1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus on PC - Please Help

Discussion in 'Virus & Other Malware Removal' started by Baggio, Feb 22, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hello there,

    Seemed to have downloaded a file by accident and now my computer seems to be running slowly, multiple windows popping up (unideal), windows closing etc..

    I have included the requested information about my computer below.
    Your assistance would be greatly appreciated at your convenience.

    Kind Regards,
    B

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 2
    RAM: 3063 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 305242 MB, Free - 4069 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  3. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Many thanks for your reply and help. Log cut and pasted below as per your request.

    Kind Regards,
    B


    # AdwCleaner v4.111 - Logfile created 22/02/2015 at 19:49:23
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Owner - OWNER-906BBD5F2
    # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\12300436468338312522
    Folder Deleted : C:\Program Files\UUniDDEEaalsa
    Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Pro_PC_Cleaner
    Folder Deleted : C:\Documents and Settings\Owner\My Documents\ProPCCleaner
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312\Extensions\[email protected]

    ***** [ Scheduled tasks ] *****

    Task Deleted : ProPCCleaner_Popup

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\ProPCCleanerLanguage
    Key Deleted : HKCU\Software\ProPCCleanerConfig
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\SPPDCOM
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vosteran
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Program
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)

    [h0tf5t3n.default-1419254505312\prefs.js] - Line Deleted : user_pref("extensions.A1zU2ppdTzDRcFbB.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjYErTa7qTk8rHUEpjnFqdr6pjr\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"[...]

    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [48780 bytes] - [27/04/2014 08:43:20]
    AdwCleaner[R1].txt - [7579 bytes] - [09/12/2014 19:49:57]
    AdwCleaner[R2].txt - [7639 bytes] - [09/12/2014 21:15:39]
    AdwCleaner[R3].txt - [7525 bytes] - [13/12/2014 21:48:49]
    AdwCleaner[R4].txt - [2766 bytes] - [22/02/2015 19:06:12]
    AdwCleaner[S0].txt - [49443 bytes] - [27/04/2014 08:45:07]
    AdwCleaner[S1].txt - [2740 bytes] - [22/02/2015 19:49:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2799 bytes] ##########
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Download to Desktop: DDS by sUBs from one of the below locations

    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.exe

    double click DDS to run it
    Make sure there is a check mark in DDS txt
    place a check mark in the attach.txt box and then press start

    Do not select any other options unless specifically told to

    When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

    Save both reports to your desktop.
    DDS.txt
    Attach.txt

    post the contents of both logs back here.
     
  5. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Thank-you kindly. Both logs posted below for your review.



