Jump to content

outside forces are controlling my computer


Recommended Posts

Someone or something has taken over my computer.  I am getting software restriction policy messages.  I can not access Malwarebytes or AVG.  There have also been many other changes to my computer.  I tried to diagnose and clean but nothing has worked.  I did however run the VEW by Dino Rosso and here are the results.  I hope you can tell me what to do to fix my computer to a safe and useable state.  Thank you

 

Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/01/2014 1:51:28 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/01/2014 8:06:01 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 07/01/2014 8:06:00 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 07/01/2014 5:13:26 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 11.0.8106.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 07/01/2014 5:13:26 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application WINWORD.EXE, version 11.0.8106.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 06/01/2014 6:11:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 05/01/2014 5:35:25 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 05/01/2014 3:04:40 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 05/01/2014 12:23:23 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 04/01/2014 7:43:57 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 03/01/2014 9:30:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 03/01/2014 9:30:21 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 31/12/2013 5:26:50 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 31/12/2013 5:26:50 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 31/12/2013 5:26:50 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 28/12/2013 2:31:36 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/12/2013 2:36:46 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/12/2013 2:36:46 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/12/2013 2:36:46 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/12/2013 2:36:46 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 27/12/2013 2:36:46 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/01/2014 9:06:25 PM
Type: information Category: 0
Event: 0 Source: hpqcxs08
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:06:15 PM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 14/01/2014 9:06:11 PM
Type: information Category: 0
Event: 1 Source: avg9emc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:05:25 PM
Type: information Category: 0
Event: 0 Source: hpqddsvc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:01:41 PM
Type: information Category: 0
Event: 1 Source: avg9emc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:01:10 PM
Type: information Category: 0
Event: 1 Source: avg9emc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:41:57 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:41:57 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:41:02 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:41:02 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:40:24 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 8:40:24 PM
Type: information Category: 0
Event: 1904 Source: HHCTRL
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 7:39:10 PM
Type: information Category: 0
Event: 11729 Source: MsiInstaller
Product: Compatibility Pack for the 2007 Office system -- Configuration failed.

Log: 'Application' Date/Time: 14/01/2014 7:37:45 PM
Type: information Category: 0
Event: 0 Source: hpqcxs08
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 7:37:36 PM
Type: information Category: 0
Event: 1800 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 14/01/2014 7:37:34 PM
Type: information Category: 0
Event: 1 Source: avg9emc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 7:36:52 PM
Type: information Category: 0
Event: 0 Source: hpqddsvc
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:47:58 AM
Type: information Category: 0
Event: 7 Source: crypt32
Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Log: 'Application' Date/Time: 14/01/2014 9:47:55 AM
Type: information Category: 0
Event: 0 Source: McComponentHostService
The event description cannot be found.

Log: 'Application' Date/Time: 14/01/2014 9:46:25 AM
Type: information Category: 0
Event: 7 Source: crypt32
Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/01/2014 9:06:00 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\AVG\AVG9\avgui.exe has been restricted by your Administrator by location with policy rule {79bf1756-614f-4d57-94d6-5f4b120844a6} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 14/01/2014 9:05:27 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {79bf1756-614f-4d57-94d6-5f4b120844a6} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 14/01/2014 8:23:30 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {194c513c-1f54-4004-b6f7-7946665436ef} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 14/01/2014 7:36:48 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {42163848-31d2-4e00-8784-17813de333d6} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 14/01/2014 9:44:45 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {4dc01e0d-032d-4b27-a0df-5bbb684c178f} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 13/01/2014 5:09:07 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {6cba511a-2240-4cab-a9c5-5b9b101f042a} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 13/01/2014 4:51:49 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {5f235f05-12ae-4ff7-b8c1-2028399e3f60} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 12/01/2014 11:28:21 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {6fc94898-5ca4-4245-b489-3afc7bd508da} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 12/01/2014 10:35:28 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\AVG\AVG9\avgcsrvx.exe has been restricted by your Administrator by location with policy rule {6fc94898-5ca4-4245-b489-3afc7bd508da} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 12/01/2014 10:34:27 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\AVG\AVG9\avgcsrvx.exe has been restricted by your Administrator by location with policy rule {6fc94898-5ca4-4245-b489-3afc7bd508da} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 12/01/2014 9:50:24 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {77f605a8-0f1e-4e8f-a278-1efd73dc6c59} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 11/01/2014 10:51:23 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {2b214090-1b4d-44e7-b9d3-48524dbd30b2} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 11/01/2014 1:02:49 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {087b4a30-3f23-4609-8448-24267a6f14d9} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 11/01/2014 3:12:15 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {29dd4f28-2b91-4aac-84c8-12df6b4c6217} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 11/01/2014 3:11:47 AM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe has been restricted by your Administrator by location with policy rule {64900fc8-7505-43d5-8240-131e561a1e90} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 10/01/2014 9:11:33 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {64900fc8-7505-43d5-8240-131e561a1e90} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 10/01/2014 9:11:28 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {64900fc8-7505-43d5-8240-131e561a1e90} placed on path C:\Program Files\Malwarebytes' Anti-Malware

Log: 'Application' Date/Time: 10/01/2014 7:38:13 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {53901151-0fe2-43a2-953e-48452c537aad} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 10/01/2014 7:14:52 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {54464486-09d9-4018-b16a-0d3a66a92f2a} placed on path C:\Program Files\AVG

Log: 'Application' Date/Time: 10/01/2014 6:56:29 PM
Type: warning Category: 0
Event: 866 Source: Software Restriction Policies
Access to C:\PROGRA~1\AVG\AVG9\avgtray.exe has been restricted by your Administrator by location with policy rule {3d600651-1843-484c-8202-052401e95443} placed on path C:\Program Files\AVG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/01/2014 9:06:22 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Log: 'System' Date/Time: 14/01/2014 9:04:39 PM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 14/01/2014 9:01:04 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied. 

