Jump to content

Change Mode

Grandsons PC... :( (Resolved)


caintry_boy
 Share

Recommended Posts

Found 22 problems with Malwarebytes and removed them, then ran AdWare Cleaner and DDS and posting here...

Should also add that quite often when I click on one of the forums, it opens a new tab automatically with advertising on it...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/3/2014
Scan Time: 6:34:29 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.03.08
Rootkit Database: v2014.08.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: SmellyBelly

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295711
Time Elapsed: 14 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 17
PUP.Optional.Linkey.A, HKU\S-1-5-21-1079118523-3433162778-840360825-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ad87269cef8c80b6b6e15e064db58f71],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, Quarantined, [d26209b9e39886b0a41f40905aa822de],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [59db03bf314a290d5e79c00fe1216d93],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, Quarantined, [5bd9f3cfccaf191d494885aeb0548878],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [40f47b478cef4fe7933a369933cfd927],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, Quarantined, [77bdb01276053006b7ddbb783cc81ce4],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [4be9368cc4b7f73f2ea2507f6d95b749],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, Quarantined, [9d9741812c4f2610960182b17f85a060],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [ca6aecd6e695b482ebe6597635cdf30d],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, Quarantined, [8ba9f0d2ff7c41f534652211778d08f8],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [e94bfdc5dba054e28c47745bb54de21e],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, Quarantined, [c66eba086219fc3a5d40ff34a361e41c],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [ed47734f770457df1cb802cd9270ec14],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, Quarantined, [a3917a48c1ba270f0c9239fa8d77ea16],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [3df7f6ccc4b7e155d203b11ef60c05fb],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, Quarantined, [43f14280ea91ba7c7b233af9ac589b65],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, Quarantined, [55df903263187fb7f1b955995aa8867a],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-1079118523-3433162778-840360825-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.default-search.net?sid=476&aid=101&itype=n&ver=11111&tm=243&src=hmp, Good: (www.google.com), Bad: (http://www.default-search.net?sid=476&aid=101&itype=n&ver=11111&tm=243&src=hmp),Replaced,[f83c7151d6a5171fde68a80c966e718f]

Folders: 1
PUP.Optional.Datamngr.A, C:\Documents and Settings\SmellyBelly\AppData\LocalLow\DataMngr, Quarantined, [81b3aa182e4d76c0adb8dfd5af530bf5],

Files: 7
PUP.Optional.Downloadius, C:\Documents and Settings\SmellyBelly\My Documents\Downloads\HD_Player__CD5MTCD3195_cLCJRPOE2RDD02AAG2LM7ID3LL_0_0_0_0.exe, Quarantined, [cd672e94c4b7f83e6516e683639e60a0],
Spyware.Zbot.ED, C:\Documents and Settings\SmellyBelly\My Documents\Downloads\setup.exe, Quarantined, [e84c734f2556e353d5d4a7d3cb367c84],
PUP.Optional.Solimba, C:\Documents and Settings\SmellyBelly\Local Settings\Temp\JRvbqfby.exe.part, Quarantined, [6fc5487accaf3ef88a4101aba75d867a],
PUP.Optional.DefaultSearch.A, C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\searchplugins\default-search.xml, Quarantined, [3cf82a9887f48fa7a4ffd816ca3820e0],
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [ba7aad15d5a603332183509eec16a65a],
PUP.Optional.Datamngr.A, C:\Documents and Settings\SmellyBelly\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, Quarantined, [81b3aa182e4d76c0adb8dfd5af530bf5],
PUP.Optional.DefaultSearch.A, C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.default-search.net/search?sid=476&aid=101&itype=n&ver=11111&tm=243&src=ds&p=") ;), Replaced,[9a9a764c7dfead8926d30ae4be4609f7]

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

# AdwCleaner v3.302 - Report created 03/08/2014 at 19:37:47
# Updated 30/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : SmellyBelly - KENNY
# Running from : C:\Documents and Settings\SmellyBelly\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "default-search.net");
Line Deleted : user_pref("extensions.lzDkjRnxHuWO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3822 octets] - [10/03/2014 18:32:09]
AdwCleaner[R1].txt - [2027 octets] - [03/08/2014 19:34:58]
AdwCleaner[s0].txt - [3844 octets] - [10/03/2014 18:34:14]
AdwCleaner[s1].txt - [1962 octets] - [03/08/2014 19:37:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2022 octets] ##########