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/6/2011 6:35:38 PM
    System Uptime: 2/22/2015 7:47:21 PM (24 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | uFC-PGA Socket | 1662/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 1.664 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\TOS6208\2&DABA3FF&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS6208\2&DABA3FF&0
    Service:
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_D9500A12\SOFTWARE
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_D9500A12\SOFTWARE
    Service:
    .
    ==== System Restore Points ===================
    .
    RP929: 12/30/2014 11:07:54 AM - System Checkpoint
    RP930: 12/31/2014 11:34:17 AM - System Checkpoint
    RP931: 1/1/2015 12:39:50 PM - System Checkpoint
    RP932: 1/2/2015 12:52:12 PM - System Checkpoint
    RP933: 1/3/2015 1:24:37 PM - System Checkpoint
    RP934: 1/4/2015 3:24:39 PM - System Checkpoint
    RP935: 1/5/2015 5:17:21 PM - System Checkpoint
    RP936: 1/6/2015 9:12:46 PM - System Checkpoint
    RP937: 1/8/2015 6:02:12 PM - System Checkpoint
    RP938: 1/10/2015 5:43:12 PM - System Checkpoint
    RP939: 1/12/2015 5:37:49 PM - System Checkpoint
    RP940: 1/13/2015 7:11:34 PM - Software Distribution Service 3.0
    RP941: 1/15/2015 4:45:41 PM - System Checkpoint
    RP942: 1/16/2015 8:34:37 PM - System Checkpoint
    RP943: 1/18/2015 5:25:35 PM - System Checkpoint
    RP944: 1/19/2015 7:53:45 PM - System Checkpoint
    RP945: 1/21/2015 5:52:06 PM - System Checkpoint
    RP946: 1/22/2015 6:48:14 PM - System Checkpoint
    RP947: 1/23/2015 7:15:51 PM - System Checkpoint
    RP948: 1/24/2015 7:31:20 PM - System Checkpoint
    RP949: 1/25/2015 12:22:33 PM - Removed WinZip 15.5
    RP950: 1/26/2015 5:25:28 PM - System Checkpoint
    RP951: 1/29/2015 5:10:23 PM - System Checkpoint
    RP952: 2/1/2015 8:44:33 AM - System Checkpoint
    RP953: 2/10/2015 5:31:12 PM - System Checkpoint
    RP954: 2/11/2015 7:35:33 PM - Software Distribution Service 3.0
    RP955: 2/13/2015 9:25:48 AM - System Checkpoint
    RP956: 2/14/2015 5:31:00 PM - System Checkpoint
    RP957: 2/15/2015 9:40:11 PM - System Checkpoint
    RP958: 2/16/2015 9:55:12 PM - System Checkpoint
    RP959: 2/17/2015 10:22:51 PM - System Checkpoint
    RP960: 2/19/2015 3:39:46 PM - System Checkpoint
    RP961: 2/20/2015 12:24:14 AM - Removed WinZip 19.0
    RP962: 2/21/2015 12:47:58 AM - System Checkpoint
    RP963: 2/22/2015 1:44:01 AM - System Checkpoint
    RP964: 2/23/2015 1:55:05 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Reader XI (11.0.10)
    Adobe Shockwave Player 12.0
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    AVS Audio Converter 7.3
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
    DivX
    Dropbox
    Faasoft Audio Converter 5.0.10.5323
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    Java 8 Update 25
    Java Auto Updater
    Junk Mail filter update
    Lexmark Printable Web
    Lexmark Pro200-S500 Series
    Malwarebytes Anti-Malware version 2.0.4.1028
    McAfee Internet Security
    McAfee SiteAdvisor
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Fix it Center
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Mozilla Firefox 35.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    neroxml
    PDFCreator
    Protector Suite 5.4
    QuickTime 7
    RPS CRT
    Safari
    SD Secure Module
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Shared C Run-time for x86
    SoundMAX
    Switch Sound File Converter
    swMSM
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA HDD Protection
    TOSHIBA Software Modem
    Toshiba Tbiosdrv Driver
    Total Recorder 8.3 Standard Edition
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player
    Vuze
    WavePad Sound Editor
    WebFldrs XP
    Windows Driver Package - Intel (E100B) Net (12/06/2007 8.0.47.0)
    Windows Driver Package - Intel (NETw5x32) net (09/15/2009 13.0.0.107)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    WinZip 19.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/21/2015 12:11:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall Service service to connect.
    2/21/2015 12:11:36 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/21/2015 12:11:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Boot Delay Start Service service to connect.
    2/21/2015 12:11:33 PM, error: Service Control Manager [7000] - The McAfee Boot Delay Start Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/21/2015 12:10:29 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/20/2015 12:25:08 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    2/18/2015 3:36:44 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Boot Delay Start Service service, but this action failed with the following error: An instance of the service is already running.
    2/17/2015 1:33:32 PM, error: Service Control Manager [7031] - The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/16/2015 4:53:00 PM, error: Service Control Manager [7022] - The McAfee Boot Delay Start Service service hung on starting.
    2/16/2015 4:51:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.
    2/16/2015 4:51:32 PM, error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/16/2015 2:15:29 PM, error: Service Control Manager [7031] - The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================






    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.25.2
    Run by Owner at 19:39:52 on 2015-02-23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.1474 [GMT -5:00]
    .
    AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\lxebcoms.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\McAfee\MSC\McAPExe.exe
    C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinZip\WZQKPICK32.EXE
    C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uWindow Title = Windows Internet Explorer provided by MSN & Bing
    mStart Page = about:blank
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ProPCCleaner] c:\program files\pro pc cleaner\ProPCCleaner.exe true
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [ThpSrv] thpsrv /logon
    mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\joaquin.lnk - c:\avenger\Joaquin.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315411040171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{629FB753-1EA6-4422-A102-6B67E976C157} : DHCPNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - psqlpwd.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\h0tf5t3n.default-1419254505312\
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 576048]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2011-9-7 6144]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-12-26 93624]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-9-8 54760]
    R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-5-19 131136]
    R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-5-19 145568]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-5-19 655936]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-5-19 169800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-5-19 179600]
    R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 62832]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-26 238176]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 369248]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 350240]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
    R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-9-23 91216]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2011-9-8 193192]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-5-19 147912]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-26 67816]
    S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81296]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
    .
    =============== File Associations ===============
    .
    ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2015-02-20 05:28:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
    2015-02-20 02:49:01 -------- d-----w- c:\documents and settings\all users\application data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
    2015-02-10 01:06:26 5070512 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2015-02-21 13:55:15 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-10 22:06:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-02-10 22:06:29 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-21 17:55:04 114904 ----a-w- c:\windows\system32\drivers\53733D4A.sys
    2014-12-21 16:11:58 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-12-21 16:11:52 146432 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ============= FINISH: 19:41:20.93 ===============
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    go to add/remove programs and uninstall pro pc cleaner
    then reboot then
    Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop or your downloads folder.