Log: 'System' Date/Time: 14/01/2014 9:00:56 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Office Source Engine service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 14/01/2014 9:00:53 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 14/01/2014 9:00:53 PM
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied. 

Log: 'System' Date/Time: 14/01/2014 9:00:53 PM
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 14/01/2014 9:00:53 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The AVG Free WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 14/01/2014 9:00:53 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 14/01/2014 8:52:31 PM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 14/01/2014 8:26:53 PM
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort0, did not respond within the timeout period.

Log: 'System' Date/Time: 14/01/2014 7:37:42 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Log: 'System' Date/Time: 14/01/2014 9:45:50 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Log: 'System' Date/Time: 14/01/2014 9:43:50 AM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.6 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 13/01/2014 6:43:31 PM
Type: error Category: 0
Event: 1002 Source: Dhcp
The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 13/01/2014 5:12:36 PM
Type: error Category: 0
Event: 4199 Source: Tcpip
The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address F8:27:93:1C:5E:41. Network operations on this system may be disrupted as a result.

Log: 'System' Date/Time: 13/01/2014 5:12:36 PM
Type: error Category: 0
Event: 4199 Source: Tcpip
The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address F8:27:93:1C:5E:41. Network operations on this system may be disrupted as a result.

Log: 'System' Date/Time: 13/01/2014 5:12:36 PM
Type: error Category: 0
Event: 4199 Source: Tcpip
The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address F8:27:93:1C:5E:41. Network operations on this system may be disrupted as a result.

Log: 'System' Date/Time: 13/01/2014 5:01:32 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Log: 'System' Date/Time: 13/01/2014 4:53:00 PM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/01/2014 9:08:03 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The HitmanPro 3.7 Support Driver service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:49 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The HTTP SSL service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:49 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The HTTP SSL service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:44 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the stopped state.

Log: 'System' Date/Time: 14/01/2014 9:06:42 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Remote Access Connection Manager service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:37 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the stopped state.

Log: 'System' Date/Time: 14/01/2014 9:06:27 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Application Layer Gateway Service service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:27 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Application Layer Gateway Service service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:26 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Remote Access Connection Manager service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:26 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Telephony service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:25 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The hpqcxs08 service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:24 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The SSDP Discovery Service service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The IMAPI CD-Burning COM Service service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Network Location Awareness (NLA) service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Network Location Awareness (NLA) service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The hpqcxs08 service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The SSDP Discovery Service service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:23 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The IMAPI CD-Burning COM Service service was successfully sent a start control.

Log: 'System' Date/Time: 14/01/2014 9:06:22 PM
Type: information Category: 0
Event: 7036 Source: Service Control Manager
The Fast User Switching Compatibility service entered the running state.

Log: 'System' Date/Time: 14/01/2014 9:06:22 PM
Type: information Category: 0
Event: 7035 Source: Service Control Manager
The Fast User Switching Compatibility service was successfully sent a start control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/01/2014 9:04:55 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 14/01/2014 9:04:55 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 13/01/2014 9:53:35 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 13/01/2014 5:00:52 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 13/01/2014 4:51:40 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 12/01/2014 11:26:02 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 12/01/2014 9:49:49 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 12/01/2014 9:49:26 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 10/01/2014 6:42:53 PM
Type: warning Category: 0
Event: 1005 Source: Dhcp
Your computer has detected that the IP address 192.168.1.2 for the Network Card with network address 00096BF31A74 is already in use on the network. Your computer will automatically attempt to obtain a different address.

Log: 'System' Date/Time: 10/01/2014 6:42:53 PM
Type: warning Category: 0
Event: 1005 Source: Dhcp
Your computer has detected that the IP address 0.0.0.0 for the Network Card with network address 00096BF31A74 is already in use on the network. Your computer will automatically attempt to obtain a different address.

Log: 'System' Date/Time: 10/01/2014 6:42:53 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 10/01/2014 11:07:46 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 10/01/2014 12:26:53 AM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to reboot PC1 failed

Log: 'System' Date/Time: 09/01/2014 12:06:00 PM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 09/01/2014 12:05:39 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/01/2014 10:55:27 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 09/01/2014 10:55:05 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00096BF31A74.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 09/01/2014 6:52:31 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Log: 'System' Date/Time: 09/01/2014 1:27:36 AM
Type: warning Category: 0
Event: 1006 Source: Dhcp
Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 00096BF31A74.  The following error occurred during configuration: The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address. .

Log: 'System' Date/Time: 09/01/2014 1:27:34 AM
Type: warning Category: 0
Event: 4 Source: E100B
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

 

Link to post
Share on other sites

  • Replies 101
  • Created
  • Last Reply

Top Posters In This Topic

Hi, no one has replied and I thought it must be because I do not have the DDS.txt and the Attach.txt included.  When I try to download DDS from here: dds.scr or here: dds.com it just opens up a blank page and nothing appears.  I assume it is because AVG is running but the software restriction policy will not let me open or access it in any way to disable or uninstall it.  What should I do?  I really need this computer fixed because my daughter relies on it to take online classes.  PLEASE help me.  Thank you

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Please try another browser if needed to download.  I've attached the DDS.COM file in a zip file to this post, please save it to your computer and open it and copy the file out to your desktop and then run it.

 

If possible please read the following and try to run the requested tools below as well and post back the logs.


General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

 

 

dds_file.zip

Link to post
Share on other sites

Thank you for helping me Ron. I know your time is valuable so I will be here as long as you are willing to show/tell me what to do. I am to the part where it says to disable my antivirus but that is one of the problems.  I can not even open my antivirus or malwarebytes.  When I try it gives me the software restriction message.  What should I do?