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by SmellyBelly at 19:16:47 on 2014-08-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.157 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\PCPitstop\Super Shield\PCPitstopRTService.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files\PCPitstop\Super Shield\PCMaticRT.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [PC MaticRT] c:\program files\pcpitstop\super shield\PCMaticRT.exe
mRunServices: [CPQDFWAG] c:\windows\cpqdiag\CpqDfwAg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3100v2\WNDA3100v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{21007ABD-7AD6-4985-AEA0-2F26069A12E2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B0A91423-E31C-4D0A-998B-EEAC1CCE2922} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E1580C7D-83A0-4FDD-A8EA-A1091E8AE8F3} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
IFEO: rjatydimofu.exe - tasklist.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\smellybelly\application data\mozilla\firefox\profiles\i2mcwxo5.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ClntMgmt;Compaq Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [2009-1-9 54222]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2014-6-20 22064]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;c:\windows\cpqdiag\CPQDFWAG.EXE [2009-1-9 212992]
R2 cpqWebDmi;Compaq DMI Web Agent;c:\progra~1\compaq\compaq~1\cpqweb~1\WebDmi.exe [2009-1-9 24576]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\super shield\PCPitstopRTService.exe [2014-4-22 4017264]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-10-1 86632]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2014-6-20 66344]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2014-3-9 303360]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-9-29 103040]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-9-14 1034240]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-2-3 375120]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-9-30 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-9-30 8456]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-10 43368]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-9-14 50704]
.
=============== Created Last 30 ================
.
2014-08-03 23:33:25 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-03 23:33:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-03 23:33:01 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-24 15:12:36 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2014-07-24 15:12:36 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
.
==================== Find3M ====================
.
2014-07-08 23:49:37 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 23:49:37 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 12:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:17:49.34 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2009 3:16:52 PM
System Uptime: 8/3/2014 6:55:53 PM (1 hours ago)
.
Motherboard: Compaq | | 07E8h
Processor: Intel® Pentium® 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 27 GiB total, 17.983 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 9.9 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Compaq Easy Access PS2 Internet Keyboard
Device ID: ACPI\PNP0303\4&36B16CB7&0
Manufacturer: Compaq Computer Corporation
Name: Compaq Easy Access PS2 Internet Keyboard
PNP Device ID: ACPI\PNP0303\4&36B16CB7&0
Service: i8042prt
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
AMD Catalyst Install Manager
Compaq Help and Support Center
Compaq Management Agents
Compaq Remote Diagnostics Enabling Agent
EASEUS Partition Master 5.8.1 Home Edition
Easy Access Button Support
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Intel® Extreme Graphics Driver
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 31.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
PC Matic 1.1.0.49
PC Matic Super Shield 1.0.0.46
PC Pitstop Info Center 1.0.0.15
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923789)
Setup Compaq Software
SoundMAX
SpywareBlaster 5.0
SpywareGuard v2.2
SUPERAntiSpyware
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Vopt 9
WebFldrs XP
Windows Driver Package - AMD (AtiHDAudioService) MEDIA (05/11/2012 5.18.0.5514)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/31/2014 8:27:21 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2014 6:55:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
7/28/2014 6:55:28 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/27/2014 5:39:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.
7/27/2014 5:39:23 PM, error: Service Control Manager [7000] - The LMIGuardianSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

 

Thanks for looking!

 

 

 

 

:geezer:

Edited by caintry_boy
Link to comment
Share on other sites

Hi Roger

 

Scan with FRST in normal mode

 

Please download Farbar's Recovery Scan Tool to your desktop:

 

FRST 32bit or FRST 64bit (If not sure which version: Start --> Computer (right click) --> properties)

(To use correct version for your system.....Which system am I using?)

