Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Cannot run AVG due to software restriction policy

This is a discussion on Cannot run AVG due to software restriction policy within the Resolved HJT Threads forums, part of the Tech Support Forum category. Good afternoon: I was trying to run AVG on my machine when I received the error that I could not


 
 
Thread Tools Search this Thread
Old 06-04-2015, 01:21 PM   #1
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



Good afternoon:

I was trying to run AVG on my machine when I received the error that I could not due to a "software restriction" policy. I presumed that this means I have some nasty little digital critter lurking in my machine, so I've run AdwCleaner, FRST, & Malwarebytes. Some items that were found I went ahead and healed. I am still unable to run AVG. I am posting my most recent FRST results. Can anyone offer some insight into this? Thank you very much in advance.


Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolsoftware.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\waol.exe
(E-Color, Inc.) C:\Program Files\E-Color\True Internet Color\TICIcon.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL Desktop 9.7\shellmon.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolupdates.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33714176 2010-01-17] (VIA Technologies, Inc.)
HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-03-18] (HP)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1308676778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-08-25] (ATI Technologies Inc.)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7\AOL.EXE [72760 2013-04-18] (AOL Inc.)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-73586283-583907252-725345543-1004\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-06-21]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SonnReg.lnk [2011-06-21]
ShortcutTarget: SonnReg.lnk -> C:\Program Files\E-Color\Registration\SonnReg.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk [2011-06-21]
ShortcutTarget: True Internet Color Icon.lnk -> C:\Program Files\E-Color\True Internet Color\TICIcon.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\Charles\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2015-04-30]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} https://update.microsoft.com/windowsu...?1308667684859
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\9su78zrq.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://mysearch.avg.com/search?cid={F6B4FFEC-162F-4160-9205-9354B88F1107}&mid=7af4e34c1c6b47d1bcf7d14acce4e9e6-66d1b63bc16fbb8ba622324ec1971f82b767bdbe&lang=en&ds=AVG&pr=fr&d=2013-01-21 07:54:23&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.1.0.10\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-11] () [File not signed]
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [45056 2009-09-04] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2106880 2010-01-11] (VIA Technologies, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:40 - 2015-06-04 14:40 - 00011452 _____ () C:\Documents and Settings\Charles\Desktop\FRST.txt
2015-06-04 14:09 - 2015-06-04 14:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 14:08 - 2015-06-04 14:08 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-04 14:08 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-04 14:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 15:08 - 2015-06-04 13:18 - 00060928 _____ () C:\WINDOWS\md5deep.exe
2015-06-02 14:55 - 2015-06-04 14:03 - 00000000 ____D () C:\AdwCleaner
2015-06-02 14:55 - 2015-06-02 15:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-02 14:53 - 2015-06-04 14:40 - 00000000 ____D () C:\FRST
2015-06-02 14:52 - 2015-06-02 14:52 - 02231296 _____ () C:\Documents and Settings\Charles\Desktop\AdwCleaner.exe
2015-06-02 14:52 - 2015-06-02 14:52 - 01147392 _____ (Farbar) C:\Documents and Settings\Charles\Desktop\FRST.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 14:40 - 2011-06-21 10:11 - 00000000 ____D () C:\Documents and Settings\Charles\Local Settings\Temp
2015-06-04 14:32 - 2011-06-21 05:59 - 00601640 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 14:29 - 2011-06-21 10:07 - 01960982 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-04 14:28 - 2011-06-21 10:10 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-04 14:28 - 2011-06-21 06:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-06-04 14:28 - 2011-06-21 06:02 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-06-04 14:28 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-06-04 14:26 - 2011-06-21 10:11 - 00000178 ___SH () C:\Documents and Settings\Charles\ntuser.ini
2015-06-04 14:26 - 2011-06-21 10:10 - 00032646 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-04 14:07 - 2015-01-05 11:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-04 13:14 - 2011-06-21 15:04 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-06-04 08:28 - 2011-12-19 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-04 08:23 - 2011-06-21 13:30 - 00002473 _____ () C:\Documents and Settings\Charles\Desktop\Word.lnk
2015-06-03 07:59 - 2014-09-17 08:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-01 07:37 - 2015-01-21 09:44 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-01 07:37 - 2014-03-31 08:13 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-01 07:37 - 2011-06-21 05:58 - 00363567 _____ () C:\WINDOWS\setupapi.log
2015-05-26 14:56 - 2015-01-23 09:13 - 00001635 _____ () C:\Documents and Settings\All Users\Desktop\HP Print and Scan Doctor.lnk
2015-05-22 10:01 - 2011-06-21 12:53 - 00000000 ____D () C:\Documents and Settings\Charles\My Documents\Window Fashions
2015-05-22 09:05 - 2011-06-21 13:30 - 00002471 _____ () C:\Documents and Settings\Charles\Desktop\Excel.lnk
2015-05-19 08:07 - 2012-04-04 10:32 - 00000000 ____D () C:\Documents and Settings\Charles\My Documents\Accounting Work For Carol
2015-05-14 13:49 - 2011-12-23 13:32 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2015-05-07 13:52 - 2013-02-08 04:37 - 00290272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2015-05-07 13:52 - 2012-04-19 04:50 - 00191968 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2015-05-07 13:52 - 2011-08-08 07:08 - 00166880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