Link to post
Share on other sites

  • Root Admin

Okay, let's try the following then.  If needed you can download the file from another computer and transfer it to this computer via a USB stick.  If possible it's best to run it in Normal Mode but if it has trouble you can restart the computer and tap the F8 key and select Safe Mode with Networking and run it from there.
 
It too will complain about your antivirus but tell it to go ahead and run anyways.
 
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

OK...I think I am making progress.  I may be slow but I am determined.  I changed to Firefox and got Rkill to run and here are the results.  I will now try to back up the registry and then run the combofix.  Thank you for your patience.

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2014 02:54:51 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 01/17/2014 02:57:20 AM
Execution time: 0 hours(s), 2 minute(s), and 30 seconds(s)

Link to post
Share on other sites

I was going to back up the registry but there were a few things I was unsure about so I thought I would ask first.  The first thing was that it wanted to back up to  C:\filefolder\ERUNT.  The second thing and the one I wondered about most was that you said "Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO."  It was not going to give me this option, it was going to enter ERUNT in the startup folder so I canceled it until I checked with you.  I did however get RogueKiller to run and here is the results.  I will wait until I hear from you before I download and run the combofix in case you want me to back up the registry first. Thank you for everything you are doing for me.

 

 

RogueKiller V8.8.1 [Jan 14 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 01/17/2014 03:41:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Rundll32 (Rundll32.exe "C:\Documents and Settings\user\Application Data\Microsoft\Windows\unicode2.nls",0 [x][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : wrwkpj (regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\wrwkpj.dat" [x][-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1644491937-2077806209-725345543-1003\[...]\Run : Rundll32 (Rundll32.exe "C:\Documents and Settings\user\Application Data\Microsoft\Windows\unicode2.nls",0 [x][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1644491937-2077806209-725345543-1003\[...]\Run : wrwkpj (regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\wrwkpj.dat" [x][-]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{B2C297C1-48FF-4860-8EFB-1A326E2343D9} : NameServer (64.136.28.122 64.136.20.122 [uNITED STATES (US) - UNITED STATES (US)]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc0000033] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) IC35L060AVV207-0 +++++
--- User ---
[MBR] fbd890e921447628f79e222acb19f894
[bSP] 1ada8261c5d363e7125bce88a6942127 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01172014_034153.txt >>

 

Link to post
Share on other sites

Hi, I downloaded ComboFix to my desktop and started to run it.  It stopped and gave me a warning that it detected AVG as being active and to disable it before clicking OK.  My problem is that I can not open AVG to disable it. I have tried to disable it many times before I started doing other steps in this process, and I tried to disable it before starting to run ComboFix. I can not do anything to AVG. Anytime I click on AVG I get the software restriction policy notice.  I get this same notice if I try to uninstall AVG or to open it in anyway.  The only other option I can think of, and I do not know if it will work or not, would be to reboot my computer in safe mode and hope that it will let me open AVG.  I would go ahead and try this but I have ComboFix running and in the middle of doing what it does with the WARNING box open and saying to disable AVG before clicking OK which I presume will start ComboFix to finish what it is doing.  I do not want to click OK on the Combofix warning with AVG still running, and I cant reboot the computer with the Combofix Warning box open and ComboFix in the middle of running.  Please advise me on what I should do at this point.  I am just going to leave my computer like it is until I hear from you.  Thank you

Link to post
Share on other sites

Hi, I am on a borrowed computer at the moment.  I have been running the ComboFix for around three hours and it is not doing anything.  My screen is in screensaver mode but it is not moving.  It is frozen and has been for a long time.  I know you said not to touch the mouse or anything but it has been this way so long I thought I would move it just to see what it would do.  Well, it did not do anything.  It made no difference at all.  It is still frozen.  What should I do?  Thanks

Link to post
Share on other sites

Sorry, I forgot to tell you where I was with the ComboFix when it quit running.  ComboFix started running, it then backed up my registry.  After that it said my recovery application was not installed or something was wrong with it and asked me if I wanted it to download and install a new one.  I agreed and went through all the steps and it successfully installed my recovery.  After that a black box started running and doing some things and then it said it was going to check my computer for infections and it would take around 10 minutes or so or on a heavy infected computer twice that long.  After about 10 minutes or so it went to screen saver but it was moving at that time.  I left the computer for a short while and when I returned it was frozen and has been frozen ever since.  I hope this helps you with figuring out what I should do next.  Thank you for all of you time and help.

Link to post
Share on other sites

I am attemptjng to run ComboFix for the third time.  The last time I ran it and it started to search for infected files it ran for 23 minutes before it froze up again.  I am timing it once again.  I hope it will go ahead and run on through but at this point I have my doubts.  It has been scanning for 12 minutes so far.  I will update when finished or frozen...whichever comes first.

Link to post
Share on other sites

  • Root Admin

Okay, let's see if you can run this instead.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

OK, here they are:

 

esult of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 03
Ran by user (administrator) on PC1 on 17-01-2014 21:09:09
Running from C:\Documents and Settings\user\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\WgaTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(FUJI PHOTO FILM CO., LTD.) C:\Program Files\FinePixViewer\QuickDCF.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgemc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VMware Tools] - C:\Program Files\VMware\VMware Tools\VMwareTray.exe [49152 2006-08-04] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] - C:\Program Files\VMware\VMware Tools\VMwareUser.exe [102400 2006-08-04] (VMware, Inc.)
HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [REGSHAVE] - C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [AVG9_TRAY] - C:\Program Files\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [POINTER] - point32.exe
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\lozzide: C:\Documents and Settings\user\Local Settings\Application Data\lozzide.dll [X]
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Run: [cdloader] - C:\Documents and Settings\user\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [Rundll32] - Rundll32.exe "C:\Documents and Settings\user\Application Data\Microsoft\Windows\unicode2.nls",0 <===== ATTENTION
HKCU\...\Run: [Google Update] - C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-08-27] (Google Inc.)
HKCU\...\Run: [wrwkpj] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\wrwkpj.dat" <===== ATTENTION
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
MountPoints2: {2f84ea73-0f7f-11e3-af11-00096bf31a74} - E:\autorun.exe
MountPoints2: {68c289d0-05db-11de-a784-00096bf31a74} - E:\autorun.exe
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
HKU\All Users\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
ShortcutTarget: Exif Launcher.lnk -> C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\HpM3Util.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE8HP&PC=UP68
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE8HP&PC=UP68
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7482EC31-4F83-4F35-BC48-879B20DD2EB1} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {C33AFCF4-3961-4E5B-8FD5-CE249A541908} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKCU - No Name - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} -  No File
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} http://chat.yahoo.com/cab/yuplapp.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\og07hiov.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\user\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPJinit13128.dll (Oracle Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user\Application Data\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user\Application Data\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\og07hiov.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-09-23]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-27]
FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG9\Firefox [2010-01-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-12-12]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-11-27]