  • Run FRST
  • FRSTicon.jpg

  • Don´t change the checkboxes just click on Scan.
  • Logfiles are created on your desktop.
  • Post the FRST.txt
  • The first time the tool is run it generates another log Addition.txt - Please also paste that along with the FRST.txt into your reply.
Link to comment
Share on other sites

I thought you were taking care of that young'un?? :P

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:2-08-2014
Ran by SmellyBelly (administrator) on KENNY on 03-08-2014 22:37:58
Running from C:\Documents and Settings\SmellyBelly\Desktop\FRST
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
() C:\WINDOWS\system32\LEXPPS.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Compaq Computer Corporation) C:\WINDOWS\Cpqdiag\CPQDFWAG.EXE
(Compaq Computer Corporation) C:\PROGRA~1\COMPAQ\COMPAQ~1\CPQWEB~1\Webdmi.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\Super Shield\PCPitstopRTService.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
(Intel) C:\Program Files\COMPAQ\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(PC Pitstop LLC) C:\Program Files\PCPitstop\Super Shield\PCMaticRT.exe
(Compaq Computer Corporation) C:\PROGRA~1\COMPAQ\COMPAQ~1\Cpqdmi.exe
(Lexmark International Inc.) C:\WINDOWS\system32\LXSUPMON.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunServices: [CPQDFWAG] => C:\Windows\Cpqdiag\CpqDfwAg.exe [212992 2001-10-25] (Compaq Computer Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-1079118523-3433162778-840360825-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk
ShortcutTarget: SpywareGuard.lnk -> C:\Program Files\SpywareGuard\sgmain.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
SearchScopes: HKCU - {8706833E-3FD5-487A-A5FA-DC36BBE1CCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314199&CUI=UN39991758639658803&UM=2
BHO: SpywareGuardDLBLOCK.CBrowserHelper -> {4A368E80-174F-4872-96B5-0B27DDD11DB2} -> C:\Program Files\SpywareGuard\dlprotect.dll ()
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll [126976 2003-08-02] ()
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default
FF Homepage: hxxp://msn.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: ShoppingChip - C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\uo-gyaoo@fn-rlma.org [2013-10-12]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-10-15]
FF Extension: Adblock Plus - C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-30]