==================== Files in the root of some directories =======

2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.Exception.log
2012-09-18 08:49 - 2015-02-26 17:30 - 0001925 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.HttpServerSetup.log
2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.DesktopHelper.Exception.log
2013-08-20 13:35 - 2015-02-26 15:10 - 0000231 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Transcoder.Exception.log
2011-07-21 11:13 - 2014-06-06 08:46 - 0007168 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 14:54 - 2012-12-01 14:54 - 0027520 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\dt.dat

Some files in TEMP:
====================
C:\Documents and Settings\Charles\Local Settings\Temp\HPPSdr.exe
C:\Documents and Settings\Charles\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
Charlz B. is offline  
Sponsored Links
Advertisement
 
Old 06-04-2015, 07:52 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears the FRST.txt log you posted is incomplete. The bottom part is missing.

It also appears you didn't attach the Addition.txt log to your initial post.

Please run FRST again, making sure you tick the Addition.txt box, and post the FRST.txt log and attach the Addition.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-08-2015, 05:51 AM   #3
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



Finally able to get FRST to run through to completion. Results below:

Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolsoftware.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(E-Color, Inc.) C:\Program Files\E-Color\True Internet Color\TICIcon.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AOL Inc.) C:\Program Files\Common Files\AOL\1308676778\ee\aolupdates.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33714176 2010-01-17] (VIA Technologies, Inc.)
HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [188416 2002-03-18] (HP)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1308676778\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-08-25] (ATI Technologies Inc.)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe [927920 2015-04-15] (Adobe Systems Incorporated)
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-73586283-583907252-725345543-1004\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-06-21]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SonnReg.lnk [2011-06-21]
ShortcutTarget: SonnReg.lnk -> C:\Program Files\E-Color\Registration\SonnReg.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\True Internet Color Icon.lnk [2011-06-21]
ShortcutTarget: True Internet Color Icon.lnk -> C:\Program Files\E-Color\True Internet Color\TICIcon.exe (E-Color, Inc.)
Startup: C:\Documents and Settings\Charles\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2015-04-30]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} https://update.microsoft.com/windowsu...?1308667684859
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Charles\Application Data\Mozilla\Firefox\Profiles\9su78zrq.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://mysearch.avg.com/search?cid={F6B4FFEC-162F-4160-9205-9354B88F1107}&mid=7af4e34c1c6b47d1bcf7d14acce4e9e6-66d1b63bc16fbb8ba622324ec1971f82b767bdbe&lang=en&ds=AVG&pr=fr&d=2013-01-21 07:54:23&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.1.0.10\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33112 2013-02-11] () [File not signed]
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2010-06-06] (Avanquest Software) [File not signed]
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [45056 2009-09-04] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2106880 2010-01-11] (VIA Technologies, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 08:43 - 2015-06-08 08:43 - 00011306 _____ C:\Documents and Settings\Charles\Desktop\FRST.txt
2015-06-08 08:42 - 2015-06-08 08:43 - 01147904 _____ (Farbar) C:\Documents and Settings\Charles\Desktop\FRST.exe
2015-06-04 16:25 - 2015-06-04 16:25 - 00000000 ____D C:\Documents and Settings\Charles\Application Data\AVG2015
2015-06-04 14:09 - 2015-06-04 14:10 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 14:08 - 2015-06-04 14:08 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 14:08 - 2015-06-04 14:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-04 14:08 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-04 14:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 14:55 - 2015-06-04 14:03 - 00000000 ____D C:\AdwCleaner
2015-06-02 14:55 - 2015-06-02 15:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 14:53 - 2015-06-08 08:43 - 00000000 ____D C:\FRST
2015-06-02 14:52 - 2015-06-02 14:52 - 02231296 _____ C:\Documents and Settings\Charles\Desktop\AdwCleaner.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-08 08:43 - 2011-06-21 10:11 - 00000000 ____D C:\Documents and Settings\Charles\Local Settings\Temp
2015-06-08 08:34 - 2011-06-21 15:04 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-06-08 08:14 - 2011-12-19 11:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-08 08:14 - 2011-06-21 05:59 - 00601640 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-08 08:10 - 2011-06-21 10:07 - 01971494 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-08 08:09 - 2011-06-21 10:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-08 08:09 - 2011-06-21 06:02 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-08 08:09 - 2011-06-21 06:02 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-06-08 08:09 - 2004-08-04 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-04 19:49 - 2011-06-21 10:10 - 00032646 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-04 19:48 - 2011-06-21 10:11 - 00000178 ___SH C:\Documents and Settings\Charles\ntuser.ini
2015-06-04 19:07 - 2015-01-05 11:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-04 19:01 - 2011-06-21 13:30 - 00002473 _____ C:\Documents and Settings\Charles\Desktop\Word.lnk
2015-06-04 16:49 - 2011-06-21 05:58 - 00181680 _____ C:\WINDOWS\setupact.log
2015-06-04 16:26 - 2015-01-21 09:40 - 00000000 ____D C:\Documents and Settings\Charles\Local Settings\Application Data\Avg2015
2015-06-03 07:59 - 2014-09-17 08:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-01 07:37 - 2015-01-21 09:44 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-01 07:37 - 2014-03-31 08:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-01 07:37 - 2011-06-21 05:58 - 00363567 _____ C:\WINDOWS\setupapi.log
2015-05-26 14:56 - 2015-01-23 09:13 - 00001635 _____ C:\Documents and Settings\All Users\Desktop\HP Print and Scan Doctor.lnk
2015-05-22 10:01 - 2011-06-21 12:53 - 00000000 ____D C:\Documents and Settings\Charles\My Documents\Window Fashions
2015-05-22 09:05 - 2011-06-21 13:30 - 00002471 _____ C:\Documents and Settings\Charles\Desktop\Excel.lnk
2015-05-19 08:07 - 2012-04-04 10:32 - 00000000 ____D C:\Documents and Settings\Charles\My Documents\Accounting Work For Carol
2015-05-14 13:49 - 2011-12-23 13:32 - 00029664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

==================== Files in the root of some directories =======

2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.Exception.log
2012-09-18 08:49 - 2015-02-26 17:30 - 0001925 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Desktop.HttpServerSetup.log
2012-09-18 08:49 - 2015-02-26 15:10 - 0000616 _____ () C:\Documents and Settings\Charles\Application Data\Rim.DesktopHelper.Exception.log
2013-08-20 13:35 - 2015-02-26 15:10 - 0000231 _____ () C:\Documents and Settings\Charles\Application Data\Rim.Transcoder.Exception.log
2011-07-21 11:13 - 2014-06-06 08:46 - 0007168 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 14:54 - 2012-12-01 14:54 - 0027520 _____ () C:\Documents and Settings\Charles\Local Settings\Application Data\dt.dat