========================== Services (Whitelisted) =================

R2 avg9emc; C:\Program Files\AVG\AVG9\avgemc.exe [921952 2010-08-05] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-08-05] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-12-12] (Sun Microsystems, Inc.)
S2 VMTools; C:\Program Files\VMware\VMware Tools\VMwareService.exe [135168 2006-08-04] (VMware, Inc.)
S3 WMConnectCDS; C:\Program Files\Windows Media Connect 2\wmccds.exe [855552 2005-10-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-15] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-05] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 EGATHDRV; C:\WINDOWS\system32\EGATHDRV.SYS [11712 2006-06-29] (IBM Corporation)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40832 2002-06-03] (Creative Technology Ltd.)
S3 FINEPIX_PCC; C:\Windows\System32\Drivers\V4CB011D.SYS [81700 2002-05-07] (FUJI PHOTO FILM CO.,LTD.)
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R3 HCF_MSFT; C:\Windows\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R2 hgfs; C:\Windows\System32\DRIVERS\hgfs.sys [83831 2006-08-04] (VMware, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 IPFilter; C:\Windows\System32\DRIVERS\IPFilter.sys [10192 2001-08-23] (Microsoft Corporation)
R2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-01-08] (CACE Technologies, Inc.)
S3 P101bVID; C:\Windows\System32\DRIVERS\P101bVid.sys [184362 2002-04-27] (Creative Technology Ltd.)
R0 vmscsi; C:\Windows\System32\DRIVERS\vmscsi.sys [10880 2006-08-04] (VMware, Inc.)
S3 vmxnet; C:\Windows\System32\DRIVERS\vmxnet.sys [22528 2006-08-04] (VMware, Inc.)
S3 vmx_svga; C:\Windows\System32\DRIVERS\vmx_svga.sys [15744 2006-08-04] (VMware, Inc.)
S3 catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S3 PRISM_A02; system32\DRIVERS\PRISMA02.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TrueSight; \??\ [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 21:09 - 2014-01-17 21:09 - 00016947 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2014-01-17 21:03 - 2014-01-17 21:03 - 00000000 ____D C:\FRST
2014-01-17 21:01 - 2014-01-17 21:01 - 01220608 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2014-01-17 20:28 - 2014-01-17 20:48 - 00000000 ___SD C:\ComboFix
2014-01-17 19:33 - 2014-01-17 20:57 - 00003413 _____ C:\WINDOWS\setupapi.log
2014-01-17 16:18 - 2006-09-10 11:02 - 00000211 _____ C:\Boot.bak
2014-01-17 16:18 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-17 16:17 - 2014-01-17 16:18 - 00000000 _RSHD C:\cmdcons
2014-01-17 16:14 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-17 16:14 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-17 16:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-17 16:14 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-17 10:26 - 2014-01-17 16:13 - 00000000 ____D C:\Qoobox
2014-01-17 10:25 - 2014-01-17 10:25 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-17 10:23 - 2014-01-17 10:23 - 05167985 ____R (Swearware) C:\Documents and Settings\user\Desktop\ComboFix.exe
2014-01-17 03:41 - 2014-01-17 03:41 - 00002634 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_01172014_034153.txt
2014-01-17 03:36 - 2014-01-17 03:43 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2014-01-17 03:12 - 2014-01-17 03:12 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\user\Desktop\erunt-setup.exe
2014-01-17 02:53 - 2014-01-17 02:54 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\iExplore.exe
2014-01-17 02:48 - 2014-01-17 02:48 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2014-01-15 00:44 - 2014-01-15 01:51 - 00029981 _____ C:\VEW.txt
2014-01-15 00:40 - 2014-01-15 00:53 - 00061440 _____ ( ) C:\Documents and Settings\user\Desktop\VEW.exe
2014-01-14 20:44 - 2014-01-14 20:44 - 00000060 _____ C:\WINDOWS\setupact.log
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-14 20:37 - 2014-01-14 20:37 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-14 20:19 - 2014-01-14 20:19 - 00135464 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll
2014-01-14 10:02 - 2014-01-14 10:22 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2014-01-12 10:03 - 2014-01-12 10:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2778344$
2014-01-12 10:02 - 2014-01-12 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981852$
2014-01-10 23:47 - 2014-01-17 10:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-10 21:30 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-01-10 21:30 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-01-10 21:24 - 2014-01-10 23:12 - 00000000 ____D C:\VIPRERESCUE
2014-01-10 21:02 - 2014-01-17 02:57 - 00002118 _____ C:\Documents and Settings\user\Desktop\Rkill.txt
2014-01-10 00:48 - 2014-01-11 02:47 - 00000528 _____ C:\WINDOWS\system32\.crusader
2014-01-10 00:36 - 2014-01-10 00:36 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-10 00:35 - 2014-01-10 00:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-01-09 23:25 - 2014-01-09 23:25 - 00000242 _____ C:\Documents and Settings\user\Desktop\defogger_enable.log
2014-01-09 23:18 - 2014-01-09 23:18 - 00182826 _____ C:\Documents and Settings\user\Desktop\MGlogs.zip
2014-01-09 23:11 - 2014-01-09 23:18 - 00182826 _____ C:\MGlogs.zip
2014-01-09 23:11 - 2014-01-09 23:18 - 00000000 ____D C:\MGtools
2014-01-09 23:09 - 2014-01-09 23:10 - 09452704 _____ (SurfRight B.V.) C:\Documents and Settings\user\Desktop\HitmanPro.exe
2014-01-09 23:07 - 2014-01-09 23:08 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\user\Desktop\tdsskiller.exe
2014-01-09 23:06 - 2014-01-17 03:35 - 03809280 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2014-01-09 22:54 - 2014-01-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\user\My Documents\mb.exe
2014-01-09 22:05 - 2014-01-09 22:06 - 00000470 _____ C:\Documents and Settings\user\Desktop\defogger_disable.log
2014-01-09 21:19 - 2014-01-10 21:11 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-09 12:58 - 2014-01-09 12:58 - 00197576 _____ C:\Documents and Settings\All Users\Application Data\wrwkpj.dat
2014-01-08 15:52 - 2014-01-08 15:53 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\NETGEARGenie
2014-01-08 15:52 - 2014-01-08 15:52 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2014-01-08 15:52 - 2014-01-08 15:52 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2014-01-08 15:52 - 2014-01-08 15:52 - 00035088 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2014-01-08 13:33 - 2010-06-30 03:27 - 00049904 ____R (Avanquest Software) C:\WINDOWS\system32\Drivers\BVRPMPR5.SYS
2014-01-08 13:32 - 2014-01-09 23:53 - 00000000 ____D C:\Netgear
2013-12-30 02:33 - 2013-12-30 02:33 - 00000000 ____D C:\Program Files\ESET
2013-12-30 02:26 - 2013-12-30 02:26 - 00891200 _____ C:\Documents and Settings\user\Desktop\SecurityCheck.exe
2013-12-30 02:21 - 2013-12-30 02:21 - 00052406 _____ C:\Documents and Settings\user\Desktop\OTL.Txt
2013-12-30 02:21 - 2013-12-30 02:21 - 00043768 _____ C:\Documents and Settings\user\Desktop\Extras.Txt
2013-12-30 02:09 - 2013-12-30 02:09 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTL.exe
2013-12-30 01:54 - 2014-01-10 11:57 - 00000000 ____D C:\AdwCleaner
2013-12-29 11:35 - 2013-12-29 11:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Malwarebytes
2013-12-29 11:34 - 2014-01-10 21:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-29 11:34 - 2014-01-10 21:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-29 11:34 - 2013-12-29 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-29 11:34 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-29 11:31 - 2013-12-29 11:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\user\Desktop\Anti-Malware Sca - mbam-setup-1.75.0.1300.exe
2013-12-29 11:00 - 2013-12-29 11:00 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\Temp File Cleaner-TFC.exe
