Virus on PC - Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Hello there,

Seemed to have downloaded a file by accident and now my computer seems to be running slowly, multiple windows popping up (unideal), windows closing etc..

I have included the requested information about my computer below.
Your assistance would be greatly appreciated at your convenience.

Kind Regards,
B

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 3063 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 305242 MB, Free - 4069 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: PC Cleaner Pro, Updated: Yes, On-Demand Scanner: Disabled
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Many thanks for your reply and help. Log cut and pasted below as per your request.

Kind Regards,
B


# AdwCleaner v4.111 - Logfile created 22/02/2015 at 19:49:23
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - OWNER-906BBD5F2
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\12300436468338312522
Folder Deleted : C:\Program Files\UUniDDEEaalsa
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Pro_PC_Cleaner
Folder Deleted : C:\Documents and Settings\Owner\My Documents\ProPCCleaner
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312\Extensions\[email protected]

***** [ Scheduled tasks ] *****

Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vosteran
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Program
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[h0tf5t3n.default-1419254505312\prefs.js] - Line Deleted : user_pref("extensions.A1zU2ppdTzDRcFbB.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjYErTa7qTk8rHUEpjnFqdr6pjr\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [48780 bytes] - [27/04/2014 08:43:20]
AdwCleaner[R1].txt - [7579 bytes] - [09/12/2014 19:49:57]
AdwCleaner[R2].txt - [7639 bytes] - [09/12/2014 21:15:39]
AdwCleaner[R3].txt - [7525 bytes] - [13/12/2014 21:48:49]
AdwCleaner[R4].txt - [2766 bytes] - [22/02/2015 19:06:12]
AdwCleaner[S0].txt - [49443 bytes] - [27/04/2014 08:45:07]
AdwCleaner[S1].txt - [2740 bytes] - [22/02/2015 19:49:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2799 bytes] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Download to Desktop: DDS by sUBs from one of the below locations

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe

double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start

Do not select any other options unless specifically told to

When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

Save both reports to your desktop.
DDS.txt
Attach.txt

post the contents of both logs back here.
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Thank-you kindly. Both logs posted below for your review.



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/6/2011 6:35:38 PM
System Uptime: 2/22/2015 7:47:21 PM (24 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | uFC-PGA Socket | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 1.664 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\TOS6208\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6208\2&DABA3FF&0
Service:
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_D9500A12\SOFTWARE
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_D9500A12\SOFTWARE
Service:
.
==== System Restore Points ===================
.
RP929: 12/30/2014 11:07:54 AM - System Checkpoint
RP930: 12/31/2014 11:34:17 AM - System Checkpoint
RP931: 1/1/2015 12:39:50 PM - System Checkpoint
RP932: 1/2/2015 12:52:12 PM - System Checkpoint
RP933: 1/3/2015 1:24:37 PM - System Checkpoint
RP934: 1/4/2015 3:24:39 PM - System Checkpoint
RP935: 1/5/2015 5:17:21 PM - System Checkpoint
RP936: 1/6/2015 9:12:46 PM - System Checkpoint
RP937: 1/8/2015 6:02:12 PM - System Checkpoint
RP938: 1/10/2015 5:43:12 PM - System Checkpoint
RP939: 1/12/2015 5:37:49 PM - System Checkpoint
RP940: 1/13/2015 7:11:34 PM - Software Distribution Service 3.0
RP941: 1/15/2015 4:45:41 PM - System Checkpoint
RP942: 1/16/2015 8:34:37 PM - System Checkpoint
RP943: 1/18/2015 5:25:35 PM - System Checkpoint
RP944: 1/19/2015 7:53:45 PM - System Checkpoint
RP945: 1/21/2015 5:52:06 PM - System Checkpoint
RP946: 1/22/2015 6:48:14 PM - System Checkpoint
RP947: 1/23/2015 7:15:51 PM - System Checkpoint
RP948: 1/24/2015 7:31:20 PM - System Checkpoint
RP949: 1/25/2015 12:22:33 PM - Removed WinZip 15.5
RP950: 1/26/2015 5:25:28 PM - System Checkpoint
RP951: 1/29/2015 5:10:23 PM - System Checkpoint
RP952: 2/1/2015 8:44:33 AM - System Checkpoint
RP953: 2/10/2015 5:31:12 PM - System Checkpoint
RP954: 2/11/2015 7:35:33 PM - Software Distribution Service 3.0
RP955: 2/13/2015 9:25:48 AM - System Checkpoint
RP956: 2/14/2015 5:31:00 PM - System Checkpoint
RP957: 2/15/2015 9:40:11 PM - System Checkpoint
RP958: 2/16/2015 9:55:12 PM - System Checkpoint
RP959: 2/17/2015 10:22:51 PM - System Checkpoint
RP960: 2/19/2015 3:39:46 PM - System Checkpoint
RP961: 2/20/2015 12:24:14 AM - Removed WinZip 19.0
RP962: 2/21/2015 12:47:58 AM - System Checkpoint
RP963: 2/22/2015 1:44:01 AM - System Checkpoint
RP964: 2/23/2015 1:55:05 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Shockwave Player 12.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVS Audio Converter 7.3
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
DivX
Dropbox
Faasoft Audio Converter 5.0.10.5323
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Lexmark Printable Web
Lexmark Pro200-S500 Series
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB973688)
neroxml
PDFCreator
Protector Suite 5.4
QuickTime 7
RPS CRT
Safari
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Shared C Run-time for x86
SoundMAX
Switch Sound File Converter
swMSM
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA HDD Protection
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
Total Recorder 8.3 Standard Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player
Vuze
WavePad Sound Editor
WebFldrs XP
Windows Driver Package - Intel (E100B) Net (12/06/2007 8.0.47.0)
Windows Driver Package - Intel (NETw5x32) net (09/15/2009 13.0.0.107)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
WinZip 19.0
.
==== Event Viewer Messages From Past Week ========
.
2/21/2015 12:11:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Personal Firewall Service service to connect.
2/21/2015 12:11:36 PM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2015 12:11:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Boot Delay Start Service service to connect.
2/21/2015 12:11:33 PM, error: Service Control Manager [7000] - The McAfee Boot Delay Start Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2015 12:10:29 PM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/20/2015 12:25:08 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/18/2015 3:36:44 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Boot Delay Start Service service, but this action failed with the following error: An instance of the service is already running.
2/17/2015 1:33:32 PM, error: Service Control Manager [7031] - The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/16/2015 4:53:00 PM, error: Service Control Manager [7022] - The McAfee Boot Delay Start Service service hung on starting.
2/16/2015 4:51:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.
2/16/2015 4:51:32 PM, error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2015 2:15:29 PM, error: Service Control Manager [7031] - The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================






DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 11.25.2
Run by Owner at 19:39:52 on 2015-02-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.1474 [GMT -5:00]
.
AV: PC Cleaner Pro *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\lxebcoms.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Owner\Application Data\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Windows Internet Explorer provided by MSN & Bing
mStart Page = about:blank
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ProPCCleaner] c:\program files\pro pc cleaner\ProPCCleaner.exe true
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ThpSrv] thpsrv /logon
mRun: [lxebmon.exe] "c:\program files\lexmark pro200-s500 series\lxebmon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro200-s500 series\ezprint.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\joaquin.lnk - c:\avenger\Joaquin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315411040171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{629FB753-1EA6-4422-A102-6B67E976C157} : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\h0tf5t3n.default-1419254505312\
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-12-26 576048]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2011-9-7 6144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-12-26 93624]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-9-8 54760]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2013-5-19 131136]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-5-19 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-5-19 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-5-19 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-5-19 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-5-19 179600]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 62832]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-12-26 238176]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 350240]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-9-23 91216]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [2011-9-8 193192]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-5-19 147912]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-12-26 67816]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81296]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2013-5-19 87520]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"
.
=============== Created Last 30 ================
.
2015-02-20 05:28:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
2015-02-20 02:49:01 -------- d-----w- c:\documents and settings\all users\application data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
2015-02-10 01:06:26 5070512 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2015-02-21 13:55:15 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-10 22:06:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-10 22:06:29 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-21 17:55:04 114904 ----a-w- c:\windows\system32\drivers\53733D4A.sys
2014-12-21 16:11:58 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-21 16:11:52 146432 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 19:41:20.93 ===============
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
go to add/remove programs and uninstall pro pc cleaner
then reboot then
Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop or your downloads folder.

**Note: It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
A bit of a problem to report with these next steps I'm afraid.
When I try to download the combofix link that you give me - upon completion it states that download failed and my McFee Internet Security pops up and informs me that it has quarantined a trojan.

Shall I disable my anti-virus prior to downloading combo-fix in order to avoid this?

Many thanks in advance,
B
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
yes. you need to turn off mcafee prior to downloading or running Combofix
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Hi there,

Apologies for the late reply. Managed to download and run combo fix. As requested, log is posted below.

Thank-you kindly.
b


ComboFix 15-03-01.01 - Owner 03/02/2015 21:43:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3063.2144 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL1B6.tmp
c:\documents and settings\All Users\SPLCA.tmp
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-02-03 to 2015-03-03 )))))))))))))))))))))))))))))))
.
.
2015-02-20 05:28 . 2015-02-20 05:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2015-02-20 02:49 . 2015-02-21 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
2015-02-10 01:06 . 2015-02-10 22:06 5070512 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-21 13:55 . 2014-11-30 03:26 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-10 22:06 . 2012-08-30 04:32 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-10 22:06 . 2011-09-08 15:02 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-21 17:55 . 2014-12-21 17:55 114904 ----a-w- c:\windows\system32\drivers\53733D4A.sys
2014-12-21 16:11 . 2014-12-21 16:12 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-12-21 16:11 . 2014-12-21 16:12 146432 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\documents and settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-15 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-15 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"lxebmon.exe"="c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 517392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-10 42555824]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2014-10-27 565616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxebcoms.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\Platform\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/25/2011 1:12 AM 436792]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 10:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/7/2011 10:11 AM 6144]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [12/26/2012 9:08 AM 93624]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 5:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 4:59 PM 33024]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [5/19/2013 7:16 PM 145568]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [5/19/2013 7:15 PM 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [5/19/2013 7:18 PM 655936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/19/2013 7:16 PM 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/19/2013 7:06 PM 179600]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 4:33 PM 3456]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [12/26/2012 9:12 AM 62832]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [12/26/2012 9:05 AM 369248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [11/2/2012 12:46 AM 350240]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/19/2013 7:15 PM 87520]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [9/23/2011 12:21 PM 91216]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxebserv.exe [9/8/2011 11:01 AM 193192]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [5/19/2013 7:17 PM 132160]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [5/19/2013 7:17 PM 147912]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [11/2/2012 12:46 AM 81296]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/19/2013 7:15 PM 87520]
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 22:06]
.
2015-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2015-03-02 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-04-27 01:59]
.
2014-04-27 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-04-27 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-ProPCCleaner - c:\program files\Pro PC Cleaner\ProPCCleaner.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\Joaquin.lnk - c:\avenger\Joaquin.exe --startup=1
AddRemove-Switch - c:\program files\NCH Software\Switch\switch.exe
AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-02 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\04\08\11 \01y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1416)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1472)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2015-03-02 21:59:58
ComboFix-quarantined-files.txt 2015-03-03 02:59
.
Pre-Run: 26,115,354,624 bytes free
Post-Run: 27,756,302,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 799313CC678D93BA558014AECAB7BF1C
8F558EB6672622401DA993E1E865C861
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
I can't see anything bad there. Are you still getting any problems
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Seems to be running a bit slow but no major problems.

Thanks so much for your help - it does not go unnoticed!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
lets see if this shows any more

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 32 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • under the optional; scans, please also select shortcuts
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Thank-you. Here are the logs that came up as requested..


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2015
Ran by Owner (administrator) on OWNER-906BBD5F2 on 07-03-2015 16:35:37
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\system32\lxebcoms.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Agere Systems) C:\WINDOWS\agrsmmsg.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\ThpSrv.exe
() C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
(UPEK Inc.) C:\Program Files\Protector Suite QL\psqltray.exe
() C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Dropbox, Inc.) C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
(McAfee, Inc.) C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [196608 2004-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-15] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] => C:\Program Files\Protector Suite QL\launcher.exe [30208 2006-05-05] (UPEK Inc.)
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88203 2005-10-14] (Agere Systems)
HKLM\...\Run: [ThpSrv] => thpsrv /logon
HKLM\...\Run: [lxebmon.exe] => C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\RunOnce: [Adobe Speed Launcher] => 1425763668
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {B0ABA7E4-1269-4F2D-9116-4A6DEDCE60B5} URL =
SearchScopes: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003 -> {FC5F965C-50F7-495F-A16F-C1E2946E31D0} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US1056D20140723&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1315411040171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.tcdsb.org/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\h0tf5t3n.default-1419254505312
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-12-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-09-07]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-05-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-05-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2013-05-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 lxebCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\WINDOWS\system32\lxebcoms.exe [598696 2010-04-14] ( )
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 Thpsrv; C:\WINDOWS\system32\ThpSrv.exe [176128 2005-12-20] (TOSHIBA Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)
R2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13568 2006-05-05] (UPEK Inc.) [File not signed]
R2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-05-05] (UPEK Inc.) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [21060 2003-09-10] (InterVideo, Inc.) [File not signed]
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-14] (Intel Corporation)
R3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R2 smihlp; C:\Program Files\Protector Suite QL\smihlp.sys [3456 2006-05-05] (UPEK Inc.) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [436792 2011-12-25] () [File not signed]
S3 TBiosDrv; C:\WINDOWS\system32\Drivers\Tbiosdrv.sys [6528 2002-01-24] () [File not signed]
R0 Thpdrv; C:\WINDOWS\System32\DRIVERS\thpdrv.sys [16384 2004-12-27] (TOSHIBA Corporation) [File not signed]
R3 TotRec8; C:\WINDOWS\system32\drivers\TotRec8.sys [91216 2011-07-08] (High Criteria inc.)
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
U0 mfewfpk; No ImagePath
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 16:32 - 2015-03-07 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2015-03-07 16:27 - 2015-03-07 16:27 - 00000000 __RSD () C:\Documents and Settings\Owner\My Documents\My Safe
2015-03-07 07:24 - 2015-03-07 07:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-03-06 16:35 - 2015-03-06 16:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-02 22:00 - 2015-03-07 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-03-02 22:00 - 2015-03-02 22:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2015-03-02 21:59 - 2015-03-02 21:59 - 00016413 _____ () C:\ComboFix.txt
2015-03-02 21:34 - 2015-03-02 21:34 - 00000000 _RSHD () C:\cmdcons
2015-03-02 21:34 - 2011-09-06 17:26 - 00000211 _____ () C:\Boot.bak
2015-03-02 21:34 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-03-02 21:28 - 2015-03-02 22:00 - 00000000 ____D () C:\Qoobox
2015-03-02 21:28 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-03-02 21:28 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-03-02 21:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-03-02 21:28 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-03-02 21:27 - 2015-03-02 21:57 - 00000000 ____D () C:\WINDOWS\erdnt
2015-03-02 20:39 - 2015-03-02 20:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\2015 Taxes
2015-02-20 00:28 - 2015-02-20 00:28 - 00001732 _____ () C:\Documents and Settings\All Users\Start Menu\WinZip.lnk
2015-02-20 00:28 - 2015-02-20 00:28 - 00001732 _____ () C:\Documents and Settings\All Users\Desktop\WinZip.lnk
2015-02-20 00:28 - 2015-02-20 00:28 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\WinZip
2015-02-20 00:28 - 2015-02-20 00:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
2015-02-20 00:27 - 2015-02-20 00:28 - 00000000 ____D () C:\Program Files\WinZip
2015-02-19 21:49 - 2015-02-21 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{ad624bd1-1733-77bc-ad62-24bd11732f44}
2015-02-09 20:06 - 2015-02-10 17:06 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 16:35 - 2014-12-09 21:36 - 00000000 ____D () C:\FRST