Some files in TEMP:
====================
C:\Documents and Settings\Charles\Local Settings\Temp\HPPSdr.exe
C:\Documents and Settings\Charles\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Charles at 2015-06-08 08:43:57
Running from C:\Documents and Settings\Charles\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-73586283-583907252-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-73586283-583907252-725345543-1005 - Limited - Enabled)
Charles (S-1-5-21-73586283-583907252-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Charles
Guest (S-1-5-21-73586283-583907252-725345543-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-73586283-583907252-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-73586283-583907252-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-PDF Maker Version 1.4.1 (Build 128) (HKLM\...\7-PDF Maker_is1) (Version: 7-PDF Maker - Version 1.4.1 (Build 128) - 7-PDF, Germany - Thorsten Hodes)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1DA75811-6C2C-ABFA-7DBF-9B9EDAA005E3}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Button Manager(SHARP Personal MFP series) (HKLM\...\SHARP AL-1200 Series Button Manager) (Version: - )
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.10.0.16 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Colorific (HKLM\...\CfM) (Version: - )
EPU-4 Engine (HKLM\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
hp deskjet 5550 series (HKLM\...\hp deskjet 5550 series_Driver) (Version: - )
hp deskjet 5550 series (Remove only) (HKLM\...\hp deskjet 5550 series) (Version: - )
HP ENVY 4500 series Basic Device Software (HKLM\...\{BCC989C6-7003-4367-8C30-7B88D47D3E79}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
hp print screen utility (HKLM\...\hp print screen utility) (Version: - )
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iSqFt Full Viewer V4.01 (HKLM\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version: - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
SHARP MFP Driver (HKLM\...\SHARP MFP Driver) (Version: - )
The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
True Internet Color (HKLM\...\True Internet Color) (Version: - )
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-73586283-583907252-725345543-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-73586283-583907252-725345543-1004_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

==================== Restore Points =========================

09-03-2015 08:02:25 System Checkpoint
10-03-2015 09:57:08 System Checkpoint
11-03-2015 10:23:06 System Checkpoint
12-03-2015 11:14:08 System Checkpoint
13-03-2015 12:00:03 System Checkpoint
16-03-2015 09:33:58 System Checkpoint
17-03-2015 09:54:54 System Checkpoint
18-03-2015 11:11:06 System Checkpoint
19-03-2015 12:19:35 System Checkpoint
20-03-2015 12:34:19 System Checkpoint
23-03-2015 08:07:37 System Checkpoint
24-03-2015 08:43:34 System Checkpoint
25-03-2015 10:59:15 System Checkpoint
26-03-2015 11:21:55 System Checkpoint
27-03-2015 11:43:57 System Checkpoint
30-03-2015 08:55:17 System Checkpoint
31-03-2015 09:17:37 System Checkpoint
01-04-2015 09:29:42 System Checkpoint
02-04-2015 10:13:07 System Checkpoint
03-04-2015 13:09:02 System Checkpoint
06-04-2015 08:48:03 System Checkpoint
07-04-2015 09:01:23 System Checkpoint
09-04-2015 09:05:02 System Checkpoint
10-04-2015 10:01:10 System Checkpoint
13-04-2015 08:40:18 System Checkpoint
14-04-2015 09:08:54 System Checkpoint
15-04-2015 09:37:02 System Checkpoint
16-04-2015 10:18:59 System Checkpoint
17-04-2015 10:51:04 System Checkpoint
20-04-2015 08:15:33 System Checkpoint
21-04-2015 09:44:22 System Checkpoint
22-04-2015 10:17:25 System Checkpoint
23-04-2015 11:11:21 System Checkpoint
24-04-2015 12:11:24 System Checkpoint