2013-12-20 15:34 - 2013-12-20 15:35 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-01-17 21:09 - 2014-01-17 21:09 - 00016947 _____ C:\Documents and Settings\user\Desktop\FRST.txt
2014-01-17 21:03 - 2014-01-17 21:03 - 00000000 ____D C:\FRST
2014-01-17 21:01 - 2014-01-17 21:01 - 01220608 _____ (Farbar) C:\Documents and Settings\user\Desktop\FRST.exe
2014-01-17 20:57 - 2014-01-17 19:33 - 00003413 _____ C:\WINDOWS\setupapi.log
2014-01-17 20:57 - 2006-09-10 11:05 - 01280239 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-17 20:57 - 2004-08-04 07:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2014-01-17 20:56 - 2006-09-10 06:48 - 00000157 ____C C:\WINDOWS\wiadebug.log
2014-01-17 20:56 - 2006-09-10 06:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-17 20:55 - 2006-09-10 11:14 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2014-01-17 20:48 - 2014-01-17 20:28 - 00000000 ___SD C:\ComboFix
2014-01-17 20:29 - 2006-09-10 11:14 - 00032320 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-17 19:46 - 2010-01-13 09:55 - 00000000 ____D C:\WINDOWS\system32\Drivers\Avg
2014-01-17 19:37 - 2013-08-27 20:14 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003UA.job
2014-01-17 16:18 - 2014-01-17 16:17 - 00000000 _RSHD C:\cmdcons
2014-01-17 16:18 - 2006-09-10 06:45 - 00000327 __RSH C:\boot.ini
2014-01-17 16:13 - 2014-01-17 10:26 - 00000000 ____D C:\Qoobox
2014-01-17 10:36 - 2013-08-27 20:14 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003Core.job
2014-01-17 10:25 - 2014-01-17 10:25 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-17 10:23 - 2014-01-17 10:23 - 05167985 ____R (Swearware) C:\Documents and Settings\user\Desktop\ComboFix.exe
2014-01-17 10:01 - 2014-01-10 23:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-17 04:43 - 2006-09-10 11:14 - 00000278 __SHC C:\Documents and Settings\user\ntuser.ini
2014-01-17 03:43 - 2014-01-17 03:36 - 00000000 ____D C:\Documents and Settings\user\Desktop\RK_Quarantine
2014-01-17 03:41 - 2014-01-17 03:41 - 00002634 _____ C:\Documents and Settings\user\Desktop\RKreport[0]_S_01172014_034153.txt
2014-01-17 03:35 - 2014-01-09 23:06 - 03809280 _____ C:\Documents and Settings\user\Desktop\RogueKiller.exe
2014-01-17 03:12 - 2014-01-17 03:12 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\user\Desktop\erunt-setup.exe
2014-01-17 02:57 - 2014-01-10 21:02 - 00002118 _____ C:\Documents and Settings\user\Desktop\Rkill.txt
2014-01-17 02:54 - 2014-01-17 02:53 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\iExplore.exe
2014-01-17 02:48 - 2014-01-17 02:48 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\user\Desktop\rkill.exe
2014-01-17 02:26 - 2008-11-04 23:45 - 00000330 ____H C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-01-15 12:50 - 2006-09-10 11:25 - 00000000 __SHD C:\Documents and Settings\user\UserData
2014-01-15 01:51 - 2014-01-15 00:44 - 00029981 _____ C:\VEW.txt
2014-01-15 00:53 - 2014-01-15 00:40 - 00061440 _____ ( ) C:\Documents and Settings\user\Desktop\VEW.exe
2014-01-14 20:44 - 2014-01-14 20:44 - 00000060 _____ C:\WINDOWS\setupact.log
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-14 20:37 - 2014-01-14 20:37 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-01-14 20:19 - 2014-01-14 20:19 - 00135464 _____ (SurfRight B.V.) C:\WINDOWS\system32\LnkProtect.dll
2014-01-14 19:37 - 2013-09-29 18:59 - 00002353 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2014-01-14 14:18 - 2006-09-10 06:42 - 00000000 ____D C:\WINDOWS\security
2014-01-14 14:16 - 2006-11-20 03:21 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-14 10:22 - 2014-01-14 10:02 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2014-01-12 23:25 - 2006-09-10 06:46 - 00265416 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-12 10:03 - 2014-01-12 10:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2778344$
2014-01-12 10:02 - 2014-01-12 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981852$
2014-01-12 10:00 - 2006-09-10 11:29 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-11 03:21 - 2013-09-13 00:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-01-11 02:47 - 2014-01-10 00:48 - 00000528 _____ C:\WINDOWS\system32\.crusader
2014-01-10 23:12 - 2014-01-10 21:24 - 00000000 ____D C:\VIPRERESCUE
2014-01-10 21:11 - 2014-01-09 21:19 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-10 21:11 - 2013-12-29 11:34 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-10 21:11 - 2013-12-29 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-10 12:58 - 2009-03-31 07:04 - 00000000 ____D C:\Documents and Settings\user\Application Data\QuickScan
2014-01-10 11:57 - 2013-12-30 01:54 - 00000000 ____D C:\AdwCleaner
2014-01-10 01:28 - 2013-08-27 20:14 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\GVJackApp
2014-01-10 00:47 - 2014-01-10 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-01-10 00:36 - 2014-01-10 00:36 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-09 23:53 - 2014-01-08 13:32 - 00000000 ____D C:\Netgear
2014-01-09 23:25 - 2014-01-09 23:25 - 00000242 _____ C:\Documents and Settings\user\Desktop\defogger_enable.log
2014-01-09 23:18 - 2014-01-09 23:18 - 00182826 _____ C:\Documents and Settings\user\Desktop\MGlogs.zip
2014-01-09 23:18 - 2014-01-09 23:11 - 00182826 _____ C:\MGlogs.zip
2014-01-09 23:18 - 2014-01-09 23:11 - 00000000 ____D C:\MGtools
2014-01-09 23:10 - 2014-01-09 23:09 - 09452704 _____ (SurfRight B.V.) C:\Documents and Settings\user\Desktop\HitmanPro.exe
2014-01-09 23:08 - 2014-01-09 23:07 - 04121952 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\user\Desktop\tdsskiller.exe
2014-01-09 22:54 - 2014-01-09 22:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\user\My Documents\mb.exe
2014-01-09 22:06 - 2014-01-09 22:05 - 00000470 _____ C:\Documents and Settings\user\Desktop\defogger_disable.log
2014-01-09 14:52 - 2006-09-10 11:11 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-09 12:58 - 2014-01-09 12:58 - 00197576 _____ C:\Documents and Settings\All Users\Application Data\wrwkpj.dat
2014-01-08 23:09 - 2006-12-27 21:04 - 00000151 ____C C:\WINDOWS\PhotoSnapViewer.INI
2014-01-08 15:53 - 2014-01-08 15:52 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\NETGEARGenie
2014-01-08 15:52 - 2014-01-08 15:52 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2014-01-08 15:52 - 2014-01-08 15:52 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2014-01-08 15:52 - 2014-01-08 15:52 - 00035088 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2014-01-07 01:43 - 2006-09-10 06:42 - 00000000 ____D C:\WINDOWS\Help
2013-12-30 02:33 - 2013-12-30 02:33 - 00000000 ____D C:\Program Files\ESET
2013-12-30 02:26 - 2013-12-30 02:26 - 00891200 _____ C:\Documents and Settings\user\Desktop\SecurityCheck.exe
2013-12-30 02:21 - 2013-12-30 02:21 - 00052406 _____ C:\Documents and Settings\user\Desktop\OTL.Txt
2013-12-30 02:21 - 2013-12-30 02:21 - 00043768 _____ C:\Documents and Settings\user\Desktop\Extras.Txt
2013-12-30 02:09 - 2013-12-30 02:09 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\OTL.exe
2013-12-29 11:35 - 2013-12-29 11:35 - 00000000 ____D C:\Documents and Settings\user\Application Data\Malwarebytes
2013-12-29 11:34 - 2013-12-29 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-29 11:32 - 2013-12-29 11:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Documents and Settings\user\Desktop\Anti-Malware Sca - mbam-setup-1.75.0.1300.exe
2013-12-29 11:00 - 2013-12-29 11:00 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\user\Desktop\Temp File Cleaner-TFC.exe
2013-12-22 11:12 - 2013-09-23 14:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-20 15:35 - 2013-12-20 15:34 - 00000000 ____D C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ==