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://msn.com/"
CHR Extension: (YouTube) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01]
CHR Extension: (Google Search) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01]
CHR Extension: (ShoppingChip) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh [2013-10-12]
CHR Extension: (Gmail) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S4 AClient; C:\COMPAQ\ACLIENT\ACLIENT.exe [1953868 2001-12-18] (Altiris, Inc.) [File not signed]
S3 CPQALERT; C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe [512000 2002-01-24] (Compaq Computer Corporation) [File not signed]
R2 CpqDfwWebAgent; C:\Windows\Cpqdiag\Cpqdfwag.exe [212992 2001-10-25] (Compaq Computer Corporation) [File not signed]
R2 cpqdmi; C:\Program Files\COMPAQ\Compaq Management Agents\Cpqdmi.exe [20480 2002-01-24] (Compaq Computer Corporation) [File not signed]
R2 cpqWebDmi; C:\Program Files\COMPAQ\Compaq Management Agents\cpqWebDmi\Webdmi.exe [24576 2002-01-24] (Compaq Computer Corporation) [File not signed]
R2 LexBceS; C:\Windows\system32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)
S3 NMSSvc; C:\Windows\System32\NMSSvc.exe [1118208 2002-03-04] (Intel Corporation) [File not signed]
R2 PCPitstop Realtime; C:\Program Files\PCPitstop\Super Shield\PCPitstopRTService.exe [4017264 2014-06-10] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [86632 2014-06-25] (PC Pitstop LLC)
R3 WIN32SL; C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe [215552 2001-04-11] (Intel) [File not signed]
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-09-08] (Advanced Micro Devices)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh5.sys [1034240 2011-03-28] (Broadcom Corporation)
R1 ClntMgmt; C:\Windows\System32\Drivers\ClntMgmt.sys [54222 2002-01-16] (Compaq Computer Corp) [File not signed]
R3 eaps2kbd; C:\Windows\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-28] (Compaq Computer Corp.)
R1 EAWDMFD; C:\Windows\system32\drivers\EAWDMFD.sys [24348 1999-10-29] (Compaq Computer Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [13192 2010-02-23] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-02-23] () [File not signed]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 sbaphd; C:\Windows\System32\drivers\sbaphd.sys [22064 2012-10-24] (GFI Software)
R2 sbapifs; C:\Windows\System32\drivers\sbapifs.sys [66344 2012-10-24] (GFI Software)
S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [88544 2002-05-06] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [69472 2002-05-06] (Intel Corporation)
S4 hpt3xx; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 22:37 - 2014-08-03 22:38 - 00000000 ____D () C:\FRST
2014-08-03 22:36 - 2014-08-03 22:37 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\Desktop\FRST
2014-08-03 21:49 - 2014-08-03 21:49 - 00000745 _____ () C:\Documents and Settings\All Users\Desktop\Lexmark Z25-Z35 Solution Center.lnk
2014-08-03 21:48 - 2014-08-03 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark Z25-Z35
2014-08-03 21:46 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2014-08-03 21:46 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\dllcache\usbprint.sys
2014-08-03 19:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-03 19:34 - 2014-08-03 19:34 - 01361309 _____ () C:\Documents and Settings\SmellyBelly\Desktop\AdwCleaner.exe
2014-08-03 19:17 - 2014-08-03 19:17 - 00006739 _____ () C:\Documents and Settings\SmellyBelly\Desktop\dds.txt
2014-08-03 19:17 - 2014-08-03 19:17 - 00005146 _____ () C:\Documents and Settings\SmellyBelly\Desktop\attach.txt
2014-08-03 19:14 - 2014-08-03 19:14 - 00688992 ____R (Swearware) C:\Documents and Settings\SmellyBelly\Desktop\dds.com
2014-08-03 18:59 - 2014-08-03 18:59 - 00005642 _____ () C:\Documents and Settings\SmellyBelly\Desktop\Malwarebytes.txt
2014-08-03 18:33 - 2014-08-03 18:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 18:33 - 2014-08-03 18:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-03 18:33 - 2014-08-03 18:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 18:33 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 23:03 - 2014-07-28 23:07 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\My Documents\secrets
2014-07-24 10:12 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2014-07-24 10:12 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\Windows\system32\dllcache\kbdhid.sys
2014-07-23 09:19 - 2014-07-24 10:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-09 12:33 - 2014-07-10 10:55 - 00000016 _____ () C:\Documents and Settings\SmellyBelly\My Documents\teen wolf.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-03 22:38 - 2014-08-03 22:37 - 00000000 ____D () C:\FRST
2014-08-03 22:38 - 2012-10-01 08:36 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\Local Settings\Temp
2014-08-03 22:37 - 2014-08-03 22:36 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\Desktop\FRST
2014-08-03 22:37 - 2012-09-14 20:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstopDat
2014-08-03 22:37 - 2001-09-17 03:51 - 00005158 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 22:33 - 2009-01-12 11:11 - 02039410 _____ () C:\Windows\WindowsUpdate.log
2014-08-03 22:33 - 2009-01-09 16:04 - 00001158 _____ () C:\Windows\system32\wpa.dbl
2014-08-03 22:32 - 2014-03-10 18:13 - 00000234 _____ () C:\Windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-03 22:32 - 2001-09-17 03:54 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-03 22:31 - 2012-10-01 08:36 - 00000178 ___SH () C:\Documents and Settings\SmellyBelly\ntuser.ini
2014-08-03 22:31 - 2009-01-09 16:00 - 00032592 _____ () C:\Windows\SchedLgU.Txt
2014-08-03 21:49 - 2014-08-03 21:49 - 00000745 _____ () C:\Documents and Settings\All Users\Desktop\Lexmark Z25-Z35 Solution Center.lnk
2014-08-03 21:49 - 2013-07-18 04:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-03 21:48 - 2014-08-03 21:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Lexmark Z25-Z35
2014-08-03 21:48 - 2014-03-10 18:39 - 00050880 _____ () C:\Windows\setupapi.log
2014-08-03 19:37 - 2014-03-10 18:32 - 00000000 ____D () C:\AdwCleaner
2014-08-03 19:34 - 2014-08-03 19:34 - 01361309 _____ () C:\Documents and Settings\SmellyBelly\Desktop\AdwCleaner.exe
2014-08-03 19:17 - 2014-08-03 19:17 - 00006739 _____ () C:\Documents and Settings\SmellyBelly\Desktop\dds.txt
2014-08-03 19:17 - 2014-08-03 19:17 - 00005146 _____ () C:\Documents and Settings\SmellyBelly\Desktop\attach.txt
2014-08-03 19:14 - 2014-08-03 19:14 - 00688992 ____R (Swearware) C:\Documents and Settings\SmellyBelly\Desktop\dds.com
2014-08-03 18:59 - 2014-08-03 18:59 - 00005642 _____ () C:\Documents and Settings\SmellyBelly\Desktop\Malwarebytes.txt
2014-08-03 18:58 - 2014-08-03 18:33 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-03 18:55 - 2014-03-10 18:39 - 00000000 ____D () C:\Windows\Performance
2014-08-03 18:33 - 2014-08-03 18:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-03 18:33 - 2014-08-03 18:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 18:33 - 2013-02-03 23:14 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-03 18:33 - 2012-10-01 11:45 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\Application Data\Malwarebytes
2014-08-03 18:33 - 2012-09-30 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-03 18:30 - 2013-03-11 20:25 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-08-03 18:30 - 2012-09-30 15:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-03 16:37 - 2012-09-14 20:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PCPitstop
2014-07-28 23:07 - 2014-07-28 23:03 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\My Documents\secrets
2014-07-28 20:09 - 2009-01-09 16:04 - 00000159 _____ () C:\Windows\wiadebug.log
2014-07-28 20:09 - 2009-01-09 16:04 - 00000049 _____ () C:\Windows\wiaservc.log
2014-07-24 10:17 - 2014-07-23 09:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-24 10:15 - 2012-09-15 19:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:12 - 2014-03-10 08:13 - 00000041 _____ () C:\Windows\setupact.log
2014-07-23 18:01 - 2012-09-15 19:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-22 21:48 - 2009-01-12 11:06 - 00024906 _____ () C:\Windows\wmsetup.log
2014-07-10 12:17 - 2009-01-09 15:59 - 00000000 ____D () C:\Windows\Help
2014-07-10 10:55 - 2014-07-09 12:33 - 00000016 _____ () C:\Documents and Settings\SmellyBelly\My Documents\teen wolf.txt
2014-07-09 18:03 - 2013-09-06 11:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 18:00 - 2009-01-12 15:35 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 18:49 - 2013-05-03 18:58 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 18:49 - 2013-05-03 18:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 15:00 - 2014-03-10 18:13 - 00000228 _____ () C:\Windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-07 21:29 - 2013-09-29 06:10 - 00000000 ____D () C:\Documents and Settings\SmellyBelly\My Documents\recipe's
2014-07-05 10:38 - 2012-10-25 19:14 - 00000754 _____ () C:\Windows\WORDPAD.INI

Some content of TEMP:
====================
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:2-08-2014
Ran by SmellyBelly at 2014-08-03 22:39:18
Running from C:\Documents and Settings\SmellyBelly\Desktop\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D6346B4B-FDD6-C406-06FE-0CF77F561E78}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Compaq Help and Support Center (Version: 2.21 - Compaq Computer Corporation) Hidden
Compaq Management Agents (HKLM\...\IntMgmt) (Version: - )
Compaq Remote Diagnostics Enabling Agent (HKLM\...\{71A470E1-27E7-424E-803A-F9C0D41968D3}) (Version: - )
EASEUS Partition Master 5.8.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
Easy Access Button Support (HKLM\...\{93539D60-1817-11D1-9504-00805F26A89C}) (Version: - )
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - )
Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.10.0061 - Intel)
Lexmark Supplies Monitor (HKLM\...\Lexmark Supplies Monitor) (Version: - )
Lexmark Z25-Z35 (HKLM\...\Lexmark Z25-Z35) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
PC Matic 1.1.0.49 (HKLM\...\PC Matic_is1) (Version: 1.1.0.49 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.46 (HKLM\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.46 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.15 (HKLM\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.15 - PC Pitstop LLC.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Setup Compaq Software (HKLM\...\Setup Compaq Software) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SpywareGuard v2.2 (HKLM\...\SpywareGuard_is1) (Version: 2.2 - Javacool Software LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.5.1022 - SUPERAntiSpyware.com)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Vopt 9 (HKLM\...\{548CC5A0-F2E2-11DD-6172-0DC7E1C11916}) (Version: 9.21 - Golden Bow Systems)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
Windows Driver Package - AMD (AtiHDAudioService) MEDIA (05/11/2012 5.18.0.5514) (HKLM\...\8CD313DFB430EDB9D89A1156940CDE838307AB6A) (Version: 05/11/2012 5.18.0.5514 - AMD)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1079118523-3433162778-840360825-1005_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Update\1.3.21.111\psuse (the data entry has 13 more characters).

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-01-09 16:03 - 2001-08-18 10:00 - 00000734 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\Windows\system32\xp_eos.exe
Task: C:\Windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\Windows\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2002-01-24 04:09 - 2002-01-24 04:09 - 00174592 _____ () C:\Windows\system32\LEXPPS.EXE
2003-08-02 23:24 - 2003-08-02 23:24 - 00192512 ____R () C:\Program Files\SpywareGuard\dlprotect.dll
2003-08-02 23:20 - 2003-08-02 23:20 - 00126976 ____R () C:\Program Files\SpywareGuard\spywareguard.dll
2014-02-06 17:59 - 2010-08-19 22:39 - 00524288 _____ () C:\Program Files\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-06-20 20:28 - 2014-06-20 06:08 - 00192376 _____ () C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libBase64.dll
2014-06-20 20:28 - 2014-06-20 06:08 - 00180088 _____ () C:\Documents and Settings\All Users\Application Data\PCPitstopDat\datRT\libMachoUniv.dll
2009-01-09 16:21 - 2001-04-11 11:33 - 00018944 _____ () C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\DMIAPI32.DLL
2014-03-09 18:40 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-03-09 18:40 - 2011-12-14 10:22 - 00319488 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2014-02-06 17:59 - 2014-06-10 15:41 - 00184944 _____ () C:\Program Files\PCPitstop\Super Shield\PCMaticRTen.dll
2009-01-09 16:21 - 2001-04-11 11:33 - 00018944 _____ () C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin\DMIAPI32.dll
2014-03-09 18:40 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-03-09 18:40 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-07-23 09:19 - 2014-07-23 09:20 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 18:49 - 2014-07-08 18:49 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\Windows\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: ChkAdmin => C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
MSCONFIG\startupreg: CPQEASYACC => C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
MSCONFIG\startupreg: ctfmon.exe => C:\Windows\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: PROMon.exe => PROMon.exe
MSCONFIG\startupreg: Smapp => C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

==================== Faulty Device Manager Devices =============

Name: Compaq Easy Access PS2 Internet Keyboard
Description: Compaq Easy Access PS2 Internet Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: Compaq Computer Corporation
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 10:38:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2014 10:38:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2014 10:37:09 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (08/03/2014 10:37:09 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/03/2014 10:25:50 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (08/03/2014 10:25:50 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/03/2014 10:12:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (08/03/2014 10:12:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (08/03/2014 09:50:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (08/03/2014 09:50:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.


System errors:
=============
Error: (08/03/2014 10:33:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (08/03/2014 10:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (08/03/2014 10:21:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (08/03/2014 10:21:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (08/03/2014 10:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (08/03/2014 10:08:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (08/03/2014 10:04:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (08/03/2014 10:04:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.

Error: (08/03/2014 09:45:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (08/03/2014 09:45:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.


Microsoft Office Sessions:
=========================
Error: (08/03/2014 10:38:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2014 10:38:10 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/03/2014 10:37:09 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (08/03/2014 10:37:09 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance

Error: (08/03/2014 10:25:50 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (08/03/2014 10:25:50 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance

Error: (08/03/2014 10:12:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (08/03/2014 10:12:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance

Error: (08/03/2014 09:50:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (08/03/2014 09:50:10 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance


==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1023.48 MB
Available physical RAM: 213.7 MB
Total Pagefile: 1300.03 MB
Available Pagefile: 614.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:27.27 GB) (Free:18.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:10 GB) (Free:9.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 37 GB) (Disk ID: 689E689E)
Partition 1: (Active) - (Size=27 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

 

:geezer:

Link to comment
Share on other sites

I thought you were taking care of that young'un??