27-04-2015 09:20:51 System Checkpoint
28-04-2015 09:47:43 System Checkpoint
29-04-2015 10:18:34 System Checkpoint
29-04-2015 16:40:41 Removed HP ENVY 4500 series Basic Device Software
30-04-2015 08:53:25 Installed HP Support Solutions Framework
01-05-2015 09:30:20 System Checkpoint
04-05-2015 08:30:28 System Checkpoint
05-05-2015 10:01:55 System Checkpoint
06-05-2015 11:22:39 System Checkpoint
07-05-2015 12:11:59 System Checkpoint
08-05-2015 12:23:32 System Checkpoint
11-05-2015 09:48:25 System Checkpoint
12-05-2015 10:47:03 System Checkpoint
13-05-2015 10:49:53 System Checkpoint
15-05-2015 08:46:23 System Checkpoint
18-05-2015 07:51:14 System Checkpoint
19-05-2015 11:01:23 System Checkpoint
20-05-2015 11:46:38 System Checkpoint
21-05-2015 11:49:59 System Checkpoint
22-05-2015 15:59:01 System Checkpoint
26-05-2015 09:18:32 System Checkpoint
27-05-2015 09:21:27 System Checkpoint
28-05-2015 10:07:52 System Checkpoint
29-05-2015 11:58:02 System Checkpoint
01-06-2015 07:46:33 System Checkpoint
02-06-2015 09:27:43 System Checkpoint
03-06-2015 10:04:07 System Checkpoint
04-06-2015 10:07:14 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 15:40 - 2010-04-26 19:03 - 00200192 _____ () C:\Program Files\7-PDF\7-PDF Maker\7p.dll
2011-06-21 10:26 - 2009-03-19 22:35 - 00208896 _____ () C:\Program Files\ASUS\EPU-4 Engine\AiNap.dll
2011-06-21 10:26 - 2009-01-15 14:55 - 00565248 _____ () C:\Program Files\ASUS\EPU-4 Engine\pngio.dll
2011-06-21 10:26 - 2009-09-29 23:33 - 00024576 ____R () C:\WINDOWS\system32\AsIo.dll
2011-06-21 10:26 - 2009-03-25 16:53 - 00053248 _____ () C:\Program Files\ASUS\EPU-4 Engine\AsSpindownTimeout.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-73586283-583907252-725345543-1004\...\isqft.com -> hxxps://www.isqft.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-73586283-583907252-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Charles\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLDial.exe] => Enabled:AOL Connectivity Service Dialer
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\acs\AOLacsd.exe] => Enabled:AOL Connectivity Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\1308676778\ee\aolsoftware.exe] => Enabled:AOL Shared Components
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.6\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe] => Enabled:AOL TopSpeed
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\System Information\sinf.exe] => Enabled:AOL System Information
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe] => Enabled:AOL Browser
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\waol.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe] => Enabled:AOL Browser
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Nothing Special\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\7zS7700\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5049\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS50B8\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS6CE7\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS71D1\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7650\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0F3E\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0FAD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A54\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A9C\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS14A5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP ENVY 4500 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP ENVY 4500 series)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5D61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7FEE\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS08D3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357