    **Note: It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  7. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    A bit of a problem to report with these next steps I'm afraid.
    When I try to download the combofix link that you give me - upon completion it states that download failed and my McFee Internet Security pops up and informs me that it has quarantined a trojan.

    Shall I disable my anti-virus prior to downloading combo-fix in order to avoid this?

    Many thanks in advance,
    B
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    yes. you need to turn off mcafee prior to downloading or running Combofix
     
  9. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Hi there,

    Apologies for the late reply. Managed to download and run combo fix. As requested, log is posted below.

    Thank-you kindly.
    b


    ComboFix 15-03-01.01 - Owner 03/02/2015 21:43:36.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2144 [GMT -5:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\SPL1B6.tmp
    c:\documents and settings\All Users\SPLCA.tmp
    c:\windows\msdownld.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-02-03 to 2015-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-20 05:28 . 2015-02-20 05:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
    2015-02-20 02:49 . 2015-02-21 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
    2015-02-10 01:06 . 2015-02-10 22:06 5070512 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-21 13:55 . 2014-11-30 03:26 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-10 22:06 . 2012-08-30 04:32 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-02-10 22:06 . 2011-09-08 15:02 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-21 17:55 . 2014-12-21 17:55 114904 ----a-w- c:\windows\system32\drivers\53733D4A.sys
    2014-12-21 16:11 . 2014-12-21 16:12 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-12-21 16:11 . 2014-12-21 16:12 146432 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="thpsrv" [X]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-15 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-15 118784]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
    "lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
    "EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
    "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-10 42555824]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-10-27 565616]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\lxebcoms.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\Platform\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Owner\\Application Data\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/25/2011 1:12 AM 436792]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 10:31 PM 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/7/2011 10:11 AM 6144]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/26/2012 9:08 AM 93624]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 5:00 PM 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 4:59 PM 33024]
    R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
    R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
    R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [5/19/2013 7:16 PM 145568]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
    R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [5/19/2013 7:18 PM 655936]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/19/2013 7:16 PM 169800]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/19/2013 7:06 PM 179600]
    R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 4:33 PM 3456]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/26/2012 9:12 AM 62832]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/26/2012 9:05 AM 369248]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [11/2/2012 12:46 AM 350240]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/19/2013 7:15 PM 87520]
    R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [9/23/2011 12:21 PM 91216]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [9/8/2011 11:01 AM 193192]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/19/2013 7:17 PM 132160]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [5/19/2013 7:17 PM 147912]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
    S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [11/2/2012 12:46 AM 81296]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/19/2013 7:15 PM 87520]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 22:06]
    .
    2015-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2015-03-02 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-04-27 01:59]
    .
    2014-04-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-04-27 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    HKCU-Run-ProPCCleaner - c:\program files\Pro PC Cleaner\ProPCCleaner.exe
    c:\documents and settings\Owner\Start Menu\Programs\Startup\Joaquin.lnk - c:\avenger\Joaquin.exe --startup=1
    AddRemove-Switch - c:\program files\NCH Software\Switch\switch.exe
    AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-03-02 21:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\09\04\08\11 \01y"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1416)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\crypto.dll
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'lsass.exe'(1472)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    .
    Completion time: 2015-03-02 21:59:58
    ComboFix-quarantined-files.txt 2015-03-03 02:59
    .
    Pre-Run: 26,115,354,624 bytes free
    Post-Run: 27,756,302,336 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 799313CC678D93BA558014AECAB7BF1C
    8F558EB6672622401DA993E1E865C861
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    I can't see anything bad there. Are you still getting any problems
     
  11. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Seems to be running a bit slow but no major problems.

    Thanks so much for your help - it does not go unnoticed!
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    lets see if this shows any more

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 32 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • under the optional; scans, please also select shortcuts
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  13. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Thank-you. Here are the logs that came up as requested..


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2015
    Ran by Owner (administrator) on OWNER-906BBD5F2 on 07-03-2015 16:35:37
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Loaded Profiles: Owner (Available profiles: Owner & Administrator)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    ( ) C:\WINDOWS\system32\lxebcoms.exe
    (McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Agere Systems) C:\WINDOWS\agrsmmsg.exe
    (TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
    () C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
    (UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
    () C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
    (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
    (Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
    (McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-15] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-15] (Intel Corporation)
    HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-05-05] (UPEK Inc.)
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-14] (Agere Systems)
    HKLM\...\Run: [ThpSrv] => thpsrv /logon
    HKLM\...\Run: [lxebmon.exe] => C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
    HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
    HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-25] (Macrovision Corporation)
    HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\RunOnce: [Adobe Speed Launcher] => 1425763668
    Lsa: [Notification Packages] scecli psqlpwd
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
    SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1315411040171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
    Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
    FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-18]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-07]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-05-19]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-19]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-05-19]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 lxebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
    R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [598696 2010-04-14] ( )
    R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
    U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
    R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
    R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
    R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [176128 2005-12-20] (TOSHIBA Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
    R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.) [File not signed]
    R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.) [File not signed]
    R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
    R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
    R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
    S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
    R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-14] (Intel Corporation)
    R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
    R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
    R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.) [File not signed]
    R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-12-25] () [File not signed]
    S3 TBiosDrv; C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] () [File not signed]
    R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-27] (TOSHIBA Corporation) [File not signed]
    R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91216 2011-07-08] (High Criteria inc.)
    S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
    U0 mfewfpk; No ImagePath
    U3 TlntSvr; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-07 16:32 - 2015-03-07 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    2015-03-07 16:27 - 2015-03-07 16:27 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\My Safe
    2015-03-07 07:24 - 2015-03-07 07:24 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-03-06 16:35 - 2015-03-06 16:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-03-02 22:00 - 2015-03-07 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
    2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
    2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
    2015-03-02 21:59 - 2015-03-02 21:59 - 00016413 _____ () C:\ComboFix.txt
    2015-03-02 21:34 - 2015-03-02 21:34 - 00000000 _RSHD () C:\cmdcons
    2015-03-02 21:34 - 2011-09-06 17:26 - 00000211 _____ () C:\Boot.bak
    2015-03-02 21:34 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2015-03-02 21:28 - 2015-03-02 22:00 - 00000000 ____D () C:\Qoobox
    2015-03-02 21:28 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2015-03-02 21:28 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2015-03-02 21:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2015-03-02 21:28 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2015-03-02 21:27 - 2015-03-02 21:57 - 00000000 ____D () C:\WINDOWS\erdnt
    2015-03-02 20:39 - 2015-03-02 20:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\2015 Taxes
    2015-02-20 00:28 - 2015-02-20 00:28 - 00001732 _____ () C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
    2015-02-20 00:28 - 2015-02-20 00:28 - 00001732 _____ () C:\Documents and Settings\All Users\Desktop\WinZip.lnk
    2015-02-20 00:28 - 2015-02-20 00:28 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
    2015-02-20 00:28 - 2015-02-20 00:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
    2015-02-20 00:27 - 2015-02-20 00:28 - 00000000 ____D () C:\Program Files\WinZip
    2015-02-19 21:49 - 2015-02-21 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
    2015-02-09 20:06 - 2015-02-10 17:06 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-07 16:35 - 2014-12-09 21:36 - 00000000 ____D () C:\FRST
    2015-03-07 16:32 - 2014-04-27 10:20 - 00001611 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
    2015-03-07 16:28 - 2012-06-30 10:53 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
    2015-03-07 16:28 - 2012-06-30 10:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
    2015-03-07 16:28 - 2011-09-08 11:02 - 00545802 _____ () C:\Documents and Settings\All Users\lxebscan.log
    2015-03-07 16:28 - 2011-09-06 17:32 - 01103657 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-03-07 16:27 - 2014-03-19 15:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-03-07 16:27 - 2011-09-06 17:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-03-07 16:27 - 2011-09-06 13:22 - 00000157 _____ () C:\WINDOWS\wiadebug.log
    2015-03-07 16:27 - 2011-09-06 13:22 - 00000048 _____ () C:\WINDOWS\wiaservc.log
    2015-03-07 14:49 - 2011-09-06 17:46 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-03-07 14:49 - 2011-09-06 17:46 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2015-03-07 14:09 - 2011-09-28 12:37 - 00696180 _____ () C:\Documents and Settings\All Users\lxeb.log
    2015-03-07 08:06 - 2012-08-29 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-03-07 07:27 - 2011-10-03 08:58 - 00000000 ____D () C:\Program Files\Java
    2015-03-07 07:22 - 2014-12-21 11:12 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
    2015-03-07 07:22 - 2014-12-21 11:12 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
    2015-03-06 22:23 - 2014-08-05 12:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
    2015-03-06 21:53 - 2014-04-27 09:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-03-05 19:11 - 2011-09-08 10:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
    2015-03-05 17:29 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-03-04 17:26 - 2011-09-08 10:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2015-03-04 17:26 - 2011-09-06 17:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2015-03-02 21:56 - 2014-11-29 23:00 - 00000000 ____D () C:\Avenger
    2015-03-02 21:56 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2015-03-02 21:34 - 2011-09-06 13:17 - 00000327 __RSH () C:\boot.ini
    2015-03-02 20:25 - 2014-08-28 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\De La Salle
    2015-03-02 20:25 - 2011-07-31 19:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\LPS
    2015-03-01 14:22 - 2011-09-10 09:16 - 00071680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-28 08:05 - 2011-09-08 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
    2015-02-28 07:30 - 2013-05-19 19:14 - 00000000 ____D () C:\Program Files\McAfee
    2015-02-27 22:58 - 2014-07-18 12:54 - 00174957 _____ () C:\WINDOWS\setupapi.log
    2015-02-24 19:30 - 2011-09-07 10:57 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
    2015-02-22 23:24 - 2011-07-31 19:50 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MR
    2015-02-22 19:55 - 2014-10-19 07:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Doc Film Proposals
    2015-02-22 19:49 - 2014-04-27 08:42 - 00000000 ____D () C:\AdwCleaner
    2015-02-21 11:40 - 2012-01-14 08:21 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-02-21 08:55 - 2014-11-29 22:26 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-02-20 07:09 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner
    2015-02-20 00:29 - 2015-01-25 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
    2015-02-18 20:13 - 2014-08-06 21:29 - 00001039 _____ () C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
    2015-02-18 20:13 - 2014-08-06 21:28 - 00001941 _____ () C:\Documents and Settings\All Users\Desktop\NCH Software.lnk
    2015-02-13 09:48 - 2014-07-01 09:58 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
    2015-02-13 08:00 - 2012-06-30 10:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
    2015-02-11 19:49 - 2013-08-14 22:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-02-11 19:44 - 2011-09-07 10:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
    2015-02-11 19:40 - 2014-07-01 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2015-02-11 19:40 - 2011-09-07 14:37 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-02-10 17:06 - 2012-08-29 23:32 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-02-10 17:06 - 2011-09-08 10:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2012-02-17 00:02 - 2012-02-17 00:04 - 0000289 _____ () C:\Documents and Settings\Owner\Application Data\burnaware.ini
    2011-09-10 09:16 - 2015-03-01 14:22 - 0071680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-10-20 08:22 - 2011-10-20 08:22 - 0000000 _____ () C:\Documents and Settings\All Users\cmn_upld.log
    2011-09-08 11:05 - 2011-09-08 11:05 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log
    2011-09-28 12:37 - 2015-03-07 14:09 - 0696180 _____ () C:\Documents and Settings\All Users\lxeb.log
    2012-01-13 08:54 - 2013-04-08 20:57 - 0000675 _____ () C:\Documents and Settings\All Users\lxebDiagnostics.log
    2011-09-17 17:15 - 2014-02-22 10:44 - 0051103 _____ () C:\Documents and Settings\All Users\lxebJSW.log
    2011-09-08 11:02 - 2015-03-07 16:28 - 0545802 _____ () C:\Documents and Settings\All Users\lxebscan.log
    2011-10-20 08:22 - 2011-10-20 08:22 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log
    2011-09-08 10:56 - 2011-09-08 10:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\temp\cct.dll
    C:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcrogk.dll
    C:\Documents and Settings\Owner\Local Settings\temp\jre-8u40-windows-au.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2015
    Ran by Owner at 2015-03-07 16:37:40
    Running from C:\Documents and Settings\Owner\My Documents\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
    Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
    Dropbox (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    Faasoft Audio Converter 5.0.10.5323 (HKLM\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version: - Faasoft Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
    InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.380 - InterVideo Inc.)
    InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.542 - InterVideo Inc.)
    iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
    McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSN (HKLM\...\MSNINST) (Version: - )
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
    Protector Suite 5.4 (HKLM\...\{737629F4-4111-4FD4-9071-29873B7C6426}) (Version: 5.4.0.2934 - UPEK)
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RPS CRT (Version: 9.0.40 - Bell) Hidden
    Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.4 - TOSHIBA Corporation)
    Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4321 - Analog Devices)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
    TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 1.01.08e - TOSHIBA Corporation)
    TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
    Toshiba Tbiosdrv Driver (HKLM\...\Toshiba Tbiosdrv Driver) (Version: - )
    Total Recorder 8.3 Standard Edition (HKLM\...\TotalRecorder) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Driver Package - Intel (E100B) Net (12/06/2007 8.0.47.0) (HKLM\...\01729CC98CCF44B7B07959E89E1C2ECE7E77CE61) (Version: 12/06/2007 8.0.47.0 - Intel)
    Windows Driver Package - Intel (NETw5x32) net (09/15/2009 13.0.0.107) (HKLM\...\F01807101EBDFA763D74F1891D2AA31593E493C5) (Version: 09/15/2009 13.0.0.107 - Intel)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Owner\Local Settings\Application Data\Vosteran\Application\31.0.1650.23\d (the data entry has 28 more characters).
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    30-12-2014 11:07:54 System Checkpoint
    31-12-2014 11:34:17 System Checkpoint
    01-01-2015 12:39:50 System Checkpoint
    02-01-2015 12:52:12 System Checkpoint
    03-01-2015 13:24:37 System Checkpoint
    04-01-2015 15:24:39 System Checkpoint
    05-01-2015 17:17:21 System Checkpoint
    06-01-2015 21:12:46 System Checkpoint
    08-01-2015 18:02:12 System Checkpoint
    10-01-2015 17:43:12 System Checkpoint
    12-01-2015 17:37:49 System Checkpoint
    13-01-2015 19:11:34 Software Distribution Service 3.0
    15-01-2015 16:45:41 System Checkpoint
    16-01-2015 20:34:37 System Checkpoint
    18-01-2015 17:25:35 System Checkpoint
    19-01-2015 19:53:45 System Checkpoint
    21-01-2015 17:52:06 System Checkpoint
    22-01-2015 18:48:14 System Checkpoint
    23-01-2015 19:15:51 System Checkpoint
    24-01-2015 19:31:20 System Checkpoint
    25-01-2015 12:22:33 Removed WinZip 15.5
    26-01-2015 17:25:28 System Checkpoint
    29-01-2015 17:10:23 System Checkpoint
    01-02-2015 08:44:33 System Checkpoint
    10-02-2015 17:31:12 System Checkpoint
    11-02-2015 19:35:33 Software Distribution Service 3.0
    13-02-2015 09:25:48 System Checkpoint
    14-02-2015 17:31:00 System Checkpoint
    15-02-2015 21:40:11 System Checkpoint
    16-02-2015 21:55:12 System Checkpoint
    17-02-2015 22:22:51 System Checkpoint
    19-02-2015 15:39:46 System Checkpoint
    20-02-2015 00:24:14 Removed WinZip 19.0
    21-02-2015 00:47:58 System Checkpoint
    22-02-2015 01:44:01 System Checkpoint
    23-02-2015 01:55:05 System Checkpoint
    24-02-2015 07:44:13 System Checkpoint
    25-02-2015 08:19:06 System Checkpoint
    26-02-2015 08:59:53 System Checkpoint
    27-02-2015 09:52:10 System Checkpoint
    28-02-2015 12:13:21 System Checkpoint
    01-03-2015 13:06:54 System Checkpoint
    02-03-2015 15:30:54 System Checkpoint
    03-03-2015 21:43:39 System Checkpoint
    05-03-2015 18:08:16 System Checkpoint
    07-03-2015 08:27:42 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 07:00 - 2015-03-02 21:56 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (whitelisted) ==============

    2011-10-03 09:16 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
    2011-09-08 11:01 - 2009-11-04 08:14 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxebdrpp.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2011-09-08 10:58 - 2011-01-23 20:00 - 00770728 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
    2011-09-08 10:58 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
    2011-09-08 11:01 - 2009-05-27 07:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll
    2011-09-08 10:58 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebDRS.dll
    2011-09-08 10:58 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
    2011-09-08 10:56 - 2009-02-20 03:48 - 00299008 _____ () C:\WINDOWS\system32\lxebsm.dll
    2011-09-08 10:56 - 2009-02-20 03:48 - 00023552 _____ () C:\WINDOWS\system32\lxebsmr.dll
    2011-09-08 10:58 - 2011-01-23 20:00 - 00148280 _____ () C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
    2011-09-08 10:58 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epwizard.DLL
    2011-09-08 10:58 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
    2011-09-08 10:58 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Eputil.DLL
    2011-09-08 10:58 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Imagutil.DLL
    2011-09-08 10:58 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epfunct.DLL
    2011-09-08 10:58 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPWizRes.dll
    2011-09-08 10:58 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
    2011-09-08 10:58 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPOEMDll.dll
    2011-09-08 10:58 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
    2011-09-08 10:58 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libGLESv2.dll
    2015-03-07 16:28 - 2015-03-07 16:28 - 00043008 _____ () c:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcrogk.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libEGL.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2015-02-10 17:06 - 2015-02-10 17:06 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.2.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1614895754-2025429265-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1614895754-2025429265-1417001333-1004 - Limited - Enabled)
    Guest (S-1-5-21-1614895754-2025429265-1417001333-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1614895754-2025429265-1417001333-1000 - Limited - Disabled)
    Owner (S-1-5-21-1614895754-2025429265-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
    SUPPORT_388945a0 (S-1-5-21-1614895754-2025429265-1417001333-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2250