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 03
Ran by user at 2014-01-17 21:11:12
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader 7.0 (Version: 7.0.0 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI Display Driver (Version: 8.231-060221a1-030895C-ATI - )
AVG Free 9.0 (Version:  - AVG Technologies)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (Version: 3.15 - Piriform)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000 - Microsoft Corporation)
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
Creative WebCam Control (Version:  - )
Creative WebCam Driver (1.02.08.0807) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (Version:  - )
F2400 (Version: 130.0.373.000 - Hewlett-Packard) Hidden
FinePixViewer Ver.3.2 (Version: 3.2 - FUJI PHOTO FILM CO.,LTD.)
FinePixViewer Ver.3.2 (Version: 3.2 - FUJI PHOTO FILM CO.,LTD.) Hidden
FUJIFILM USB Driver (Version:  - )
Google Earth (Version: 4.2.205.5730 - Google)
Google Talk Plugin (Version: 4.9.1.16010 - Google)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Image Web Server 8.1 IE Plugin (3,4,0,242) (Version: 3.4.0.242 - ER Mapper)
ImageMixer VCD for FinePix (Version:  - )
Intel® Extreme Graphics Driver (Version:  - )
Intel® PRO Network Connections Drivers (Version:  - )
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (Version: 6.0.290 - Oracle)
K-Lite Codec Pack 2.76 Full (Version: 2.76 - )
magicJack (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB953297) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Download Manager (Version: 1.2.1 - Microsoft Corporation)
Microsoft IntelliPoint 4.0 (Version: 4.00.0657 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
MicroStaff WINASPI (Version:  - )
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (Version: 7.00.0087 - Nero AG)
Oracle JInitiator 1.3.1.28 (Version:  - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealFlight Add-ons Volume 1 (Version:  - )
RealFlight G3 R/C Simulator (Version:  - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SoundMAX (Version:  - )
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
TOAST.net (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
UltraISO Premium V8.51 (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VMware Tools (Version: 3.1.0000 - VMware, Inc.)
WebCam Monitor (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation)
Windows Media Format Runtime (Version:  - )
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version:  - )
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (Version:  - )
Yahoo! Messenger (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