==================== Faulty Device Manager Devices =============

Name: AMD 760G
Description: AMD 760G
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2015 04:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/04/2015 04:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.5.5623, faulting module mozalloc.dll, version 38.0.5.5623, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/04/2015 03:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 29.5.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/04/2015 02:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 29.5.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/03/2015 04:55:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 29.5.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/29/2015 03:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/29/2015 10:30:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/29/2015 09:57:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/29/2015 08:49:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/28/2015 03:41:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (06/08/2015 08:10:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (06/08/2015 08:09:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (06/08/2015 08:09:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (06/04/2015 06:59:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (06/04/2015 06:59:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (06/04/2015 06:59:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (06/04/2015 04:37:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (06/04/2015 04:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (06/04/2015 04:37:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (06/04/2015 02:28:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp


Microsoft Office:
=========================
Error: (06/04/2015 04:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1

Error: (06/04/2015 04:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.5623mozalloc.dll38.0.5.562300001aa1

Error: (06/04/2015 03:14:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe29.5.2015.0hungapp0.0.0.000000000

Error: (06/04/2015 02:25:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe29.5.2015.0hungapp0.0.0.000000000

Error: (06/03/2015 04:55:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST.exe29.5.2015.0hungapp0.0.0.000000000

Error: (05/29/2015 03:23:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1

Error: (05/29/2015 10:30:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1

Error: (05/29/2015 09:57:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1

Error: (05/29/2015 08:49:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1

Error: (05/28/2015 03:41:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 260 Processor
Percentage of memory in use: 26%
Total physical RAM: 3326.1 MB
Available physical RAM: 2447.16 MB
Total Pagefile: 5209.91 MB
Available Pagefile: 4368.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.82 GB) (Free:25.69 GB) NTFS
Drive h: (Other Stuff) (Fixed) (Total:416.93 GB) (Free:416.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: ADD0ADD0)
Partition 1: (Not Active) - (Size=48.8 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=416.9 GB) - (Type=07 NTFS)

==================== End of log =====================
Charlz B. is offline  
Sponsored Links
Advertisement
 