2015-03-07 16:32 - 2014-04-27 10:20 - 00001611 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Internet Security.lnk
2015-03-07 16:28 - 2012-06-30 10:53 - 00000000 ___RD () C:\Documents and Settings\Owner\My Documents\Dropbox
2015-03-07 16:28 - 2012-06-30 10:48 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Dropbox
2015-03-07 16:28 - 2011-09-08 11:02 - 00545802 _____ () C:\Documents and Settings\All Users\lxebscan.log
2015-03-07 16:28 - 2011-09-06 17:32 - 01103657 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-07 16:27 - 2014-03-19 15:17 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-03-07 16:27 - 2011-09-06 17:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-07 16:27 - 2011-09-06 13:22 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-03-07 16:27 - 2011-09-06 13:22 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-03-07 14:49 - 2011-09-06 17:46 - 00032506 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-07 14:49 - 2011-09-06 17:46 - 00000278 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2015-03-07 14:09 - 2011-09-28 12:37 - 00696180 _____ () C:\Documents and Settings\All Users\lxeb.log
2015-03-07 08:06 - 2012-08-29 23:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-07 07:27 - 2011-10-03 08:58 - 00000000 ____D () C:\Program Files\Java
2015-03-07 07:22 - 2014-12-21 11:12 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-03-07 07:22 - 2014-12-21 11:12 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-03-06 22:23 - 2014-08-05 12:45 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\uTorrent
2015-03-06 21:53 - 2014-04-27 09:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-05 19:11 - 2011-09-08 10:43 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2015-03-05 17:29 - 2008-04-14 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-04 17:26 - 2011-09-08 10:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-04 17:26 - 2011-09-06 17:36 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-03-02 21:56 - 2014-11-29 23:00 - 00000000 ____D () C:\Avenger
2015-03-02 21:56 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-02 21:34 - 2011-09-06 13:17 - 00000327 __RSH () C:\boot.ini
2015-03-02 20:25 - 2014-08-28 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\De La Salle
2015-03-02 20:25 - 2011-07-31 19:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\LPS
2015-03-01 14:22 - 2011-09-10 09:16 - 00071680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 08:05 - 2011-09-08 11:04 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats
2015-02-28 07:30 - 2013-05-19 19:14 - 00000000 ____D () C:\Program Files\McAfee
2015-02-27 22:58 - 2014-07-18 12:54 - 00174957 _____ () C:\WINDOWS\setupapi.log
2015-02-24 19:30 - 2011-09-07 10:57 - 00000000 __SHD () C:\Documents and Settings\Owner\UserData
2015-02-22 23:24 - 2011-07-31 19:50 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\MR
2015-02-22 19:55 - 2014-10-19 07:37 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Doc Film Proposals
2015-02-22 19:49 - 2014-04-27 08:42 - 00000000 ____D () C:\AdwCleaner
2015-02-21 11:40 - 2012-01-14 08:21 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-21 08:55 - 2014-11-29 22:26 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 07:09 - 2011-09-06 17:46 - 00000000 ____D () C:\Documents and Settings\Owner
2015-02-20 00:29 - 2015-01-25 12:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WinZip
2015-02-18 20:13 - 2014-08-06 21:29 - 00001039 _____ () C:\Documents and Settings\All Users\Desktop\WavePad Sound Editor.lnk
2015-02-18 20:13 - 2014-08-06 21:28 - 00001941 _____ () C:\Documents and Settings\All Users\Desktop\NCH Software.lnk
2015-02-13 09:48 - 2014-07-01 09:58 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-02-13 08:00 - 2012-06-30 10:50 - 00000000 ____D () C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2015-02-11 19:49 - 2013-08-14 22:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 19:44 - 2011-09-07 10:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-02-11 19:40 - 2014-07-01 09:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-02-11 19:40 - 2011-09-07 14:37 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 17:06 - 2012-08-29 23:32 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-10 17:06 - 2011-09-08 10:02 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2012-02-17 00:02 - 2012-02-17 00:04 - 0000289 _____ () C:\Documents and Settings\Owner\Application Data\burnaware.ini
2011-09-10 09:16 - 2015-03-01 14:22 - 0071680 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-20 08:22 - 2011-10-20 08:22 - 0000000 _____ () C:\Documents and Settings\All Users\cmn_upld.log
2011-09-08 11:05 - 2011-09-08 11:05 - 0000252 _____ () C:\Documents and Settings\All Users\FastPics.log
2011-09-28 12:37 - 2015-03-07 14:09 - 0696180 _____ () C:\Documents and Settings\All Users\lxeb.log
2012-01-13 08:54 - 2013-04-08 20:57 - 0000675 _____ () C:\Documents and Settings\All Users\lxebDiagnostics.log
2011-09-17 17:15 - 2014-02-22 10:44 - 0051103 _____ () C:\Documents and Settings\All Users\lxebJSW.log
2011-09-08 11:02 - 2015-03-07 16:28 - 0545802 _____ () C:\Documents and Settings\All Users\lxebscan.log
2011-10-20 08:22 - 2011-10-20 08:22 - 0000000 _____ () C:\Documents and Settings\All Users\LxWbGwLog.log
2011-09-08 10:56 - 2011-09-08 10:56 - 0000000 _____ () C:\Documents and Settings\All Users\UpdaterLog.txt

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\cct.dll
C:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcrogk.dll
C:\Documents and Settings\Owner\Local Settings\temp\jre-8u40-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2015
Ran by Owner at 2015-03-07 16:37:40
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVS Audio Converter 7.3 (HKLM\...\AVS Audio Converter_is1) (Version: 7.3.1.535 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
Dropbox (HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Faasoft Audio Converter 5.0.10.5323 (HKLM\...\{6A4806A7-4A4C-458C-B42F-BB508CA69F3F}_is1) (Version: - Faasoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4436 - )
InterVideo WinDVD Creator 2 (HKLM\...\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}) (Version: 2.0.14.380 - InterVideo Inc.)
InterVideo WinDVD for TOSHIBA (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.542 - InterVideo Inc.)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version: - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version: - )
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
Protector Suite 5.4 (HKLM\...\{737629F4-4111-4FD4-9071-29873B7C6426}) (Version: 5.4.0.2934 - UPEK)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RPS CRT (Version: 9.0.40 - Bell) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SD Secure Module (HKLM\...\{C45F4811-31D5-4786-801D-F79CD06EDD85}) (Version: 1.0.4 - TOSHIBA Corporation)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4321 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}) (Version: 1.16.0000 - Texas Instruments Inc.)
TIPCI (Version: 1.16.0000 - Texas Instruments Inc.) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 1.01.08e - TOSHIBA Corporation)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.62 (SM2162ALD04) - )
Toshiba Tbiosdrv Driver (HKLM\...\Toshiba Tbiosdrv Driver) (Version: - )
Total Recorder 8.3 Standard Edition (HKLM\...\TotalRecorder) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Intel (E100B) Net (12/06/2007 8.0.47.0) (HKLM\...\01729CC98CCF44B7B07959E89E1C2ECE7E77CE61) (Version: 12/06/2007 8.0.47.0 - Intel)
Windows Driver Package - Intel (NETw5x32) net (09/15/2009 13.0.0.107) (HKLM\...\F01807101EBDFA763D74F1891D2AA31593E493C5) (Version: 09/15/2009 13.0.0.107 - Intel)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Documents and Settings\Owner\Local Settings\Application Data\Vosteran\Application\31.0.1650.23\d (the data entry has 28 more characters).
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1614895754-2025429265-1417001333-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-12-2014 11:07:54 System Checkpoint
31-12-2014 11:34:17 System Checkpoint
01-01-2015 12:39:50 System Checkpoint
02-01-2015 12:52:12 System Checkpoint
03-01-2015 13:24:37 System Checkpoint
04-01-2015 15:24:39 System Checkpoint
05-01-2015 17:17:21 System Checkpoint
06-01-2015 21:12:46 System Checkpoint
08-01-2015 18:02:12 System Checkpoint
10-01-2015 17:43:12 System Checkpoint
12-01-2015 17:37:49 System Checkpoint
13-01-2015 19:11:34 Software Distribution Service 3.0
15-01-2015 16:45:41 System Checkpoint
16-01-2015 20:34:37 System Checkpoint
18-01-2015 17:25:35 System Checkpoint
19-01-2015 19:53:45 System Checkpoint
21-01-2015 17:52:06 System Checkpoint
22-01-2015 18:48:14 System Checkpoint
23-01-2015 19:15:51 System Checkpoint
24-01-2015 19:31:20 System Checkpoint
25-01-2015 12:22:33 Removed WinZip 15.5
26-01-2015 17:25:28 System Checkpoint
29-01-2015 17:10:23 System Checkpoint
01-02-2015 08:44:33 System Checkpoint
10-02-2015 17:31:12 System Checkpoint
11-02-2015 19:35:33 Software Distribution Service 3.0
13-02-2015 09:25:48 System Checkpoint
14-02-2015 17:31:00 System Checkpoint
15-02-2015 21:40:11 System Checkpoint
16-02-2015 21:55:12 System Checkpoint
17-02-2015 22:22:51 System Checkpoint
19-02-2015 15:39:46 System Checkpoint
20-02-2015 00:24:14 Removed WinZip 19.0
21-02-2015 00:47:58 System Checkpoint
22-02-2015 01:44:01 System Checkpoint
23-02-2015 01:55:05 System Checkpoint
24-02-2015 07:44:13 System Checkpoint
25-02-2015 08:19:06 System Checkpoint
26-02-2015 08:59:53 System Checkpoint
27-02-2015 09:52:10 System Checkpoint
28-02-2015 12:13:21 System Checkpoint
01-03-2015 13:06:54 System Checkpoint
02-03-2015 15:30:54 System Checkpoint
03-03-2015 21:43:39 System Checkpoint
05-03-2015 18:08:16 System Checkpoint
07-03-2015 08:27:42 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2015-03-02 21:56 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2011-10-03 09:16 - 2001-10-28 16:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2011-09-08 11:01 - 2009-11-04 08:14 - 00157696 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxebdrpp.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-08 10:58 - 2011-01-23 20:00 - 00770728 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
2011-09-08 10:58 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
2011-09-08 11:01 - 2009-05-27 07:16 - 00192512 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxebdatr.dll
2011-09-08 10:58 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebDRS.dll
2011-09-08 10:58 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
2011-09-08 10:56 - 2009-02-20 03:48 - 00299008 _____ () C:\WINDOWS\system32\lxebsm.dll
2011-09-08 10:56 - 2009-02-20 03:48 - 00023552 _____ () C:\WINDOWS\system32\lxebsmr.dll
2011-09-08 10:58 - 2011-01-23 20:00 - 00148280 _____ () C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
2011-09-08 10:58 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epwizard.DLL
2011-09-08 10:58 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
2011-09-08 10:58 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Eputil.DLL
2011-09-08 10:58 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Imagutil.DLL
2011-09-08 10:58 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro200-S500 Series\Epfunct.DLL
2011-09-08 10:58 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPWizRes.dll
2011-09-08 10:58 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
2011-09-08 10:58 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files\Lexmark Pro200-S500 Series\EPOEMDll.dll
2011-09-08 10:58 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
2011-09-08 10:58 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libGLESv2.dll
2015-03-07 16:28 - 2015-03-07 16:28 - 00043008 _____ () c:\Documents and Settings\Owner\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgcrogk.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Documents and Settings\Owner\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-10 17:06 - 2015-02-10 17:06 - 16852144 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1614895754-2025429265-1417001333-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1614895754-2025429265-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1614895754-2025429265-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-1614895754-2025429265-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1614895754-2025429265-1417001333-1000 - Limited - Disabled)
Owner (S-1-5-21-1614895754-2025429265-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1614895754-2025429265-1417001333-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2250

Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2250

Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/05/2015 07:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x000000cc.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (03/02/2015 10:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psqltray.exe, version 5.4.0.2934, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [psqltray.exe!ws!]

Error: (03/02/2015 09:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [iexplore.exe!ws!]

Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (02/19/2015 10:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/19/2015 10:38:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 35.0.1.5500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/07/2015 04:28:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.

Error: (03/07/2015 04:27:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxebCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (03/07/2015 04:27:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.

Error: (03/07/2015 02:35:29 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Boot Delay Start Service service, but this action failed with the following error:
%%1056

Error: (03/07/2015 02:34:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Boot Delay Start Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/07/2015 02:09:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (03/07/2015 07:18:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.

Error: (03/07/2015 07:15:58 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Boot Delay Start Service service hung on starting.

Error: (03/07/2015 07:14:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxebCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (03/07/2015 07:14:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxebCATSCustConnectService service to connect.


Microsoft Office Sessions:
=========================
Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2250

Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2250

Error: (03/07/2015 08:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/05/2015 07:02:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.0unknown0.0.0.0000000cc

Error: (03/02/2015 10:00:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: psqltray.exe5.4.0.2934ntdll.dll5.1.2600.6055000101b3

Error: (03/02/2015 09:28:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008d1c0

Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/02/2015 07:42:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (02/19/2015 10:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.5500mozalloc.dll35.0.1.550000001425

Error: (02/19/2015 10:38:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.1.5500hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of memory in use: 34%
Total physical RAM: 3063.17 MB
Available physical RAM: 2000.4 MB
Total Pagefile: 5969.76 MB
Available Pagefile: 5043.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:12.93 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A47DA47D)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Nothing showing bad there either
I would guess the slowdown is caused by MacAfee being a bit to heavy for that older computer, although with 3 gb of ram it should cope


*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.
 

Baggio

Thread Starter
Joined
Mar 27, 2009
Messages
95
Great have carried out these last steps. Thanks again for all your help - it is very much appreciated!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top