics Corp.)
R3 cmudaxp; C:\WINDOWS\System32\drivers\cmudaxp.sys [1753600 2011-03-10] (C-Media Inc) [File not signed]
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2016-02-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-12-15] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [87032 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [202104 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [109688 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [121720 2015-07-09] (Panda Security, S.L.)
R3 NNSNAHS; C:\WINDOWS\System32\DRIVERS\NNSNAHS.sys [55216 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [102264 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52088 2015-07-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [120568 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [281720 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [209016 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [108408 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [240376 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [94968 2015-07-09] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [140792 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [103288 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [172792 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [114680 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [125176 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [100600 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50832 2015-05-22] (Panda Security, S.L.)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [829792 2014-12-15] (Ralink Technology, Corp.)
S3 smrtdrv; C:\WINDOWS\System32\DRIVERS\smrtdrv.sys [2432 2004-04-22] (SMART Technologies Inc.)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [298752 2014-12-15] ()
S0 cerc6; no ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 15:47 - 2016-02-28 15:47 - 00003692 _____ C:\Documents and Settings\Jeremy\Desktop\JRT.txt
2016-02-28 15:41 - 2016-02-28 15:41 - 00003943 _____ C:\Documents and Settings\Jeremy\Desktop\AdwCleaner[C1].txt
2016-02-28 15:41 - 2015-05-22 02:45 - 00050832 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2016-02-28 15:34 - 2016-02-28 15:37 - 00000000 ____D C:\AdwCleaner
2016-02-28 15:34 - 2016-02-28 15:34 - 01609216 _____ (Malwarebytes) C:\Documents and Settings\Jeremy\Desktop\JRT.exe
2016-02-28 15:33 - 2016-02-28 15:33 - 01518592 _____ C:\Documents and Settings\Jeremy\Desktop\AdwCleaner.exe
2016-02-28 13:19 - 2016-02-28 15:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-28 12:31 - 2016-02-28 12:31 - 00027828 _____ C:\Documents and Settings\Jeremy\Desktop\Addition.txt
2016-02-28 12:27 - 2016-02-28 15:48 - 00014939 _____ C:\Documents and Settings\Jeremy\Desktop\FRST.txt
2016-02-28 12:20 - 2016-02-28 15:48 - 00000000 ____D C:\FRST
2016-02-28 12:19 - 2016-02-28 12:19 - 01722368 _____ (Farbar) C:\Documents and Settings\Jeremy\Desktop\FRST.exe
2016-01-30 19:49 - 2016-01-30 19:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Panda Free Antivirus

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 15:48 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\Jeremy\Local Settings\Temp
2016-02-28 15:44 - 2012-06-20 16:59 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-28 15:44 - 2011-10-04 14:44 - 00000000 ____D C:\Documents and Settings\Jeremy\Application Data\IObit
2016-02-28 15:40 - 2014-02-10 12:48 - 00008192 _____ C:\WINDOWS\system32\WDPABKP.dat
2016-02-28 15:40 - 2012-04-25 18:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-28 15:40 - 2011-09-24 09:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-28 15:37 - 2015-05-30 22:24 - 01179648 _____ C:\WINDOWS\system32\config\Nano.evt
2016-02-28 15:37 - 2011-11-11 07:32 - 00032482 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2016-02-28 15:37 - 2011-09-25 05:59 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2016-02-28 15:37 - 2011-09-24 09:35 - 00000278 ___SH C:\Documents and Settings\Jeremy\ntuser.ini
2016-02-28 15:37 - 2011-09-24 09:35 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2016-02-28 15:32 - 2011-10-04 14:44 - 00000000 ____D C:\Program Files\IObit
2016-02-28 14:38 - 2012-12-21 10:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-28 12:17 - 2014-01-20 09:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-02-28 09:57 - 2008-04-13 17:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-14 19:37 - 2013-08-03 09:10 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2016-02-14 19:36 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\Jeremy
2016-02-14 16:54 - 2011-09-24 04:20 - 00384816 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-10 07:38 - 2012-12-21 10:46 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-10 07:38 - 2011-10-04 14:35 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-10 03:12 - 2005-07-22 09:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 03:00 - 2011-09-25 06:00 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-07 12:44 - 2015-09-09 17:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2016-02-07 12:44 - 2013-10-13 12:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Corel Applications
2016-02-07 12:44 - 2012-05-20 15:53 - 00000000 ____D C:\Documents and Settings\Jeremy\Desktop\Serif
2016-02-07 12:31 - 2013-05-15 15:36 - 00352256 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-07 12:31 - 2013-05-15 15:36 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 41058304 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 00053248 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-07 12:31 - 2011-09-25 05:59 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-02-03 13:53 - 2011-09-26 08:44 - 00104504 _____ C:\Documents and Settings\Jeremy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-02-03 13:25 - 2014-12-24 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Program Files\Corel
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Program Files\Common Files\Ulead Systems
2016-01-31 17:05 - 2013-10-13 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ulead Systems
2016-01-31 17:01 - 2014-12-24 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
2016-01-31 12:45 - 2012-03-17 19:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Serif Applications
2016-01-31 12:45 - 2012-03-17 19:12 - 00000000 ____D C:\Program Files\Serif
2016-01-31 00:30 - 2011-09-24 09:35 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2016-01-30 19:40 - 2013-10-13 12:31 - 00000000 ____D C:\Documents and Settings\Jeremy\My Documents\STREAM
2016-01-30 19:27 - 2011-09-24 09:45 - 00000000 ____D C:\Program Files\Realtek

==================== Files in the root of some directories =======

2013-10-13 12:04 - 2007-04-25 02:49 - 0000328 ____N () C:\Program Files\GuideMenuSetup.iss
2013-10-13 12:08 - 2007-04-05 21:28 - 0001237 ____N () C:\Program Files\WinDVDSetup.iss
2013-02-09 21:39 - 2015-09-22 15:59 - 0016384 _____ () C:\Documents and Settings\Jeremy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 12:25 - 2014-10-13 12:25 - 0001774 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\Jeremy\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c5f4016c.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-02-2016
Ran by Jeremy (2016-02-28 15:50:27)
Running from C:\Documents and Settings\Jeremy\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-09-24 15:34:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-746137067-2147125855-1644491937-500 - Administrator - Enabled)
Guest (S-1-5-21-746137067-2147125855-1644491937-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-746137067-2147125855-1644491937-1000 - Limited - Disabled)
Jeremy (S-1-5-21-746137067-2147125855-1644491937-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jeremy
SUPPORT_388945a0 (S-1-5-21-746137067-2147125855-1644491937-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-746137067-2147125855-1644491937-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Free Antivirus (Enabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Panda Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
ASUS Xonar DG Audio (HKLM\...\C-Media Oxygen HD Sound) (Version:  - )
AVG 2012 (Version: 12.0.1809 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1831 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1834 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1869 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1872 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2114 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.)
Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.02.01.01 - AlcorMicro)
Digital Media Reader (Version: 2.02.01.01 - AlcorMicro) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Index.dat Analyzer v2.5 (HKLM\...\Index.dat Analyzer_is1) (Version: 2.5 - Systenance Software)
InterVideo WinDVD SE (HKLM\...\InstallShield_{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}) (Version: 8.0-B6.196 - Corel Corporation)
InterVideo WinDVD SE (Version: 8.0-B6.196 - Corel Corporation) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 72 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework Client Profile (HKLM\...\Microsoft.Net.Client.3.5) (Version: 3.5 - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA nView 135.85 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.85 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation)
Panda Devices Agent (Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Privacy Mantra 3.00 (HKLM\...\Privacy Mantra 3.00) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7111 - Realtek Semiconductor Corp.)
SAS 9.1 (HKLM\...\{68624FB8-2512-46B5-9664-64366DCCB3EB}) (Version:  - )
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1) (HKLM\...\e7b5d423e2fcc19f6c91a3c2b5238c8a) (Version:  - )
Serif PhotoPlus X5 (HKLM\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.1.011 - Serif (Europe) Ltd)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version:  - )
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5FEF2583-382C-4795-947F-CE54E3F0E16A}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-24 14:14 - 2013-06-28 09:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2013-10-13 12:04 - 2006-11-02 07:40 - 00174656 ____R () C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
2006-01-02 09:18 - 2004-07-22 03:57 - 00013600 _____ () C:\WINDOWS\system32\sasperf.dll
2014-12-01 20:19 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-12-01 20:19 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-06-04 18:58 - 2008-07-11 01:04 - 00200704 ____R () C:\WINDOWS\system\HsMgr.exe
2014-01-20 09:14 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:526C3661

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\100sexlinks.com -> 100sexlinks.com

There are 4792 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 17:00 - 2014-12-16 13:02 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-746137067-2147125855-1644491937-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-746137067-2147125855-1644491937-1005\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: Media is not connected to internet.
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CineForm Status.lnk => C:\WINDOWS\pss\CineForm Status.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 =>
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GuideMenu => C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe -hide
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSMSGS =>
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\SAS\SAS 9.1\sas.exe] => Enabled:SAS 9.1 for Windows
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Restore Points =========================

31-01-2016 12:38:15 System Checkpoint
31-01-2016 12:39:14 Serif DrawPlus X5 restore point
31-01-2016 12:50:58 Canon My Image Garden restore point
31-01-2016 17:05:04 Removed Ulead DVD MovieFactory
02-02-2016 13:36:38 Configured WinDVD
01-02-2016 17:25:27 System Checkpoint
02-02-2016 18:25:28 System Checkpoint
03-02-2016 19:25:27 System Checkpoint
04-02-2016 20:25:27 System Checkpoint
05-02-2016 21:25:28 System Checkpoint
07-02-2016 13:00:51 System Checkpoint
08-02-2016 13:25:28 System Checkpoint
09-02-2016 14:25:27 System Checkpoint
10-02-2016 03:00:20 Software Distribution Service 3.0
12-02-2016 17:18:57 System Checkpoint
14-02-2016 17:28:24 System Checkpoint
28-02-2016 10:54:36 System Checkpoint
28-02-2016 15:30:04 Advanced SystemCare 8 restore point
28-02-2016 15:43:31 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2016 03:41:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 03:37:23 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 12:16:45 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 10:04:58 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/28/2016 09:58:32 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/14/2016 04:55:19 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (02/12/2016 06:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/31/2016 12:30:35 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.5276.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/30/2016 07:45:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (01/30/2016 06:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (02/28/2016 03:40:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMART Display Controller service failed to start due to the following error:
%%3

Error: (02/28/2016 03:37:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (02/28/2016 03:37:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/28/2016 03:37:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WD Drive Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ProtexisLicensing service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IviRegMgr service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/28/2016 03:37:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 27%
Total physical RAM: 2542.24 MB
Available physical RAM: 1849.15 MB
Total Virtual: 4431.79 MB
Available Virtual: 3799.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.15 GB) (Free:43.84 GB) NTFS
Drive h: (RECOVERY) (Fixed) (Total:4.89 GB) (Free:1.21 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=4.9 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=144.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



#6 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 28 February 2016 - 05:23 PM

Hi Mojorig and well done on running those so quickly.

 

I won't reply tonight, (10 20pm GMT), as I have to be up at 4am but will reply as soon as I've had to review your latest log.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 29 February 2016 - 03:32 AM

Uninstall programs

You don’t appear to have uninstalled the programs that I asked you to uninstall.

You need to uninstall anything related to iObit, including  Surfing Protection and IObit Uninstaller

IObit is untrustworthy and although they have cleaned their act up somewhat, IObit’s Advanced SystemCare installs browser extensions/spyware without consent.– see here

Also,you have Microsoft Security Essentials, AVG 2012 & Panda Antiviruses, (AVs), installed.

You can not run more than one real-time antivirus at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective and this is what is draining your memory.

I would suggest you uninstall AVG, and one of the other 2, (AVG is not as effective and is more intrusive but, it is your choice).

If you uninstall AVG there will still be some remnants on your computer even after the uninstall so please download and run AVG Removal Tool from here.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.


(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\MountPoints2: {147f0f9e-eecf-11e0-a021-0013207c28be} - J:\setup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-746137067-2147125855-1644491937-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-746137067-2147125855-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: linkscanner - No CLSID Value -
Handler: WSISVCUchrome - No CLSID Value -
S2 SMART Display Controller; no ImagePath
S0 cerc6; no ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath
2016-02-28 15:44 - 2011-10-04 14:44 - 00000000 ____D C:\Documents and Settings\Jeremy\Application Data\IObit
2016-02-28 15:32 - 2011-10-04 14:44 - 00000000 ____D C:\Program Files\IObit
2016-02-07 12:31 - 2013-05-15 15:36 - 00352256 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-07 12:31 - 2013-05-15 15:36 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 41058304 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 00053248 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-07 12:31 - 2011-09-25 05:59 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-20 09:14 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:526C3661
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c5f4016c.exe
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Fixlog.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 29 February 2016 - 03:43 PM

Fix result of Farbar Recovery Scan Tool (x86) Version:27-02-2016
Ran by Jeremy (2016-02-29 14:32:57) Run:1
Running from C:\Documents and Settings\Jeremy\Desktop\Computer Fix
Loaded Profiles: Jeremy & UpdatusUser (Available Profiles: Jeremy & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\...\MountPoints2: {147f0f9e-eecf-11e0-a021-0013207c28be} - J:\setup.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-746137067-2147125855-1644491937-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-746137067-2147125855-1644491937-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: linkscanner - No CLSID Value -
Handler: WSISVCUchrome - No CLSID Value -
S2 SMART Display Controller; no ImagePath
S0 cerc6; no ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
U4 RemoteRegistry; no ImagePath
U4 TlntSvr; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
U1 WS2IFSL; no ImagePath
2016-02-28 15:44 - 2011-10-04 14:44 - 00000000 ____D C:\Documents and Settings\Jeremy\Application Data\IObit
2016-02-28 15:32 - 2011-10-04 14:44 - 00000000 ____D C:\Program Files\IObit
2016-02-07 12:31 - 2013-05-15 15:36 - 00352256 _____ C:\WINDOWS\system32\config\default.iobit
2016-02-07 12:31 - 2013-05-15 15:36 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 41058304 _____ C:\WINDOWS\system32\config\software.iobit
2016-02-07 12:31 - 2013-05-15 15:35 - 00053248 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-02-07 12:31 - 2011-09-25 05:59 - 00000000 ____D C:\Documents and Settings\UpdatusUser
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-02-07 12:31 - 2011-09-24 09:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-20 09:14 - 2013-01-15 17:48 - 00348992 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00183616 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2014-01-20 09:14 - 2013-01-15 17:48 - 00051008 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:526C3661
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c5f4016c.exe
EmptyTemp:
*****************