Old 06-08-2015, 03:19 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Charlz B. One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\7zS7700\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5049\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS50B8\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS6CE7\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS71D1\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7650\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0F3E\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0FAD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A54\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A9C\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS14A5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5D61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7FEE\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS08D3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
    HKLM\...\Run: [] => [X]
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    HKU\S-1-5-21-73586283-583907252-725345543-1004\...\MountPoints2: M - M:\LaunchU3.exe -a
    HKU\S-1-5-21-73586283-583907252-725345543-1004\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    FF Keyword.URL: hxxp://mysearch.avg.com/search?cid={F6B4FFEC-162F-4160-9205-9354B88F1107}&mid=7af4e34c1c6b47d1bcf7d14acce4e9e6-66d1b63bc16fbb8ba622324ec1971f82b767bdbe&lang=en&ds=AVG&pr=fr&d=2013-01-21 07:54:23&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
    CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.1.0.10\avg.crx [Not Found]
    U1 WS2IFSL; No ImagePath
    C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolba
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2015, 05:41 AM   #5
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-06-2015
Ran by Charles at 2015-06-09 08:17:21 Run:2
Running from C:\Documents and Settings\Charles\Desktop
Loaded Profiles: Charles (Available Profiles: Charles & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
createrestorepoint:
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\7zS7700\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5049\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS50B8\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS6CE7\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS71D1\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7650\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0F3E\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0FAD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A54\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A9C\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS14A5\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS5D61\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS7FEE\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Charles\Local Settings\Temp\7zS08D3\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\S-1-5-21-73586283-583907252-725345543-1004\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-73586283-583907252-725345543-1004\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-73586283-583907252-725345543-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF Keyword.URL: hxxp://mysearch.avg.com/search?cid={F6B4FFEC-162F-4160-9205-9354B88F1107}&mid=7af4e34c1c6b47d1bcf7d14acce4e9e6-66d1b63bc16fbb8ba622324ec1971f82b767bdbe&lang=en&ds=AVG&pr=fr&d=2013-01-21 07:54:23&pid=safeguard&sg=1&v=14.0.0.14&sap=ku&q=
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.1.0.10\avg.crx [Not Found]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolba
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG2013\avgmfapx.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\7zS7700\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS5049\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS50B8\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS6CE7\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS71D1\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS7650\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS0F3E\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS0FAD\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A54\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS0A9C\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS14A5\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS5D61\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS7FEE\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Charles\Local Settings\Temp\7zS08D3\HPDiagnosticCoreUI.exe => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM => Group Policy Restriction on software restored successfully
HKLM => Group Policy Restriction on software restored successfully
"HKU\S-1-5-21-73586283-583907252-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M" => key removed successfully.
"HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-73586283-583907252-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-73586283-583907252-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully.
Firefox Keyword.URL removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof" => key removed successfully.
WS2IFSL => Service removed successfully.
"C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolba" => File/Folder not found.
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:18:55 ====


Thank you for your assistance thus far.
Charlz B. is offline  
Old 06-09-2015, 12:30 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Charlz B. You're very welcome!

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

cmd /c rd /s/q "C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-10-2015, 05:38 AM   #7
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



ComboFix 15-06-09.01 - Charles 06/10/2015 8:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2429 [GMT -4:00]
Running from: c:\documents and settings\Charles\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Charles\WINDOWS
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
H:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-05-10 to 2015-06-10 )))))))))))))))))))))))))))))))
.
.
2015-06-04 20:25 . 2015-06-04 20:25 -------- d-----w- c:\documents and settings\Charles\Application Data\AVG2015
2015-06-04 18:09 . 2015-06-04 18:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-04 18:08 . 2015-04-14 13:37 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-04 18:08 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-04 18:08 . 2015-06-04 18:08 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-04 18:08 . 2015-06-04 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-06-02 18:55 . 2015-06-04 18:03 -------- d-----w- C:\AdwCleaner
2015-06-02 18:53 . 2015-06-09 12:23 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 17:49 . 2011-12-23 17:32 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-07 17:52 . 2013-02-08 08:37 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-05-07 17:52 . 2012-04-19 08:50 191968 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-07 17:52 . 2011-08-08 11:08 166880 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-05-04 18:15 . 2011-07-11 06:14 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-27 17:19 . 2014-06-17 20:17 211424 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-04-15 17:05 . 2011-10-07 11:23 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-15 14:07 . 2012-05-30 20:30 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-15 14:07 . 2011-06-21 14:31 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-20 16:18 . 2011-09-13 11:30 35808 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2001-12-03 21:09 . 2011-07-26 11:56 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL Desktop 9.7\AOL.EXE" [2013-04-18 72760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-01-18 33714176]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2010-02-03 5756544]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"HostManager"="c:\program files\Common Files\AOL\1308676778\ee\AOLSoftware.exe" [2010-03-08 41800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-05-18 3745744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\documents and settings\Charles\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP ENVY 4500 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN4AO121PM05X4;CONNECTION=USB;MONITOR=1; [2004-8-4 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
SonnReg.lnk - c:\program files\E-Color\Registration\SonnReg.exe [2011-6-21 118784]
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2011-6-21 221184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1308676778\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\waol.exe"=
"c:\\Program Files\\AOL Desktop 9.7\\AOLBrowser\\aolbrowser.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5357:TCP"= 5357:TCP:WS-Eventing TCP Port 5357
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 191968]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 290272]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 9:57 PM 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [6/17/2014 4:17 PM 211424]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 213984]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [5/18/2015 11:45 AM 311792]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/21/2011 10:26 AM 45056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/4/2015 2:08 PM 23256]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/21/2011 10:16 AM 2106880]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/21/2013 8:54 AM 33112]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [5/18/2015 11:54 AM 3438544]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\HP\Common\HPSupportSolutionsFrameworkService.exe [3/28/2015 12:58 PM 89840]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/4/2015 2:08 PM 1080120]
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: isqft.com\www
Trusted Zone: isqft.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Charles\Application Data\Mozilla\Firefox\Profiles\9su78zrq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-06-10 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-73586283-583907252-725345543-1004_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Java\\jre7\\bin\\jp2iexp.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2015-06-10 08:34:26
ComboFix-quarantined-files.txt 2015-06-10 12:34
.
Pre-Run: 29,570,826,240 bytes free
Post-Run: 29,561,774,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C10F4042156A5EAA18BCC1326C97AC7C
8F558EB6672622401DA993E1E865C861
Charlz B. is offline  
Old 06-10-2015, 03:02 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Charlz B. You're very welcome! Please tell us how your system is behaving.