26-11-2013 19:14:54 System Checkpoint
28-11-2013 16:32:15 System Checkpoint
29-11-2013 16:38:52 System Checkpoint
01-12-2013 07:01:25 System Checkpoint
02-12-2013 21:48:57 System Checkpoint
03-12-2013 13:23:06 Avg Update
04-12-2013 15:23:06 System Checkpoint
04-12-2013 23:34:26 Avg Update
06-12-2013 02:43:54 System Checkpoint
07-12-2013 14:30:33 System Checkpoint
08-12-2013 16:38:39 System Checkpoint
09-12-2013 21:54:58 System Checkpoint
10-12-2013 22:00:49 System Checkpoint
11-12-2013 14:21:43 Software Distribution Service 3.0
13-12-2013 00:09:01 System Checkpoint
14-12-2013 18:55:31 System Checkpoint
16-12-2013 05:12:12 System Checkpoint
17-12-2013 06:03:41 System Checkpoint
18-12-2013 06:24:07 System Checkpoint
19-12-2013 13:56:46 System Checkpoint
20-12-2013 23:23:25 System Checkpoint
21-12-2013 23:28:38 System Checkpoint
23-12-2013 04:51:08 System Checkpoint
24-12-2013 05:06:34 System Checkpoint
25-12-2013 15:10:28 System Checkpoint
26-12-2013 16:53:54 System Checkpoint
28-12-2013 16:31:26 System Checkpoint
29-12-2013 17:01:42 System Checkpoint
30-12-2013 18:51:36 System Checkpoint
31-12-2013 20:14:03 System Checkpoint
02-01-2014 04:28:02 System Checkpoint
03-01-2014 16:22:24 System Checkpoint
04-01-2014 18:22:05 System Checkpoint
05-01-2014 19:16:32 System Checkpoint
07-01-2014 01:07:41 System Checkpoint
08-01-2014 02:43:13 System Checkpoint
09-01-2014 03:37:29 System Checkpoint
10-01-2014 05:18:50 System Checkpoint
11-01-2014 08:07:46 System Checkpoint
12-01-2014 14:59:26 Software Distribution Service 3.0
13-01-2014 23:17:20 System Checkpoint
15-01-2014 03:30:28 System Checkpoint
15-01-2014 23:08:19 Avg Update
17-01-2014 16:35:52 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 07:00 - 2004-08-04 07:00 - 00000734 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003Core.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003UA.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2006-09-10 15:21 - 2004-12-26 19:34 - 00121344 ____C () C:\Program Files\WinRAR\rarext.dll
2006-09-10 11:16 - 2006-08-04 12:03 - 00122880 _____ () C:\WINDOWS\System32\hgfs.dll
2013-12-20 15:34 - 2013-12-20 15:35 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2014 08:32:17 PM) (Source: ESENT) (User: )
Description: Catalog Database (1108) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb was partially detached.  Error -1032 encountered updating database headers.

Error: (01/17/2014 08:32:17 PM) (Source: ESENT) (User: )
Description: Catalog Database (1108) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error -1032.

Error: (01/17/2014 08:32:16 PM) (Source: ESENT) (User: )
Description: svchost (1108) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/17/2014 07:55:35 PM) (Source: ESENT) (User: )
Description: Catalog Database (1104) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached.  Error -1032 encountered updating database headers.

Error: (01/17/2014 07:55:35 PM) (Source: ESENT) (User: )
Description: Catalog Database (1104) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (01/17/2014 07:55:34 PM) (Source: ESENT) (User: )
Description: svchost (1104) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/17/2014 04:22:00 PM) (Source: ESENT) (User: )
Description: Catalog Database (1120) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached.  Error -1032 encountered updating database headers.

Error: (01/17/2014 04:21:59 PM) (Source: ESENT) (User: )
Description: Catalog Database (1120) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error -1032.

Error: (01/17/2014 04:21:59 PM) (Source: ESENT) (User: )
Description: svchost (1120) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/17/2014 04:39:44 AM) (Source: Application Hang) (User: )
Description: Hanging application SUPERAntiSpyware.exe, version 5.7.0.1016, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/17/2014 08:56:38 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Error: (01/17/2014 08:23:19 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Error: (01/17/2014 07:33:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Error: (01/17/2014 09:46:48 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Error: (01/17/2014 09:45:06 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 00096BF31A74 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (01/16/2014 10:47:12 PM) (Source: 0) (User: )
Description: 192.168.1.2F8:27:93:1C:5E:41

Error: (01/16/2014 10:47:12 PM) (Source: 0) (User: )
Description: 192.168.1.2F8:27:93:1C:5E:41

Error: (01/16/2014 10:47:12 PM) (Source: 0) (User: )
Description: 192.168.1.2F8:27:93:1C:5E:41

Error: (01/16/2014 09:45:03 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Error: (01/16/2014 09:13:07 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.


Microsoft Office Sessions:
=========================
Error: (01/17/2014 08:32:17 PM) (Source: ESENT)(User: )
Description: Catalog Database1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032

Error: (01/17/2014 08:32:17 PM) (Source: ESENT)(User: )
Description: Catalog Database1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032

Error: (01/17/2014 08:32:16 PM) (Source: ESENT)(User: )
Description: svchost1108C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (01/17/2014 07:55:35 PM) (Source: ESENT)(User: )
Description: Catalog Database1104C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (01/17/2014 07:55:35 PM) (Source: ESENT)(User: )
Description: Catalog Database1104C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (01/17/2014 07:55:34 PM) (Source: ESENT)(User: )
Description: svchost1104C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (01/17/2014 04:22:00 PM) (Source: ESENT)(User: )
Description: Catalog Database1120C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (01/17/2014 04:21:59 PM) (Source: ESENT)(User: )
Description: Catalog Database1120C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032

Error: (01/17/2014 04:21:59 PM) (Source: ESENT)(User: )
Description: svchost1120C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (01/17/2014 04:39:44 AM) (Source: Application Hang)(User: )
Description: SUPERAntiSpyware.exe5.7.0.1016hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 74%
Total physical RAM: 509.98 MB
Available physical RAM: 132.26 MB
Total Pagefile: 1979.61 MB
Available Pagefile: 1483.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:24.58 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: B02FB02F)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ==

Link to post
Share on other sites

  • Root Admin

No the computer has a lot of software restriction policies in place that are preventing the applications from running.

 

Running the following fix should help it quite a bit but even once that's done we'll have more work to do still.

Not sure how much I'll be around this weekend as I'll be in and out but I'll respond as quickly as I can.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

It ran perfectly.  Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 03
Ran by user at 2014-01-18 00:55:21 Run:1
Running from C:\Documents and Settings\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [NWEReboot] - [x]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\ESET <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\lozzide: C:\Documents and Settings\user\Local Settings\Application Data\lozzide.dll [X]
HKCU\...\Run: [Rundll32] - Rundll32.exe "C:\Documents and Settings\user\Application Data\Microsoft\Windows\unicode2.nls",0 <===== ATTENTION
HKCU\...\Run: [Google Update] - C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-08-27] (Google Inc.)
HKCU\...\Run: [wrwkpj] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\wrwkpj.dat" <===== ATTENTION
MountPoints2: {2f84ea73-0f7f-11e3-af11-00096bf31a74} - E:\autorun.exe
MountPoints2: {68c289d0-05db-11de-a784-00096bf31a74} - E:\autorun.exe
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
HKU\All Users\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe [ 2005-09-04] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\HpM3Util.exe ()
C:\Documents and Settings\user\Local Settings\Application Data\lozzide.dll
C:\Documents and Settings\All Users\Application Data\wrwkpj.dat
C:\Documents and Settings\user\Start Menu\Programs\Startup\HpM3Util.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE8HP&PC=UP68
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE8HP&PC=UP68
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7482EC31-4F83-4F35-BC48-879B20DD2EB1} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {C33AFCF4-3961-4E5B-8FD5-CE249A541908} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-12-12]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-12-12] (Sun Microsystems, Inc.)
C:\Documents and Settings\user\Local Settings\Temp\ntdll_dump.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003Core.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003UA.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lozzide => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Rundll32 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\wrwkpj => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f84ea73-0f7f-11e3-af11-00096bf31a74} => Key deleted successfully.
HKCR\CLSID\{2f84ea73-0f7f-11e3-af11-00096bf31a74} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68c289d0-05db-11de-a784-00096bf31a74} => Key deleted successfully.
HKCR\CLSID\{68c289d0-05db-11de-a784-00096bf31a74} => Key not found.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
HKU\All Users\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk => Moved successfully.
C:\Documents and Settings\user\Start Menu\Programs\Startup\HpM3Util.exe => Moved successfully.
"C:\Documents and Settings\user\Local Settings\Application Data\lozzide.dll" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\wrwkpj.dat => Moved successfully.
"C:\Documents and Settings\user\Start Menu\Programs\Startup\HpM3Util.exe" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7482EC31-4F83-4F35-BC48-879B20DD2EB1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7482EC31-4F83-4F35-BC48-879B20DD2EB1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C33AFCF4-3961-4E5B-8FD5-CE249A541908} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C33AFCF4-3961-4E5B-8FD5-CE249A541908} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin => Key deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => Moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff => Moved successfully.
JavaQuickStarterService => Service deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-2077806209-725345543-1003UA.job => Moved successfully.
C:\WINDOWS\Tasks\MP Scheduled Scan.job => Moved successfully.

The system needs a manual reboot.

 

I will reboot the computer now.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.