C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe => No running process found
"HKU\S-1-5-21-746137067-2147125855-1644491937-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{147f0f9e-eecf-11e0-a021-0013207c28be}" => key removed successfully.
HKCR\CLSID\{147f0f9e-eecf-11e0-a021-0013207c28be} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-746137067-2147125855-1644491937-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
"HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key removed successfully.
SMART Display Controller => service removed successfully.
cerc6 => service removed successfully.
motandroidusb => service removed successfully.
motccgp => service removed successfully.
motccgpfl => service removed successfully.
MotoSwitchService => service removed successfully.
RemoteRegistry => service removed successfully.
TlntSvr => service removed successfully.
USBAAPL => service removed successfully.
WS2IFSL => service removed successfully.
"C:\Documents and Settings\Jeremy\Application Data\IObit" => not found.
"C:\Program Files\IObit" => not found.
"C:\WINDOWS\system32\config\default.iobit" => not found.
"C:\WINDOWS\system32\config\SAM.iobit" => not found.
"C:\WINDOWS\system32\config\software.iobit" => not found.
"C:\WINDOWS\system32\config\SECURITY.iobit" => not found.

"C:\Documents and Settings\UpdatusUser" folder move:

Could not move "C:\Documents and Settings\UpdatusUser" => Scheduled to move on reboot.


"C:\Documents and Settings\NetworkService" folder move:

Could not move "C:\Documents and Settings\NetworkService" => Scheduled to move on reboot.


"C:\Documents and Settings\LocalService" folder move:

Could not move "C:\Documents and Settings\LocalService" => Scheduled to move on reboot.

"C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl" => not found.
"C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl" => not found.
"C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl" => not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":526C3661" ADS removed successfully..
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c5f4016c.exe => moved successfully
EmptyTemp: => 1.4 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-29 14:37:02)

"C:\Documents and Settings\UpdatusUser" => Could not move
"C:\Documents and Settings\NetworkService" => Could not move
C:\Documents and Settings\LocalService => moved successfully

==== End of Fixlog 14:37:04 ====

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
MBAM out of Date!
CCleaner
SAS Private JRE (J2SE™ Java Runtime Environment 1.4.1)
Java 7 Update 72
Java version 32-bit out of Date!
Adobe Flash Player 20.0.0.306
Adobe Reader XI
Mozilla Firefox (43.0.4)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````


#9 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 29 February 2016 - 04:11 PM

That looks better. Have things improved and what problems remain?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 29 February 2016 - 04:22 PM

I believe things have got better

#11 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 29 February 2016 - 05:32 PM

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 29 February 2016 - 10:12 PM

Updated and nothing was detected.

#13 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 01 March 2016 - 03:12 AM

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Run Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan


Edited by satchfan, 01 March 2016 - 03:13 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 Mojorig

Mojorig
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 01 March 2016 - 12:52 PM

C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Documents and Settings\Jeremy\Application Data\Sun\Java\jre1.7.0_25\java_sp.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Documents and Settings\Jeremy\My Documents\Downloads\ccsetup500.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Documents and Settings\Jeremy\My Documents\Downloads\FreeMP4VideoConverter.exe    a variant of Win32/OpenCandy.A potentially unsafe application
C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
 



#15 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:03 AM

Posted 01 March 2016 - 03:52 PM

Please copy all text in the code box below and paste it into Notepad:
 

@echo off
del /f /s /q "C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Security Protection\Download\0x04011000\CloudAntivirus.exe”
del /f /s /q “C:\Documents and Settings\Jeremy\Application Data\Sun\Java\jre1.7.0_25\java_sp.dll”
del /f /s /q "C:\Documents and Settings\Jeremy\My Documents\Downloads\ccsetup500.exe”
del /f /s /q "C:\Documents and Settings\Jeremy\My Documents\Downloads\FreeMP4VideoConverter.exe”
del /f /s /q "C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe”
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

The files/folders, if found, will have been deleted and the "delfile.bat" file will also be deleted.

Please let me know if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users