Do you know anything about this open port on your machine:

Quote:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5357:TCP"= 5357:TCP:WS-Eventing TCP Port 5357
------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 7 Update 45

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-13-2015, 03:19 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Charlz B.? Absence of symptoms does not mean you are clean.

I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-15-2015, 06:28 AM   #10
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



Still here, just away from this machine for the weekend. Machine is working better, I am able to run AVG again. I did uninstall Java and tried to install a newer version, but I couldn't find one that supports Windows XP, so I passed on it. As for the open port you mentioned, I have no idea. This machine is on an office network with printer sharing, so perhaps that's it?

Here is the Malwarebytes log:

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 6/12/2015
Scan Time: 3:57:29 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.12.06
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Charles

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357589
Time Elapsed: 9 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Charlz B. is offline  
Old 06-15-2015, 07:36 AM   #11
Registered Member
 
Join Date: Jun 2015
Posts: 6
OS: Windows XP SP3



ESET results:

C:\Documents and Settings\Charles\My Documents\HP Downloads\HP ENVY 4500 e-All-in-One Printer series Full Feature Software and Drivers - EN4500_198.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


This does relate to the local printer for this computer.


Thanks for all your help,
Charles
Charlz B. is offline  
Old 06-15-2015, 03:32 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Charles. You're very welcome! Yes, that appears to be part of the HP printer network.

You can download the offline installer for the last version of Java 7 here:

Java 7 Downloads for All Operating Systems

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable AVG before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows XP support has ended - Microsoft Windows

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-22-2015, 09:44 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



As this topic appears to be resolved, this thread will be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
I'm tech support, need help, this thing is nasty.
I've thrown everything I could at this so far. Malware bytes, superantispyware, hijack this, ccleaner... I could throw more I guess. I'm going to take the drive out and scan it on another machine. But I have seen this before and it angers me. SVCHOST.EXE starts eating resources, less...
DriftLife Resolved HJT Threads 15 08-04-2011 08:09 PM
Windows XP Fix
I have got this intruder on my computer. I cannot access the internet or anything else. I was going to do a system restore, but I cannot get to it. I do have another computer with Vista, but I need the XP computer for work. Please help!
mishamisha Virus/Trojan/Spyware Help 26 07-14-2011 06:36 PM
Slow Computer - possible virus?
For the past couple days, my computer has slowed down. When I click to open an application, like the internet or MS Word, it's about two minutes before the application opens (yes, I have timed this). So, I tried to download the DDS file, and a dialog box opened, saying "The procedure * could not be...
alicerain Virus/Trojan/Spyware Help 5 02-17-2011 02:29 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:16 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts