Jump to content

Problem after free malwarebytes scan


Recommended Posts

After running a full malwarebytes scan, I rebooted my pc  my email client is acting strange.  The following is the details of an error message.    Exception: ACCESS_VIOLATION (C0000005) - on reading from 03D80396
Faulting Offset: 0000427B
Module: ImApp.exe

0000427B     ImApp.exe
 

 My scan before this problem discovered 45 threats.  Can you help me fix this problem?  Thank You   Larry

Link to post
Share on other sites

I am sorry for not posting the Farbar scan logs.  Below are the scan logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-04-2014 01
Ran by Larry (administrator) on LARRY-C87793EAA on 27-04-2014 12:15:34
Running from C:\Documents and Settings\Larry\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Documents and Settings\Larry\My Documents\Downloads\msert.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [TWC.Win7] => C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0ByBzzyE0F0ByB0C0B0AtByDyEtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1573783789&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0ByBzzyE0F0ByB0C0B0AtByDyEtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1573783789&ir=
SearchScopes: HKCU - DefaultScope {F8201632-B971-4755-8628-ADF328A16F4A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0ByBzzyE0F0ByB0C0B0AtByDyEtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1573783789&ir=
SearchScopes: HKCU - {F8201632-B971-4755-8628-ADF328A16F4A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtC0ByBzzyE0F0ByB0C0B0AtByDyEtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1573783789&ir=
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365535525906
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default
FF user.js: detected! => C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\user.js
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\Extensions\staged [2013-11-01]
FF Extension: HP Detect - C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-01-03] (CACE Technologies, Inc.)
S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [2699488 2012-08-24] (Ralink Technology, Corp.)
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [332928 2008-06-26] (Realtek Semiconductor Corporation                           )
R3 VX6000; C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys [2074480 2010-01-29] (Microsoft Corporation
)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [195424 2013-04-15] (Jungo)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-27 12:15 - 2014-04-27 12:15 - 00000000 ____D () C:\FRST
2014-04-25 10:43 - 2014-04-26 10:59 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-24 16:27 - 2014-04-25 10:13 - 00005092 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-09 18:50 - 2014-04-25 10:14 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-09 18:50 - 2014-04-13 09:54 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 08:23 - 2014-04-24 08:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-29 10:19 - 2014-04-24 16:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-27 12:15 - 2014-04-27 12:15 - 00000000 ____D () C:\FRST
2014-04-27 12:04 - 2013-04-26 19:27 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job
2014-04-27 11:49 - 2013-11-01 11:49 - 00000414 _____ () C:\WINDOWS\Tasks\At2.job
2014-04-27 11:49 - 2013-11-01 11:49 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-27 11:49 - 2013-04-09 16:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-27 08:17 - 2013-04-16 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-27 05:49 - 2013-04-04 16:11 - 00032558 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-26 23:15 - 2013-04-04 16:06 - 01681673 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-26 10:59 - 2014-04-25 10:43 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 15:54 - 2014-04-25 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:28 - 2013-04-04 16:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-25 10:19 - 2013-04-04 10:21 - 00590352 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-25 10:17 - 2013-04-04 16:12 - 00000000 ____D () C:\Documents and Settings\Larry
2014-04-25 10:15 - 2013-04-12 09:35 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-04-25 10:15 - 2013-04-12 09:35 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-04-25 10:15 - 2004-08-04 06:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-25 10:14 - 2014-04-09 18:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-25 10:14 - 2013-04-04 16:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-25 10:13 - 2014-04-24 16:27 - 00005092 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-25 10:13 - 2013-04-17 09:53 - 03137227 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-527237240-725345543-1003-0.dat
2014-04-25 10:13 - 2013-04-17 09:53 - 00146378 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-25 10:13 - 2013-04-04 16:12 - 00000178 ___SH () C:\Documents and Settings\Larry\ntuser.ini
2014-04-25 10:08 - 2013-04-10 20:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-04-25 10:04 - 2014-02-22 16:18 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-24 16:39 - 2014-03-29 10:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-24 16:27 - 2013-09-20 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-04-24 16:23 - 2013-04-17 10:16 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\Unused Desktop Shortcuts
2014-04-24 08:56 - 2013-09-20 10:05 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\NETGEARGenie
2014-04-24 08:44 - 2014-03-31 08:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-04-18 15:02 - 2013-02-26 23:40 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-04-13 14:12 - 2014-03-18 16:12 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-04-13 14:12 - 2014-03-18 16:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-13 14:05 - 2013-09-04 14:29 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Downloaded Installations
2014-04-13 09:57 - 2013-04-11 17:04 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Adobe
2014-04-13 09:57 - 2013-04-09 16:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-13 09:57 - 2013-04-09 16:28 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-13 09:54 - 2014-04-09 18:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-10 18:29 - 2013-04-04 11:33 - 00012638 _____ () C:\Documents and Settings\Larry\My Documents\Current meds Larry.odt
2014-04-09 18:49 - 2013-05-17 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 18:35 - 2013-08-15 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 18:32 - 2013-04-10 16:51 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 18:31 - 2013-04-10 19:57 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 16:11 - 2013-02-14 03:52 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2013-02-08 04:37 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


Some content of TEMP:
====================
C:\Documents and Settings\Larry\Local Settings\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-04-2014 01
Ran by Larry at 2014-04-27 12:16:32
Running from C:\Documents and Settings\Larry\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.204 - AVG) Hidden
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IncrediMail (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Quicken 2009 (HKLM\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.7.8 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5645 - Realtek Semiconductor Corp.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

22-02-2014 20:19:14 Installed QuickTime
23-02-2014 21:03:44 System Checkpoint
24-02-2014 22:26:47 System Checkpoint
25-02-2014 23:03:44 System Checkpoint
26-02-2014 23:22:32 System Checkpoint
28-02-2014 01:30:34 System Checkpoint
01-03-2014 02:22:32 System Checkpoint
02-03-2014 02:23:47 System Checkpoint
03-03-2014 03:23:46 System Checkpoint
04-03-2014 04:23:47 System Checkpoint
05-03-2014 05:44:15 System Checkpoint
06-03-2014 05:59:49 System Checkpoint
07-03-2014 06:23:47 System Checkpoint
08-03-2014 06:47:51 System Checkpoint
09-03-2014 07:23:32 System Checkpoint
10-03-2014 08:23:33 System Checkpoint
11-03-2014 09:23:33 System Checkpoint
12-03-2014 07:00:14 Software Distribution Service 3.0
13-03-2014 07:21:14 System Checkpoint
14-03-2014 08:21:14 System Checkpoint
15-03-2014 09:21:14 System Checkpoint
16-03-2014 10:21:13 System Checkpoint
17-03-2014 11:21:13 System Checkpoint
18-03-2014 11:33:15 System Checkpoint
19-03-2014 07:00:13 Software Distribution Service 3.0
20-03-2014 07:21:13 System Checkpoint
21-03-2014 08:45:15 System Checkpoint
22-03-2014 09:21:13 System Checkpoint
23-03-2014 10:20:54 System Checkpoint
24-03-2014 10:44:56 System Checkpoint
25-03-2014 11:20:54 System Checkpoint
26-03-2014 11:22:00 System Checkpoint
26-03-2014 23:33:22 Software Distribution Service 3.0
28-03-2014 00:44:18 System Checkpoint
29-03-2014 01:32:55 System Checkpoint
30-03-2014 02:32:47 System Checkpoint
31-03-2014 03:20:43 System Checkpoint
01-04-2014 04:20:43 System Checkpoint
02-04-2014 04:37:15 System Checkpoint
03-04-2014 05:20:44 System Checkpoint
04-04-2014 06:32:45 System Checkpoint
05-04-2014 07:20:44 System Checkpoint
06-04-2014 08:20:35 System Checkpoint
07-04-2014 08:44:36 System Checkpoint
08-04-2014 09:20:35 System Checkpoint
09-04-2014 10:20:35 System Checkpoint
09-04-2014 22:31:26 Software Distribution Service 3.0
11-04-2014 00:21:41 System Checkpoint
12-04-2014 01:06:05 System Checkpoint
13-04-2014 01:42:09 System Checkpoint
13-04-2014 18:06:06 Installed The Weather Channel App.
14-04-2014 18:58:11 System Checkpoint
15-04-2014 20:42:46 System Checkpoint
16-04-2014 21:10:06 System Checkpoint
18-04-2014 00:32:30 System Checkpoint
19-04-2014 01:22:06 System Checkpoint
20-04-2014 01:58:06 System Checkpoint
21-04-2014 02:58:06 System Checkpoint
22-04-2014 03:22:06 System Checkpoint
23-04-2014 03:58:06 System Checkpoint
24-04-2014 04:58:01 System Checkpoint
24-04-2014 20:40:46 Removed Apple Application Support
25-04-2014 14:19:44 Removed IncrediMail.
25-04-2014 14:43:56 Installed HiJackThis
25-04-2014 19:54:57 Removed Photo Notifier and Animation Creator.
26-04-2014 20:29:04 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Larry\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Larry\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-09-28 21:14 - 2013-09-28 21:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 04:04 - 2013-12-06 04:04 - 00465920 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-12-05 07:36 - 2013-12-05 07:36 - 01547776 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 07:37 - 2013-12-05 07:37 - 00631808 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-06 01:55 - 2013-12-06 01:55 - 04956160 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 05:05 - 2013-11-13 05:05 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 22:09 - 2013-11-10 22:09 - 01174528 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 07:31 - 2013-12-05 07:31 - 08558592 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 07:34 - 2013-12-05 07:34 - 01270272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-12-06 03:57 - 2013-12-06 03:57 - 00199680 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00884736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 22:21 - 2013-11-10 22:21 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00078848 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00140288 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 04:56 - 2013-11-14 04:56 - 00267756 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 22:24 - 2013-11-10 22:24 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 22:23 - 2013-11-10 22:23 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
2013-11-14 09:12 - 2013-11-14 09:12 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2014-04-25 10:27 - 2014-04-25 10:27 - 00033128 _____ () C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
2014-04-25 10:27 - 2014-04-25 10:27 - 00072104 _____ () C:\Program Files\IncrediMail\Bin\wlessfp1.dll
2014-04-25 10:27 - 2014-04-25 10:27 - 00272808 _____ () C:\Program Files\IncrediMail\Bin\ImLookExU.dll
2013-10-01 15:02 - 2013-10-01 15:02 - 00108888 _____ () C:\Program Files\IncrediMail\Bin\pmc.dll
2014-04-25 10:27 - 2014-04-25 10:27 - 00133544 _____ () C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
2014-03-29 10:19 - 2014-03-29 10:19 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-13 09:57 - 2014-04-13 09:57 - 16351920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\WINDOWS\pss\CodecPackUpdateChecker.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VX6000 => C:\WINDOWS\vVX6000.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Ralink Technology, Corp.
Service: RT80x86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/25/2014 11:15:41 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.3.9.5260, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang) (User: )
Description: Fault bucket -323296619.

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang) (User: )
Description: Hanging application IminentUninstall.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 10:57:17 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/21/2014 03:41:28 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/15/2014 08:36:48 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (03/21/2014 06:48:40 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/21 18:48:40.783]: [00000236]: CUsbScnDev: DeviceIoControl Illegal response

Error: (03/20/2014 03:27:01 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/20 15:27:01.533]: [00000236]: CUsbScnDev: DeviceIoControl Illegal response


System errors:
=============
Error: (04/27/2014 11:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 11:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 10:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 10:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/27/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================
Error: (04/25/2014 11:15:41 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang)(User: )
Description: IncMail.exe6.3.9.5260hungapp0.0.0.000000000

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang)(User: )
Description: -323296619

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang)(User: )
Description: IminentUninstall.exe0.0.0.0hungapp0.0.0.000000000

Error: (04/24/2014 10:57:17 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/21/2014 03:41:28 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/15/2014 08:36:48 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (03/21/2014 06:48:40 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/21 18:48:40.783]: [00000236]: CUsbScnDev: DeviceIoControl Illegal response

Error: (03/20/2014 03:27:01 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/03/20 15:27:01.533]: [00000236]: CUsbScnDev: DeviceIoControl Illegal response


==================== Memory info ===========================

Percentage of memory in use: 77%
Total physical RAM: 2039.23 MB
Available physical RAM: 458.54 MB
Total Pagefile: 3931.73 MB
Available Pagefile: 2729.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:54.21 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 5A1A6926)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 



Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

 
STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


 
STEP 02
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 
Thanks
 

Link to post
Share on other sites

Ok here are the scan logs you requsted. I did reu my copy of Malwarebytes.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.25.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Larry :: LARRY-C87793EAA [administrator]

4/26/2014 10:57:38 AM
mbam-log-2014-04-26 (10-57-38).txt

Scan type: Custom scan (C:\Program Files\IncrediMail\Bin\ImApp.exe|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

and here is the rouge kill log

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Larry [Admin rights]
Mode : Scan -- Date : 04/28/2014 16:36:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[iFEO] HKLM\[...]\DatamngrCoordinator.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] At1.job : C:\DOCUME~1\Larry\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V1][sUSP PATH] At2.job : C:\DOCUME~1\Larry\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : Normaliz.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x09C51000)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721680PLA380 +++++
--- User ---
[MBR] f9c98be69357d188ac925877e13d6057
[bSP] 8e4182460fd89bea3500d41e8646bf2e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04282014_163644.txt >>




I'm hoping I did this alright. Thank you your help so far!!   Larry

Link to post
Share on other sites

Ok here are the scan logs you requsted. I did run my copy of Malwarebytes.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.28.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Larry :: LARRY-C87793EAA [administrator]

4/28/2014 4:56:48 PM
MBAM-log-2014-04-28 (18-29-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219022
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Larry\Local Settings\Temp\n8934\s8934.exe (PUP.Optional.BundleInstaller.A) -> No action taken.

(end)
 

 

 

and here is the rouge killer log

 

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Larry [Admin rights]
Mode : Scan -- Date : 04/28/2014 16:36:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[iFEO] HKLM\[...]\DatamngrCoordinator.exe : Debugger (tasklist.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][sUSP PATH] At1.job : C:\DOCUME~1\Larry\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND
[V1][sUSP PATH] At2.job : C:\DOCUME~1\Larry\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] EAT @firefox.exe (FREEBL_GetVector) : Normaliz.dll -> HOOKED (C:\Program Files\Mozilla Firefox\freebl3.dll @ 0x09C51000)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721680PLA380 +++++
--- User ---
[MBR] f9c98be69357d188ac925877e13d6057
[bSP] 8e4182460fd89bea3500d41e8646bf2e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_04282014_163644.txt >>




I'm hoping I did this alright. Thank you your help so far!!   Larry

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Here are the scan logs from Malwarebytes root kit, and from Junkware (steps 3 + 4) I will run the rest of the steps tomarrow. Time for bed. Thanks Larry

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.04.28.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: LARRY-C87793EAA [administrator]

4/28/2014 9:28:11 PM
mbar-log-2014-04-28 (21-28-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 222992
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 2138292224, free: 862867456

Downloaded database version: v2014.04.28.10
Downloaded database version: v2014.03.27.01
Initializing...
=======================================
------------ Kernel report ------------
     04/28/2014 21:27:58
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\drivers\windrvr6.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\VX6000Xp.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\VX6KCamd.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\npf.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\b57xp32.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89da8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff89dc3940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89da8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89dc0e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89da8ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89d9c338, DeviceName: \Device\00000061\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff89dc3940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5A1A6926

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 156296322
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Done!
Read File:  File "c:\documents and settings\all users\application data\avg2014\chjw\e83cafda3cafa254.dat:4b7eab77-6d2d-4918-8a40-d334ccc5ab22" is sparse (flags = 32768)
Read File: File "C:\WINDOWS\system32\config\software" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Larry\IETldCache\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Cookies\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Larry\Local Settings\Application Data\Avg2014\log\avgui.log.1" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgrs.log.1" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgcore.log.1" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgcore.log.2" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgns.log.4" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2014\log\avgcfg.log.1" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Larry on Mon 04/28/2014 at 21:45:32.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F8201632-B971-4755-8628-ADF328A16F4A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{427AC903-0857-9FFC-3DE3-3C0A2F11EA0F}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\Larry\Application Data\digitalsite"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\ujj76t1u.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\ujj76t1u.default\extensions\staged
Successfully deleted the following from C:\Documents and Settings\Larry\Application Data\mozilla\firefox\profiles\ujj76t1u.default\prefs.js

user_pref("extensions.mysearchdial.aflt", "irmsd103");
user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0ByBzzyE0F0ByB0C0B0AtByDyEtN0D0Tzu0CyCyBtDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
user_pref("extensions.mysearchdial.cr", "1573783789");
user_pref("extensions.mysearchdial.dfltLng", "");
user_pref("extensions.mysearchdial.dfltSrch", true);
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial.excTlbr", false);
user_pref("extensions.mysearchdial.hmpg", true);

user_pref("extensions.mysearchdial.id", "001B784FB7CBA254");
user_pref("extensions.mysearchdial.instlDay", "16010");
user_pref("extensions.mysearchdial.instlRef", "");

user_pref("extensions.mysearchdial.prdct", "mysearchdial");
user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.tlbrId", "base");

user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
user_pref("extensions.mysearchdial_i.hmpg", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial_i.smplGrp", "none");
user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.011:49:6");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/28/2014 at 21:57:51.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Below are the scans from steps 5, 6, 7, and 8

 

# AdwCleaner v3.205 - Report created 28/04/2014 at 22:32:21
# Updated 28/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-C87793EAA
# Running from : C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DigitalSite
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\Software\LevelQualityWatcher
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Found : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Larry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1578 octets] - [28/04/2014 22:32:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1638 octets] ##########
 

# AdwCleaner v3.205 - Report created 28/04/2014 at 22:37:04
# Updated 28/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Larry - LARRY-C87793EAA
# Running from : C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\LevelQualityWatcher
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DigitalSite

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Larry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1718 octets] - [28/04/2014 22:32:21]
AdwCleaner[s0].txt - [1663 octets] - [28/04/2014 22:37:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1723 octets] ##########
 

MBAM scan log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Larry :: LARRY-C87793EAA [administrator]

4/29/2014 10:30:47 AM
mbam-log-2014-04-29 (10-30-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219154
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Larry\Local Settings\Temp\n8934\s8934.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.

(end)

 

 

ESET scan log

 

C:\RECYCLER\S-1-5-21-1085031214-527237240-725345543-1003\Dc6.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\RECYCLER\S-1-5-21-1085031214-527237240-725345543-1003\Dc7.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\RECYCLER\S-1-5-21-1085031214-527237240-725345543-1003\Dc8.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

FARBAR scan log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2014
Ran by Larry (administrator) on LARRY-C87793EAA on 29-04-2014 11:35:37
Running from C:\Documents and Settings\Larry\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [TWC.Win7] => C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365535525906
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HP Detect - C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2014-01-03] (CACE Technologies, Inc.)
U0 rqkoxdr; C:\WINDOWS\System32\drivers\iquonp.sys [54016 2014-04-29] ()
S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [2699488 2012-08-24] (Ralink Technology, Corp.)
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [332928 2008-06-26] (Realtek Semiconductor Corporation                           )
R3 VX6000; C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys [2074480 2010-01-29] (Microsoft Corporation
)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [195424 2013-04-15] (Jungo)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 11:35 - 2014-04-29 11:35 - 01049600 _____ (Farbar) C:\Documents and Settings\Larry\Desktop\FRST.exe
2014-04-29 11:35 - 2014-04-29 11:35 - 00008583 _____ () C:\Documents and Settings\Larry\Desktop\FRST.txt
2014-04-29 11:30 - 2014-04-29 11:30 - 00000384 _____ () C:\Documents and Settings\Larry\Desktop\Eset.txt
2014-04-29 10:51 - 2014-04-29 10:51 - 00000000 ____D () C:\Program Files\ESET
2014-04-29 10:40 - 2014-04-29 10:40 - 00054016 _____ () C:\WINDOWS\system32\Drivers\iquonp.sys
2014-04-28 22:40 - 2014-04-28 22:40 - 00001803 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[s0].txt
2014-04-28 22:36 - 2014-04-28 22:36 - 00001718 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[R0].txt
2014-04-28 22:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-04-28 22:31 - 2014-04-28 22:37 - 00000000 ____D () C:\AdwCleaner
2014-04-28 22:30 - 2014-04-28 22:30 - 01310621 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
2014-04-28 21:57 - 2014-04-28 21:57 - 00004958 _____ () C:\Documents and Settings\Larry\Desktop\JRT.txt
2014-04-28 21:43 - 2014-04-28 21:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Larry\Desktop\JRT.exe
2014-04-28 21:27 - 2014-04-28 21:39 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\mbar
2014-04-28 21:27 - 2014-04-28 21:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-28 21:27 - 2014-04-28 21:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 21:26 - 2014-04-28 21:26 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Larry\Desktop\mbar-1.07.0.1009.exe
2014-04-28 18:30 - 2014-04-29 09:30 - 00007084 _____ () C:\WINDOWS\setupapi.log
2014-04-28 16:36 - 2014-04-28 16:36 - 00001824 _____ () C:\Documents and Settings\Larry\Desktop\RKreport[0]_S_04282014_163644.txt
2014-04-28 16:33 - 2014-04-28 16:37 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\RK_Quarantine
2014-04-28 16:32 - 2014-04-28 16:32 - 03972608 _____ () C:\Documents and Settings\Larry\Desktop\RogueKiller.exe
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-28 16:20 - 2014-04-28 21:45 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 16:20 - 2014-04-28 16:20 - 00000579 _____ () C:\Documents and Settings\Larry\Desktop\NTREGOPT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000560 _____ () C:\Documents and Settings\Larry\Desktop\ERUNT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-04-28 16:17 - 2014-04-28 16:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Larry\Desktop\erunt-setup.exe
2014-04-28 16:12 - 2014-04-28 16:15 - 00003022 _____ () C:\Documents and Settings\Larry\Desktop\Rkill.txt
2014-04-28 16:10 - 2014-04-28 16:10 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Larry\Desktop\rkill.exe
2014-04-27 12:15 - 2014-04-29 11:35 - 00000000 ____D () C:\FRST
2014-04-25 10:43 - 2014-04-26 10:59 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-24 16:27 - 2014-04-25 10:13 - 00005092 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-09 18:50 - 2014-04-29 09:33 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-09 18:50 - 2014-04-13 09:54 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 08:23 - 2014-04-29 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

2014-04-29 11:35 - 2014-04-29 11:35 - 01049600 _____ (Farbar) C:\Documents and Settings\Larry\Desktop\FRST.exe
2014-04-29 11:35 - 2014-04-29 11:35 - 00008583 _____ () C:\Documents and Settings\Larry\Desktop\FRST.txt
2014-04-29 11:35 - 2014-04-27 12:15 - 00000000 ____D () C:\FRST
2014-04-29 11:30 - 2014-04-29 11:30 - 00000384 _____ () C:\Documents and Settings\Larry\Desktop\Eset.txt
2014-04-29 10:51 - 2014-04-29 10:51 - 00000000 ____D () C:\Program Files\ESET
2014-04-29 10:49 - 2013-11-01 11:49 - 00000414 _____ () C:\WINDOWS\Tasks\At2.job
2014-04-29 10:49 - 2013-11-01 11:49 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
2014-04-29 10:49 - 2013-04-09 16:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-29 10:47 - 2013-04-26 19:27 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job
2014-04-29 10:40 - 2014-04-29 10:40 - 00054016 _____ () C:\WINDOWS\system32\Drivers\iquonp.sys
2014-04-29 10:40 - 2013-04-10 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-04-29 09:38 - 2013-04-04 10:21 - 00590352 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-29 09:35 - 2013-04-04 16:06 - 01715236 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-29 09:34 - 2013-04-17 10:16 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\Unused Desktop Shortcuts
2014-04-29 09:34 - 2013-04-12 09:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-29 09:34 - 2013-04-12 09:35 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-29 09:34 - 2004-08-04 06:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-29 09:33 - 2014-04-09 18:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-29 09:33 - 2013-04-16 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-29 09:33 - 2013-04-04 16:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-29 09:32 - 2013-04-17 09:53 - 03137227 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-527237240-725345543-1003-0.dat
2014-04-29 09:32 - 2013-04-17 09:53 - 00146378 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-29 09:32 - 2013-04-04 16:12 - 00000178 ___SH () C:\Documents and Settings\Larry\ntuser.ini
2014-04-29 09:32 - 2013-04-04 16:11 - 00032516 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-29 09:30 - 2014-04-28 18:30 - 00007084 _____ () C:\WINDOWS\setupapi.log
2014-04-29 09:30 - 2014-03-31 08:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-04-29 02:49 - 2013-04-09 16:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-29 02:49 - 2013-04-09 16:28 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-28 22:40 - 2014-04-28 22:40 - 00001803 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[s0].txt
2014-04-28 22:40 - 2013-09-20 10:05 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\NETGEARGenie
2014-04-28 22:37 - 2014-04-28 22:31 - 00000000 ____D () C:\AdwCleaner
2014-04-28 22:36 - 2014-04-28 22:36 - 00001718 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[R0].txt
2014-04-28 22:30 - 2014-04-28 22:30 - 01310621 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
2014-04-28 21:57 - 2014-04-28 21:57 - 00004958 _____ () C:\Documents and Settings\Larry\Desktop\JRT.txt
2014-04-28 21:45 - 2014-04-28 16:20 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 21:43 - 2014-04-28 21:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Larry\Desktop\JRT.exe
2014-04-28 21:39 - 2014-04-28 21:27 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\mbar
2014-04-28 21:39 - 2014-04-28 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-28 21:27 - 2014-04-28 21:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 21:26 - 2014-04-28 21:26 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Larry\Desktop\mbar-1.07.0.1009.exe
2014-04-28 16:37 - 2014-04-28 16:33 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\RK_Quarantine
2014-04-28 16:36 - 2014-04-28 16:36 - 00001824 _____ () C:\Documents and Settings\Larry\Desktop\RKreport[0]_S_04282014_163644.txt
2014-04-28 16:32 - 2014-04-28 16:32 - 03972608 _____ () C:\Documents and Settings\Larry\Desktop\RogueKiller.exe
2014-04-28 16:21 - 2014-04-28 16:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-28 16:20 - 2014-04-28 16:20 - 00000579 _____ () C:\Documents and Settings\Larry\Desktop\NTREGOPT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000560 _____ () C:\Documents and Settings\Larry\Desktop\ERUNT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-04-28 16:17 - 2014-04-28 16:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Larry\Desktop\erunt-setup.exe
2014-04-28 16:15 - 2014-04-28 16:12 - 00003022 _____ () C:\Documents and Settings\Larry\Desktop\Rkill.txt
2014-04-28 16:10 - 2014-04-28 16:10 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Larry\Desktop\rkill.exe
2014-04-26 10:59 - 2014-04-25 10:43 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 15:54 - 2014-04-25 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:28 - 2013-04-04 16:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-25 10:17 - 2013-04-04 16:12 - 00000000 ____D () C:\Documents and Settings\Larry
2014-04-25 10:13 - 2014-04-24 16:27 - 00005092 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-25 10:08 - 2013-04-10 20:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-04-25 10:04 - 2014-02-22 16:18 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-24 16:39 - 2014-03-29 10:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-24 16:27 - 2013-09-20 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-04-18 15:02 - 2013-02-26 23:40 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-04-13 14:12 - 2014-03-18 16:12 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-04-13 14:12 - 2014-03-18 16:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-13 14:05 - 2013-09-04 14:29 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Downloaded Installations
2014-04-13 09:57 - 2013-04-11 17:04 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Adobe
2014-04-13 09:54 - 2014-04-09 18:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-10 18:29 - 2013-04-04 11:33 - 00012638 _____ () C:\Documents and Settings\Larry\My Documents\Current meds Larry.odt
2014-04-09 18:49 - 2013-05-17 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 18:35 - 2013-08-15 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 18:32 - 2013-04-10 16:51 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 18:31 - 2013-04-10 19:57 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 16:11 - 2013-02-14 03:52 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2013-02-08 04:37 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job


Some content of TEMP:
====================
C:\Documents and Settings\Larry\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Larry\Local Settings\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-04-2014
Ran by Larry at 2014-04-29 11:37:46
Running from C:\Documents and Settings\Larry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.204 - AVG) Hidden
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IncrediMail (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Quicken 2009 (HKLM\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.7.8 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5645 - Realtek Semiconductor Corp.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

07-03-2014 06:23:47 System Checkpoint
08-03-2014 06:47:51 System Checkpoint
09-03-2014 07:23:32 System Checkpoint
10-03-2014 08:23:33 System Checkpoint
11-03-2014 09:23:33 System Checkpoint
12-03-2014 07:00:14 Software Distribution Service 3.0
13-03-2014 07:21:14 System Checkpoint
14-03-2014 08:21:14 System Checkpoint
15-03-2014 09:21:14 System Checkpoint
16-03-2014 10:21:13 System Checkpoint
17-03-2014 11:21:13 System Checkpoint
18-03-2014 11:33:15 System Checkpoint
19-03-2014 07:00:13 Software Distribution Service 3.0
20-03-2014 07:21:13 System Checkpoint
21-03-2014 08:45:15 System Checkpoint
22-03-2014 09:21:13 System Checkpoint
23-03-2014 10:20:54 System Checkpoint
24-03-2014 10:44:56 System Checkpoint
25-03-2014 11:20:54 System Checkpoint
26-03-2014 11:22:00 System Checkpoint
26-03-2014 23:33:22 Software Distribution Service 3.0
28-03-2014 00:44:18 System Checkpoint
29-03-2014 01:32:55 System Checkpoint
30-03-2014 02:32:47 System Checkpoint
31-03-2014 03:20:43 System Checkpoint
01-04-2014 04:20:43 System Checkpoint
02-04-2014 04:37:15 System Checkpoint
03-04-2014 05:20:44 System Checkpoint
04-04-2014 06:32:45 System Checkpoint
05-04-2014 07:20:44 System Checkpoint
06-04-2014 08:20:35 System Checkpoint
07-04-2014 08:44:36 System Checkpoint
08-04-2014 09:20:35 System Checkpoint
09-04-2014 10:20:35 System Checkpoint
09-04-2014 22:31:26 Software Distribution Service 3.0
11-04-2014 00:21:41 System Checkpoint
12-04-2014 01:06:05 System Checkpoint
13-04-2014 01:42:09 System Checkpoint
13-04-2014 18:06:06 Installed The Weather Channel App.
14-04-2014 18:58:11 System Checkpoint
15-04-2014 20:42:46 System Checkpoint
16-04-2014 21:10:06 System Checkpoint
18-04-2014 00:32:30 System Checkpoint
19-04-2014 01:22:06 System Checkpoint
20-04-2014 01:58:06 System Checkpoint
21-04-2014 02:58:06 System Checkpoint
22-04-2014 03:22:06 System Checkpoint
23-04-2014 03:58:06 System Checkpoint
24-04-2014 04:58:01 System Checkpoint
24-04-2014 20:40:46 Removed Apple Application Support
25-04-2014 14:19:44 Removed IncrediMail.
25-04-2014 14:43:56 Installed HiJackThis
25-04-2014 19:54:57 Removed Photo Notifier and Animation Creator.
26-04-2014 20:29:04 System Checkpoint
27-04-2014 21:54:32 System Checkpoint
28-04-2014 23:57:02 System Checkpoint
29-04-2014 13:29:34 Installed AVG 2014
29-04-2014 13:31:23 Removed AVG 2014

==================== Hosts content: ==========================

2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Larry\APPLIC~1\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Larry\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-09-28 21:14 - 2013-09-28 21:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 04:04 - 2013-12-06 04:04 - 00465920 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-12-05 07:36 - 2013-12-05 07:36 - 01547776 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 07:37 - 2013-12-05 07:37 - 00631808 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-06 01:55 - 2013-12-06 01:55 - 04956160 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 05:05 - 2013-11-13 05:05 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 22:09 - 2013-11-10 22:09 - 01174528 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 07:31 - 2013-12-05 07:31 - 08558592 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 07:34 - 2013-12-05 07:34 - 01270272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-12-06 03:57 - 2013-12-06 03:57 - 00199680 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00884736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 22:21 - 2013-11-10 22:21 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00078848 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00140288 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-14 04:56 - 2013-11-14 04:56 - 00267756 _____ () C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 22:24 - 2013-11-10 22:24 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 22:23 - 2013-11-10 22:23 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
2013-11-14 09:12 - 2013-11-14 09:12 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2014-03-29 10:19 - 2014-03-29 10:19 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-29 02:49 - 2014-04-29 02:49 - 16351920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\WINDOWS\pss\CodecPackUpdateChecker.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VX6000 => C:\WINDOWS\vVX6000.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Ralink Technology, Corp.
Service: RT80x86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 10:42:48 PM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.6.0.5288, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/27/2014 10:15:42 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 11:15:41 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.3.9.5260, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang) (User: )
Description: Fault bucket -323296619.

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang) (User: )
Description: Hanging application IminentUninstall.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 10:57:17 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/21/2014 03:41:28 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/15/2014 08:36:48 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key


System errors:
=============
Error: (04/29/2014 10:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 10:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 06:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/29/2014 06:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================
Error: (04/28/2014 10:42:48 PM) (Source: Application Hang)(User: )
Description: IncMail.exe6.6.0.5288hungapp0.0.0.000000000

Error: (04/27/2014 10:15:42 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 11:15:41 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang)(User: )
Description: IncMail.exe6.3.9.5260hungapp0.0.0.000000000

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang)(User: )
Description: -323296619

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang)(User: )
Description: IminentUninstall.exe0.0.0.0hungapp0.0.0.000000000

Error: (04/24/2014 10:57:17 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/21/2014 03:41:28 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/15/2014 08:36:48 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 2039.23 MB
Available physical RAM: 1076.36 MB
Total Pagefile: 3931.73 MB
Available Pagefile: 3104.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:54.32 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 5A1A6926)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

hope you find the problems   Larry
 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Larry (administrator) on LARRY-C87793EAA on 30-04-2014 22:34:30
Running from C:\Documents and Settings\Larry\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-1085031214-527237240-725345543-1003\...\Run: [TWC.Win7] => C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1365535525906
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: HP Detect - C:\Documents and Settings\Larry\Application Data\Mozilla\Firefox\Profiles\ujj76t1u.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [2699488 2012-08-24] (Ralink Technology, Corp.)
S3 RTLWUSB; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [332928 2008-06-26] (Realtek Semiconductor Corporation                           )
R3 VX6000; C:\WINDOWS\System32\DRIVERS\VX6000Xp.sys [2074480 2010-01-29] (Microsoft Corporation
)
R3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr6.sys [195424 2013-04-15] (Jungo)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\Larry\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-30 22:34 - 2014-04-30 22:34 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\FRST-OlderVersion
2014-04-30 10:25 - 2014-04-30 10:25 - 00014685 _____ () C:\ComboFix.txt
2014-04-30 10:25 - 2014-04-30 10:25 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
2014-04-30 10:20 - 2014-04-30 10:20 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-04-30 10:12 - 2014-04-30 10:12 - 00000000 _RSHD () C:\cmdcons
2014-04-30 10:12 - 2013-04-04 16:03 - 00000211 _____ () C:\Boot.bak
2014-04-30 10:12 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-30 10:11 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-30 10:11 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-30 10:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-30 10:11 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-30 10:10 - 2014-04-30 10:25 - 00000000 ____D () C:\Qoobox
2014-04-30 10:08 - 2014-04-30 10:08 - 05197895 ____R (Swearware) C:\Documents and Settings\Larry\Desktop\ComboFix.exe
2014-04-29 11:37 - 2014-04-29 11:37 - 00023317 _____ () C:\Documents and Settings\Larry\Desktop\Addition.txt
2014-04-29 11:35 - 2014-04-30 22:34 - 01050624 _____ (Farbar) C:\Documents and Settings\Larry\Desktop\FRST.exe
2014-04-29 11:35 - 2014-04-30 22:34 - 00008230 _____ () C:\Documents and Settings\Larry\Desktop\FRST.txt
2014-04-29 11:30 - 2014-04-29 11:30 - 00000384 _____ () C:\Documents and Settings\Larry\Desktop\Eset.txt
2014-04-29 10:51 - 2014-04-29 10:51 - 00000000 ____D () C:\Program Files\ESET
2014-04-28 22:40 - 2014-04-28 22:40 - 00001803 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[s0].txt
2014-04-28 22:36 - 2014-04-28 22:36 - 00001718 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[R0].txt
2014-04-28 22:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-04-28 22:31 - 2014-04-28 22:37 - 00000000 ____D () C:\AdwCleaner
2014-04-28 22:30 - 2014-04-28 22:30 - 01310621 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
2014-04-28 21:57 - 2014-04-28 21:57 - 00004958 _____ () C:\Documents and Settings\Larry\Desktop\JRT.txt
2014-04-28 21:43 - 2014-04-28 21:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Larry\Desktop\JRT.exe
2014-04-28 21:27 - 2014-04-28 21:39 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\mbar
2014-04-28 21:27 - 2014-04-28 21:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-28 21:27 - 2014-04-28 21:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 21:26 - 2014-04-28 21:26 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Larry\Desktop\mbar-1.07.0.1009.exe
2014-04-28 18:30 - 2014-04-29 09:30 - 00007084 _____ () C:\WINDOWS\setupapi.log
2014-04-28 16:36 - 2014-04-28 16:36 - 00001824 _____ () C:\Documents and Settings\Larry\Desktop\RKreport[0]_S_04282014_163644.txt
2014-04-28 16:33 - 2014-04-28 16:37 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\RK_Quarantine
2014-04-28 16:32 - 2014-04-28 16:32 - 03972608 _____ () C:\Documents and Settings\Larry\Desktop\RogueKiller.exe
2014-04-28 16:21 - 2014-04-30 10:24 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-28 16:20 - 2014-04-28 21:45 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 16:20 - 2014-04-28 16:20 - 00000579 _____ () C:\Documents and Settings\Larry\Desktop\NTREGOPT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000560 _____ () C:\Documents and Settings\Larry\Desktop\ERUNT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-04-28 16:17 - 2014-04-28 16:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Larry\Desktop\erunt-setup.exe
2014-04-28 16:12 - 2014-04-28 16:15 - 00003022 _____ () C:\Documents and Settings\Larry\Desktop\Rkill.txt
2014-04-28 16:10 - 2014-04-28 16:10 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Larry\Desktop\rkill.exe
2014-04-27 12:15 - 2014-04-30 22:34 - 00000000 ____D () C:\FRST
2014-04-25 10:43 - 2014-04-26 10:59 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-24 16:27 - 2014-04-30 10:20 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-09 18:50 - 2014-04-30 10:21 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-09 18:50 - 2014-04-13 09:54 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 08:23 - 2014-04-29 09:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

2014-04-30 22:34 - 2014-04-30 22:34 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\FRST-OlderVersion
2014-04-30 22:34 - 2014-04-29 11:35 - 01050624 _____ (Farbar) C:\Documents and Settings\Larry\Desktop\FRST.exe
2014-04-30 22:34 - 2014-04-29 11:35 - 00008230 _____ () C:\Documents and Settings\Larry\Desktop\FRST.txt
2014-04-30 22:34 - 2014-04-27 12:15 - 00000000 ____D () C:\FRST
2014-04-30 22:22 - 2013-04-26 19:27 - 00000422 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job
2014-04-30 22:18 - 2013-05-12 16:02 - 00000000 ____D () C:\Documents and Settings\Larry\Application Data\Skype
2014-04-30 21:56 - 2013-04-04 16:06 - 01733450 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-30 21:49 - 2013-04-09 16:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-30 18:52 - 2013-04-04 16:11 - 00032592 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-30 18:32 - 2013-04-16 09:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-30 10:25 - 2014-04-30 10:25 - 00014685 _____ () C:\ComboFix.txt
2014-04-30 10:25 - 2014-04-30 10:25 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
2014-04-30 10:25 - 2014-04-30 10:10 - 00000000 ____D () C:\Qoobox
2014-04-30 10:25 - 2013-04-04 16:11 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-30 10:25 - 2013-04-04 10:21 - 00590352 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-30 10:24 - 2014-04-28 16:21 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-04-30 10:21 - 2014-04-09 18:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-30 10:21 - 2013-04-12 09:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-30 10:21 - 2013-04-12 09:35 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-30 10:21 - 2013-04-04 16:11 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-30 10:21 - 2004-08-04 06:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-30 10:21 - 2004-08-04 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-30 10:20 - 2014-04-30 10:20 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-04-30 10:20 - 2014-04-30 10:20 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-04-30 10:20 - 2014-04-24 16:27 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-30 10:20 - 2013-04-17 09:53 - 03137227 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1085031214-527237240-725345543-1003-0.dat
2014-04-30 10:20 - 2013-04-17 09:53 - 00146378 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-30 10:20 - 2013-04-10 19:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2014-04-30 10:20 - 2013-04-04 16:12 - 00000178 ___SH () C:\Documents and Settings\Larry\ntuser.ini
2014-04-30 10:20 - 2013-04-04 10:19 - 22806528 _____ () C:\WINDOWS\system32\config\software.bak
2014-04-30 10:20 - 2013-04-04 10:19 - 05767168 _____ () C:\WINDOWS\system32\config\system.bak
2014-04-30 10:20 - 2013-04-04 10:19 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-04-30 10:20 - 2013-04-04 10:19 - 00053248 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-04-30 10:20 - 2013-04-04 10:19 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-04-30 10:12 - 2014-04-30 10:12 - 00000000 _RSHD () C:\cmdcons
2014-04-30 10:12 - 2013-04-04 10:19 - 00000327 __RSH () C:\boot.ini
2014-04-30 10:08 - 2014-04-30 10:08 - 05197895 ____R (Swearware) C:\Documents and Settings\Larry\Desktop\ComboFix.exe
2014-04-29 11:37 - 2014-04-29 11:37 - 00023317 _____ () C:\Documents and Settings\Larry\Desktop\Addition.txt
2014-04-29 11:30 - 2014-04-29 11:30 - 00000384 _____ () C:\Documents and Settings\Larry\Desktop\Eset.txt
2014-04-29 10:51 - 2014-04-29 10:51 - 00000000 ____D () C:\Program Files\ESET
2014-04-29 09:34 - 2013-04-17 10:16 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\Unused Desktop Shortcuts
2014-04-29 09:30 - 2014-04-28 18:30 - 00007084 _____ () C:\WINDOWS\setupapi.log
2014-04-29 09:30 - 2014-03-31 08:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-04-29 02:49 - 2013-04-09 16:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-29 02:49 - 2013-04-09 16:28 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-28 22:40 - 2014-04-28 22:40 - 00001803 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[s0].txt
2014-04-28 22:40 - 2013-09-20 10:05 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\NETGEARGenie
2014-04-28 22:37 - 2014-04-28 22:31 - 00000000 ____D () C:\AdwCleaner
2014-04-28 22:36 - 2014-04-28 22:36 - 00001718 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner[R0].txt
2014-04-28 22:30 - 2014-04-28 22:30 - 01310621 _____ () C:\Documents and Settings\Larry\Desktop\AdwCleaner(1).exe
2014-04-28 21:57 - 2014-04-28 21:57 - 00004958 _____ () C:\Documents and Settings\Larry\Desktop\JRT.txt
2014-04-28 21:45 - 2014-04-28 16:20 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-28 21:43 - 2014-04-28 21:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Larry\Desktop\JRT.exe
2014-04-28 21:39 - 2014-04-28 21:27 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\mbar
2014-04-28 21:39 - 2014-04-28 21:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-28 21:27 - 2014-04-28 21:27 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-28 21:26 - 2014-04-28 21:26 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Larry\Desktop\mbar-1.07.0.1009.exe
2014-04-28 16:37 - 2014-04-28 16:33 - 00000000 ____D () C:\Documents and Settings\Larry\Desktop\RK_Quarantine
2014-04-28 16:36 - 2014-04-28 16:36 - 00001824 _____ () C:\Documents and Settings\Larry\Desktop\RKreport[0]_S_04282014_163644.txt
2014-04-28 16:32 - 2014-04-28 16:32 - 03972608 _____ () C:\Documents and Settings\Larry\Desktop\RogueKiller.exe
2014-04-28 16:20 - 2014-04-28 16:20 - 00000579 _____ () C:\Documents and Settings\Larry\Desktop\NTREGOPT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000560 _____ () C:\Documents and Settings\Larry\Desktop\ERUNT.lnk
2014-04-28 16:20 - 2014-04-28 16:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-04-28 16:17 - 2014-04-28 16:17 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Larry\Desktop\erunt-setup.exe
2014-04-28 16:15 - 2014-04-28 16:12 - 00003022 _____ () C:\Documents and Settings\Larry\Desktop\Rkill.txt
2014-04-28 16:10 - 2014-04-28 16:10 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Larry\Desktop\rkill.exe
2014-04-26 10:59 - 2014-04-25 10:43 - 00002447 _____ () C:\Documents and Settings\Larry\Desktop\HiJackThis.lnk
2014-04-25 15:54 - 2014-04-25 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Program Files\Trend Micro
2014-04-25 10:43 - 2014-04-25 10:43 - 00000000 ____D () C:\Documents and Settings\Larry\Start Menu\Programs\HiJackThis
2014-04-25 10:28 - 2014-04-25 10:28 - 00001756 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail.lnk
2014-04-25 10:28 - 2014-04-25 10:28 - 00001750 _____ () C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
2014-04-25 10:28 - 2013-04-04 16:05 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-04-25 10:27 - 2014-04-25 10:27 - 00000000 ____D () C:\Program Files\IncrediMail
2014-04-25 10:17 - 2013-04-04 16:12 - 00000000 ____D () C:\Documents and Settings\Larry
2014-04-25 10:08 - 2013-04-10 20:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-04-25 10:04 - 2014-02-22 16:18 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-24 16:39 - 2014-03-29 10:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-24 16:27 - 2013-09-20 09:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-04-18 15:02 - 2013-02-26 23:40 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverx.sys
2014-04-13 14:12 - 2014-03-18 16:12 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-04-13 14:12 - 2014-03-18 16:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-13 14:06 - 2014-04-13 14:06 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-04-13 14:05 - 2013-09-04 14:29 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Downloaded Installations
2014-04-13 09:57 - 2013-04-11 17:04 - 00000000 ____D () C:\Documents and Settings\Larry\Local Settings\Application Data\Adobe
2014-04-13 09:54 - 2014-04-09 18:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-10 18:29 - 2013-04-04 11:33 - 00012638 _____ () C:\Documents and Settings\Larry\My Documents\Current meds Larry.odt
2014-04-09 18:49 - 2013-05-17 10:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-09 18:35 - 2014-04-09 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 18:35 - 2013-08-15 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 18:32 - 2013-04-10 16:51 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 18:31 - 2013-04-10 19:57 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-04 10:52 - 2014-04-04 10:52 - 00039711 _____ () C:\Documents and Settings\Larry\My Documents\Untitled 1.odt
2014-03-31 16:11 - 2013-02-14 03:52 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2013-02-08 04:37 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by Larry at 2014-04-30 22:34:58
Running from C:\Documents and Settings\Larry\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4577 - AVG Technologies)
AVG 2014 (Version: 14.0.3931 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4577 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.204 - AVG) Hidden
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J265W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IncrediMail (Version: 6.6.0.5288 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5288 - IncrediMail Ltd.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
Quicken 2009 (HKLM\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.7.8 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5645 - Realtek Semiconductor Corp.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
The Weather Channel App (HKLM\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

07-03-2014 06:23:47 System Checkpoint
08-03-2014 06:47:51 System Checkpoint
09-03-2014 07:23:32 System Checkpoint
10-03-2014 08:23:33 System Checkpoint
11-03-2014 09:23:33 System Checkpoint
12-03-2014 07:00:14 Software Distribution Service 3.0
13-03-2014 07:21:14 System Checkpoint
14-03-2014 08:21:14 System Checkpoint
15-03-2014 09:21:14 System Checkpoint
16-03-2014 10:21:13 System Checkpoint
17-03-2014 11:21:13 System Checkpoint
18-03-2014 11:33:15 System Checkpoint
19-03-2014 07:00:13 Software Distribution Service 3.0
20-03-2014 07:21:13 System Checkpoint
21-03-2014 08:45:15 System Checkpoint
22-03-2014 09:21:13 System Checkpoint
23-03-2014 10:20:54 System Checkpoint
24-03-2014 10:44:56 System Checkpoint
25-03-2014 11:20:54 System Checkpoint
26-03-2014 11:22:00 System Checkpoint
26-03-2014 23:33:22 Software Distribution Service 3.0
28-03-2014 00:44:18 System Checkpoint
29-03-2014 01:32:55 System Checkpoint
30-03-2014 02:32:47 System Checkpoint
31-03-2014 03:20:43 System Checkpoint
01-04-2014 04:20:43 System Checkpoint
02-04-2014 04:37:15 System Checkpoint
03-04-2014 05:20:44 System Checkpoint
04-04-2014 06:32:45 System Checkpoint
05-04-2014 07:20:44 System Checkpoint
06-04-2014 08:20:35 System Checkpoint
07-04-2014 08:44:36 System Checkpoint
08-04-2014 09:20:35 System Checkpoint
09-04-2014 10:20:35 System Checkpoint
09-04-2014 22:31:26 Software Distribution Service 3.0
11-04-2014 00:21:41 System Checkpoint
12-04-2014 01:06:05 System Checkpoint
13-04-2014 01:42:09 System Checkpoint
13-04-2014 18:06:06 Installed The Weather Channel App.
14-04-2014 18:58:11 System Checkpoint
15-04-2014 20:42:46 System Checkpoint
16-04-2014 21:10:06 System Checkpoint
18-04-2014 00:32:30 System Checkpoint
19-04-2014 01:22:06 System Checkpoint
20-04-2014 01:58:06 System Checkpoint
21-04-2014 02:58:06 System Checkpoint
22-04-2014 03:22:06 System Checkpoint
23-04-2014 03:58:06 System Checkpoint
24-04-2014 04:58:01 System Checkpoint
24-04-2014 20:40:46 Removed Apple Application Support
25-04-2014 14:19:44 Removed IncrediMail.
25-04-2014 14:43:56 Installed HiJackThis
25-04-2014 19:54:57 Removed Photo Notifier and Animation Creator.
26-04-2014 20:29:04 System Checkpoint
27-04-2014 21:54:32 System Checkpoint
28-04-2014 23:57:02 System Checkpoint
29-04-2014 13:29:34 Installed AVG 2014
29-04-2014 13:31:23 Removed AVG 2014
30-04-2014 15:17:44 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 06:00 - 2014-04-30 10:21 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D9FD71D1-8796-4BFD-91E4-CC2216D4D3C8}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-09-28 21:14 - 2013-09-28 21:14 - 03369922 _____ () C:\Program Files\NETGEAR Genie\bin\icuin51.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00544817 _____ () C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00989805 _____ () C:\Program Files\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01978690 _____ () C:\Program Files\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 22378434 _____ () C:\Program Files\NETGEAR Genie\bin\icudt51.dll
2013-09-28 21:14 - 2013-09-28 21:14 - 01233408 _____ () C:\Program Files\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 04:04 - 2013-12-06 04:04 - 00465920 _____ () C:\Program Files\NETGEAR Genie\bin\Genie.dll
2013-12-05 07:36 - 2013-12-05 07:36 - 01547776 _____ () C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00192512 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 07:37 - 2013-12-05 07:37 - 00631808 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-06 01:55 - 2013-12-06 01:55 - 04956160 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 05:05 - 2013-11-13 05:05 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00144896 _____ () C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 22:09 - 2013-11-10 22:09 - 01174528 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 07:31 - 2013-12-05 07:31 - 08558592 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 07:34 - 2013-12-05 07:34 - 01270272 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 21:59 - 2013-11-10 21:59 - 00068608 _____ () C:\Program Files\NETGEAR Genie\bin\QRCode.dll
2013-12-06 03:57 - 2013-12-06 03:57 - 00199680 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00884736 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 22:21 - 2013-11-10 22:21 - 00427520 _____ () C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00051200 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00052224 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00261120 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 21:58 - 2013-11-10 21:58 - 00078848 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00140288 _____ () C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00072192 _____ () C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00074752 _____ () C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00136704 _____ () C:\Program Files\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 07:43 - 2013-12-05 07:43 - 00641536 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 22:24 - 2013-11-10 22:24 - 00458752 _____ () C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 22:23 - 2013-11-10 22:23 - 00046080 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 21:56 - 2013-11-10 21:56 - 00066560 _____ () C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 21:13 - 2013-09-28 21:13 - 00040960 _____ () C:\Program Files\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-04-09 16:59 - 2014-04-09 16:59 - 00055120 _____ () C:\Program Files\The Weather Channel\Desktop Weather\TWC.Win7.exe
2013-11-14 09:12 - 2013-11-14 09:12 - 00105216 _____ () C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
2004-08-04 06:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2004-08-04 06:00 - 2008-04-14 05:42 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2004-08-04 06:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2014-03-29 10:19 - 2014-03-29 10:19 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\WINDOWS\pss\CodecPackUpdateChecker.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: VX6000 => C:\WINDOWS\vVX6000.exe

==================== Faulty Device Manager Devices =============

Name: 802.11n Wireless LAN Card
Description: 802.11n Wireless LAN Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Ralink Technology, Corp.
Service: RT80x86
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/30/2014 10:23:23 AM) (Source: Application) (User: )
Description: Cannot access a disposed object.
Object name: 'WebBrowser'.

Error: (04/30/2014 10:19:51 AM) (Source: Application) (User: )
Description: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index

Error: (04/28/2014 10:42:48 PM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.6.0.5288, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/27/2014 10:15:42 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 11:15:41 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.3.9.5260, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang) (User: )
Description: Fault bucket -323296619.

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang) (User: )
Description: Hanging application IminentUninstall.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/24/2014 10:57:17 AM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application) (User: )
Description: Value cannot be null.
Parameter name: key


System errors:
=============
Error: (04/30/2014 10:21:47 AM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error:
%%1053

Error: (04/30/2014 10:21:47 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.

Error: (04/30/2014 10:19:53 AM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Error: (04/30/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 08:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 07:49:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (04/30/2014 06:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403


Microsoft Office Sessions:
=========================
Error: (04/30/2014 10:23:23 AM) (Source: Application)(User: )
Description: Cannot access a disposed object.
Object name: 'WebBrowser'.

Error: (04/30/2014 10:19:51 AM) (Source: Application)(User: )
Description: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index

Error: (04/28/2014 10:42:48 PM) (Source: Application Hang)(User: )
Description: IncMail.exe6.6.0.5288hungapp0.0.0.000000000

Error: (04/27/2014 10:15:42 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 11:15:41 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/25/2014 10:11:04 AM) (Source: Application Hang)(User: )
Description: IncMail.exe6.3.9.5260hungapp0.0.0.000000000

Error: (04/24/2014 04:39:32 PM) (Source: Application Hang)(User: )
Description: -323296619

Error: (04/24/2014 04:39:24 PM) (Source: Application Hang)(User: )
Description: IminentUninstall.exe0.0.0.0hungapp0.0.0.000000000

Error: (04/24/2014 10:57:17 AM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key

Error: (04/23/2014 03:11:06 PM) (Source: Application)(User: )
Description: Value cannot be null.
Parameter name: key


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 2039.23 MB
Available physical RAM: 997.06 MB
Total Pagefile: 3931.62 MB
Available Pagefile: 3045.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:54.26 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 5A1A6926)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java.  Then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

Next

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Next,
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Please read the following article about using MSCONFIG - you have a lot of items disabled using it. I would recommend either uninstalling them if you don't want them or using a tool like Autoruns to disable them.  After reading the article please run MSCONFIG and set it to NORMAL and then restart the computer.

 

Msconfig Is Not A Startup Manager

 

Then run a new FRST scan with the ADDITIONS checked to include that log and post those back when ready.

 

Also please run the following

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

Link to post
Share on other sites

  • Root Admin

As you can see in the logs your computer is having issues with software and configuration conflicts.
This could be due to various reasons including damage from a previous infection. It may not be possible to find and correct all issues with this computer.

 

Please see the following article to help better understand the issue.
The complexity of finding, preventing, and cleanup from malware

Do I need a Windows Registry Cleaner?

These errors are from your Event Logs.  I will attempt to help you clean up the computer as best I can but as said it might not be possible to completely clean it up and get it working well.


Application errors:
==================
Error: (05/01/2014 02:24:33 PM) (Source: Application Hang) (User: )
Description: Hanging application IncMail.exe, version 6.6.0.5288, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/01/2014 02:01:57 PM) (Source: Application) (User: )
Description: Object reference not set to an instance of an object.

Error: (04/30/2014 10:23:23 AM) (Source: Application) (User: )
Description: Cannot access a disposed object.
Object name: 'WebBrowser'.

Error: (04/30/2014 10:19:51 AM) (Source: Application) (User: )
Description: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index

System errors:
=============
Error: (05/01/2014 10:34:31 PM) (Source: Service Control Manager) (User: )
Description: The NETGEARGenieDaemon service failed to start due to the following error:
%%1053

Error: (05/01/2014 10:34:31 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the NETGEARGenieDaemon service to connect.

Error: (05/01/2014 01:57:55 PM) (Source: Service Control Manager) (User: )
Description: The TomTomHOMEService service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/01/2014 01:57:55 PM) (Source: Service Control Manager) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/30/2014 10:19:53 AM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Error: (04/30/2014 09:49:00 AM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error:
%%2147942403



I would recommend we start by reducing and removing some software temporarily while we try to clean it up if you want to or if you want to look at backing up your data and reinstalling Windows let me know then before we get going further on this.

Thanks

Link to post
Share on other sites

Well I guess We can start with removing programs, because I will have to locate my win XP disk somewhere in the house. Also since Win xp is obsolete is it worth reinstalling it?  What would you do?  Or buy a new desktop system.

Link to post
Share on other sites

  • Root Admin

I have my XP CD installer but then again I still have my Windows 3 installer too. 

 

Cleanup is probably about all you can really do and hope for the best at the moment.  If you have the money I would recommend a new computer for sure as it would be extremely fast compared to your XP computer and it will also be a much safer computer.  I would not suggest getting one with Windows 8 unless you've already used Windows 8 and are comfortable with it.  Many users do not like it and I've even had some users spend upwards of a couple hundred dollars to buy one with Windows 7 on it.  Windows 8 has had a bad reputation to the point that Dell and HP have dropped back and are now advertising and selling systems with Windows 7 so if you were to buy one I would recommend only Windows 7 at this time.

 

So that I don't waste my time please let me know if you're considering buying a new computer or if you'd like to try and clean this one up some or not.

 

Thanks

Link to post
Share on other sites

I don't have $ 700.00 to $1200.00 for a new PC so Lets try to clean up this one.  If I can't fix Incredimail program then I guess I can't use it. It's a shame because I have been using it for more than 13 yrs. Let me know what to remove. Larry    

 

If I were to reinstall an OS system, can I use the system on my wife's laptop?   She has Win Vista Business

Link to post
Share on other sites

  • Root Admin

No you cannot use it on another system and if you don't have the installer CD then you can't reinstall either so your only option is cleanup.
 
I'm going to be out of town all day tomorrow at a car show but I'll try to get back to you on Sunday if I can.  Please go ahead and run the following again and post back a new log and we'll get started.
 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

Next,

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.