Did, was, am!

 

 

The script when finished will reboot the computer, don't be alarmed.

 

Simply download and copy fixlist.txt and FRST.exe to a folder of your choice and then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.

 

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

SearchScopes: HKCU - {8706833E-3FD5-487A-A5FA-DC36BBE1CCA5} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3314199&CUI=UN39991758639658803&UM=2

FF Extension: ShoppingChip - C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\uo-gyaoo@fn-rlma.org [2013-10-12]

CHR Extension: (ShoppingChip) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh [2013-10-12]

C:\Documents and Settings\SmellyBelly\Local Settings\Temp\Quarantine.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

Reboot:

End

Open FRST/FRST64 and press the Fix button just once and wait.

 

FRSTconsole-2.jpg

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Link to comment
Share on other sites

Here ya' go...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by SmellyBelly at 2014-08-04 09:13:56 Run:1
Running from C:\Documents and Settings\SmellyBelly\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - {8706833E-3FD5-487A-A5FA-DC36BBE1CCA5} URL = http://search.condui...8639658803&UM=2
FF Extension: ShoppingChip - C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\uo-gyaoo@fn-rlma.org [2013-10-12]
CHR Extension: (ShoppingChip) - C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh [2013-10-12]
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\Quarantine.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
Reboot:
End
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8706833E-3FD5-487A-A5FA-DC36BBE1CCA5}" => Key deleted successfully.
"HKCR\CLSID\{8706833E-3FD5-487A-A5FA-DC36BBE1CCA5}" => Key not found.
C:\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\uo-gyaoo@fn-rlma.org => Moved successfully.
C:\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh => Moved successfully.
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

:geezer:

Link to comment
Share on other sites

How's it running now?

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

Here's the results of ESET scan:

 

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh\1.1\BbJ0CMY4dm2.js Win32/Adware.MultiPlug.H application
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsd1D\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsmF\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\FRST\Quarantine\C\Documents and Settings\SmellyBelly\Application Data\Mozilla\Firefox\Profiles\i2mcwxo5.default\Extensions\uo-gyaoo@fn-rlma.org\content\bg.js Win32/Adware.MultiPlug.H application
C:\FRST\Quarantine\C\Documents and Settings\SmellyBelly\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh\1.1\BbJ0CMY4dm2.js Win32/Adware.MultiPlug.H application

 

 

 

:geezer:

Link to comment
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh\1.1\BbJ0CMY4dm2.js

C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsd1D\Helper.dll

C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsmF\Helper.dll

Reboot:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

How's the computer now?

Link to comment
Share on other sites

Seems to be doing alright! Here's the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:2-08-2014
Ran by SmellyBelly at 2014-08-04 11:20:00 Run:2
Running from C:\Documents and Settings\SmellyBelly\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh\1.1\BbJ0CMY4dm2.js
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsd1D\Helper.dll
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsmF\Helper.dll
Reboot:
End
*****************

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojlghpkcanbgapapmbliobfhjkfccibh\1.1\BbJ0CMY4dm2.js => Moved successfully.
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsd1D\Helper.dll => Moved successfully.
C:\Documents and Settings\SmellyBelly\Local Settings\Temp\nsmF\Helper.dll => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

:geezer:

Link to comment
Share on other sites

Yes, and he listens pretty well, BUT!, he IS a teenager...

 

post-3307-0-18634000-1407175020_thumb.jpg

 

 

 

 

# DelFix v10.8 - Logfile created 04/08/2014 at 12:54:59
# Updated 29/07/2014 by Xplode
# Username : SmellyBelly - KENNY
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\SmellyBelly\Desktop\AdwCleaner.exe
Deleted : C:\Documents and Settings\SmellyBelly\Desktop\dds.com
Deleted : C:\Documents and Settings\SmellyBelly\Desktop\dds.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

 

 

 

:geezer:

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...