    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2250

    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/05/2015 07:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x000000cc.
    Processing media-specific event for [McSvHost.exe!ws!]

    Error: (03/02/2015 10:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application psqltray.exe, version 5.4.0.2934, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
    Processing media-specific event for [psqltray.exe!ws!]

    Error: (03/02/2015 09:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

    Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

    Error: (02/19/2015 10:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (02/19/2015 10:38:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application firefox.exe, version 35.0.1.5500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (03/07/2015 04:28:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Boot Delay Start Service service hung on starting.

    Error: (03/07/2015 04:27:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxebCATSCustConnectService service failed to start due to the following error:
    %%1053

    Error: (03/07/2015 04:27:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.

    Error: (03/07/2015 02:35:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Boot Delay Start Service service, but this action failed with the following error:
    %%1056

    Error: (03/07/2015 02:34:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (03/07/2015 02:09:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

    Error: (03/07/2015 07:18:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

    Error: (03/07/2015 07:15:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Boot Delay Start Service service hung on starting.

    Error: (03/07/2015 07:14:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The lxebCATSCustConnectService service failed to start due to the following error:
    %%1053

    Error: (03/07/2015 07:14:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.


    Microsoft Office Sessions:
    =========================
    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2250

    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2250

    Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/05/2015 07:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: McSvHost.exe3.8.703.0unknown0.0.0.0000000cc

    Error: (03/02/2015 10:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: psqltray.exe5.4.0.2934ntdll.dll5.1.2600.6055000101b3

    Error: (03/02/2015 09:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008d1c0

    Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

    Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

    Error: (02/19/2015 10:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.5500mozalloc.dll35.0.1.550000001425

    Error: (02/19/2015 10:38:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: firefox.exe35.0.1.5500hungapp0.0.0.000000000


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
    Percentage of memory in use: 34%
    Total physical RAM: 3063.17 MB
    Available physical RAM: 2000.4 MB
    Total Pagefile: 5969.76 MB
    Available Pagefile: 5043.35 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1937.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:298.09 GB) (Free:12.93 GB) NTFS ==>[Drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A47DA47D)
    Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,283
    First Name:
    Derek
    Nothing showing bad there either
    I would guess the slowdown is caused by MacAfee being a bit to heavy for that older computer, although with 3 gb of ram it should cope


    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.
     
  15. Baggio

    Baggio Thread Starter

    Joined:
    Mar 27, 2009
    Messages:
    95
    Great have carried out these last steps. Thanks again for all your help - it is very much appreciated!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143592

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice