PC performance continually decreasing with other odd symptoms

equaltemp · October 16, 2014

My PC has been slowing down more and more over the past couple of months. I've also discovered some other strange things occurring. I found that my windows folder (C:\Windows) has a bunch of files that shouldn't be there, like word document files, video files, etc. When I cut and paste files, the files paste in a diaganol line. Some web pages have ltext with wide gaps of empty space between sentences.

I've ran Malwarebytes Anti-Malware, Spybot, and Panda Cloud. The only thing that was found out of these three was 1 malware item from Malwarebytes. But after quarantining it, I'm still experiencing the same problems.

Any help would be very much appreciated. I'm running Win XP Pro, 32bit, Opera and Firefox browsers.

Thanks in advance for your response. I've pasted 2 logs below at adminisrator's request.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2014
Ran by User (administrator) on COMPUTER_1 on 16-10-2014 13:55:37
Running from C:\Documents and Settings\User\Desktop
Loaded Profile: User (Available profiles: User & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [PSUAMain] => C:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-05-06] (Panda Security, S.L.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE8E3A4EACD8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.3.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\szdlcmx8.default
FF Homepage: https://us-mg6.mail.yahoo.com/neo/launch?.rand=9thqut75rg68e
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LastPass - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\szdlcmx8.default\Extensions\support@lastpass.com [2014-09-27]
FF Extension: DownloadHelper - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\szdlcmx8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-11]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\szdlcmx8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [apfdadfinodckpcehhdhjlgiphgnbfci] - C:\Program Files\PutLockerDownloader\putlockerdownloader10.crx []
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\jmdp\SweetNT.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 BackupService; C:\Documents and Settings\User\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [67104 2013-02-21] (ArcSoft, Inc.)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
R2 NanoServiceMain; C:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [141560 2014-05-04] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-05-06] (Panda Security, S.L.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 eabfiltr; C:\WINDOWS\System32\DRIVERS\eabfiltr.sys [7808 2006-10-29] (Hewlett-Packard Development Company, L.P.)
S3 eabusb; C:\WINDOWS\System32\DRIVERS\eabusb.sys [5760 2006-10-29] (Hewlett-Packard Development Company, L.P.)
S3 HP24X; C:\WINDOWS\System32\DRIVERS\HP24X.sys [33024 2006-10-19] (Hewlett Packard)
R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2006-10-29] (Infineon Technologies AG)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3634688 2009-01-05] (Intel Corporation)
R3 NETwLx32; C:\WINDOWS\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
R1 NNSALPC; C:\WINDOWS\System32\DRIVERS\NNSAlpc.sys [88992 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\System32\DRIVERS\NNSHttp.sys [166816 2014-05-02] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\System32\DRIVERS\NNSHttps.sys [110496 2014-05-02] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\System32\DRIVERS\NNSIds.sys [125216 2014-05-02] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\System32\DRIVERS\NNSPicc.sys [96160 2014-05-02] (Panda Security, S.L.)
S4 NNSPIHS; C:\WINDOWS\System32\DRIVERS\NNSPihs.sys [52384 2014-05-02] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\System32\DRIVERS\NNSPop3.sys [121888 2014-05-02] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\System32\DRIVERS\NNSProt.sys [288032 2014-05-02] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\System32\DRIVERS\NNSPrv.sys [208800 2014-05-02] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\System32\DRIVERS\NNSSmtp.sys [109856 2014-05-02] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\System32\DRIVERS\NNSStrm.sys [243872 2014-05-02] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\System32\DRIVERS\NNSTlsc.sys [96928 2014-05-02] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\System32\DRIVERS\PSINAflt.sys [138656 2014-05-04] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [101536 2014-05-04] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\System32\DRIVERS\psinknc.sys [170656 2014-05-04] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [112544 2014-05-05] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\System32\DRIVERS\PSINProt.sys [123168 2014-05-06] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\System32\DRIVERS\PSINReg.sys [98336 2014-05-05] (Panda Security, S.L.)
R3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [48736 2014-03-25] (Panda Security, S.L.)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-05-15] ()
S1 A2DDA; \??\C:\DOCUMENTS AND SETTINGS\USER\DESKTOP\AV\EMSISOFTEMERGENCYKIT\RUN\a2ddax86.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CertPropSvc; No ImagePath
S3 cleanhlp; \??\C:\Documents and Settings\User\Desktop\AV\EmsisoftEmergencyKit\Run\cleanhlp32.sys [X]
S4 IntelIde; No ImagePath
S3 NSNDIS5; \??\C:\WINDOWS\system32\NSNDIS5.SYS [X]
S2 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 13:55 - 2014-10-16 13:56 - 00008800 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-10-16 13:55 - 2014-10-16 13:55 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-10-16 12:33 - 2014-10-16 13:54 - 00000386 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399038432.job
2014-10-16 05:55 - 2014-10-16 06:13 - 00001252 _____ () C:\Documents and Settings\User\Desktop\Result.txt
2014-10-16 05:14 - 2014-03-25 09:15 - 00048736 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-10-16 05:04 - 2008-04-14 00:41 - 00156672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\winzm.ime
2014-10-16 04:54 - 2008-04-14 00:41 - 00482304 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pintlgnt.ime
2014-10-16 04:49 - 2006-02-28 03:00 - 10129408 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxkor.dll
2014-10-16 04:43 - 2008-04-14 00:39 - 13463552 ____C () C:\WINDOWS\system32\dllcache\hwxjpn.dll
2014-10-16 04:42 - 2006-02-28 03:00 - 10096640 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
2014-10-16 04:37 - 2008-04-13 17:13 - 00480256 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintsetp.exe
2014-10-16 04:35 - 2008-04-14 00:39 - 00198656 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cintime.dll
2014-10-16 04:34 - 2008-04-14 00:39 - 00173568 ____C () C:\WINDOWS\system32\dllcache\chtskf.dll
2014-10-16 04:33 - 2008-04-14 00:39 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtmbx.dll
2014-10-16 04:29 - 2006-02-28 03:00 - 00838144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtbrkr.dll
2014-10-16 04:26 - 2011-11-04 15:20 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 20:28 - 2014-10-16 13:56 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\temp
2014-10-15 20:28 - 2014-10-15 20:28 - 00013517 _____ () C:\ComboFix.txt
2014-10-15 20:28 - 2014-10-15 20:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-15 20:28 - 2014-10-15 20:28 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-15 20:28 - 2014-10-15 20:28 - 00000000 ____D () C:\Documents and Settings\Default User.WINDOWS.0\Local Settings\temp
2014-10-15 20:28 - 2014-10-15 20:28 - 00000000 ____D () C:\Documents and Settings\David Balsamo\Local Settings\temp
2014-10-15 20:28 - 2014-10-15 20:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-10-15 19:40 - 2014-10-16 05:04 - 00073839 _____ () C:\WINDOWS\setupapi.log
2014-10-15 06:27 - 2014-10-15 06:27 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\User\Desktop\mbam-check-2.1.1.1001.exe
2014-10-15 06:03 - 2014-10-16 13:55 - 01102848 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-10-14 19:20 - 2014-10-14 19:21 - 00000000 ____D () C:\boot file 10-14-2014
2014-10-14 12:44 - 2014-10-16 13:01 - 00005120 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-14 12:19 - 2014-10-14 12:19 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-10-14 12:19 - 2014-10-14 12:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-14 12:18 - 2014-10-14 12:18 - 00000284 _____ () C:\Documents and Settings\User\My Documents\cc_20141014_121811.reg
2014-10-14 12:17 - 2014-10-14 12:18 - 00000514 _____ () C:\Documents and Settings\User\My Documents\cc_20141014_121756.reg
2014-10-14 12:17 - 2014-10-14 12:17 - 00008138 _____ () C:\Documents and Settings\User\My Documents\cc_20141014_121738.reg
2014-10-11 09:49 - 2014-10-11 09:49 - 00000000 ____D () C:\Documents and Settings\User\My Documents\ProcAlyzer Dumps
2014-10-11 09:08 - 2014-10-11 10:04 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-11 09:08 - 2014-10-11 10:03 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-10-11 09:08 - 2014-10-11 10:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-11 04:16 - 2014-10-11 04:20 - 00000000 ____D () C:\Documents and Settings\User\My Documents\MFG Companies
2014-10-10 20:06 - 2014-10-10 20:06 - 00000180 _____ () C:\Documents and Settings\User\My Documents\cc_20141010_200605.reg
2014-10-10 20:05 - 2014-10-10 20:05 - 00006434 _____ () C:\Documents and Settings\User\My Documents\cc_20141010_200528.reg
2014-10-10 20:05 - 2014-10-10 20:05 - 00000288 _____ () C:\Documents and Settings\User\My Documents\cc_20141010_200546.reg
2014-10-10 11:39 - 2014-10-10 11:39 - 00401920 _____ (Farbar) C:\Documents and Settings\User\Desktop\MiniToolBox.exe
2014-10-08 04:55 - 2014-10-08 09:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sophos
2014-10-02 08:04 - 2014-10-02 08:04 - 00013766 _____ () C:\Documents and Settings\User\My Documents\cc_20141002_080435.reg
2014-09-29 14:38 - 2014-09-29 14:38 - 00096734 _____ () C:\Documents and Settings\User\My Documents\workaround for connection requests on linkedin.txt
2014-09-29 14:04 - 2014-09-29 14:04 - 00000739 _____ () C:\WINDOWS\4E388484D78E6049DA4395AC7FFE515322C6B3FA
2014-09-29 14:04 - 2014-09-29 14:04 - 00000622 _____ () C:\WINDOWS\EE6A41DCB3F5FB235B9908BFB49E0CF034F8FF1A
2014-09-27 05:42 - 2014-09-27 05:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Mozilla
2014-09-27 05:42 - 2014-09-27 05:42 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-09-25 12:19 - 2014-09-25 12:37 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Cable Assembly Diagrams

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 13:55 - 2014-05-23 04:27 - 00000000 ____D () C:\FRST
2014-10-16 13:54 - 2014-03-04 11:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-16 13:54 - 2014-03-04 11:10 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-16 13:54 - 2013-02-07 20:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\stickies
2014-10-16 13:53 - 2012-09-12 17:37 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-16 13:01 - 2014-08-13 06:00 - 03014656 _____ () C:\WINDOWS\system32\config\Nano.evt
2014-10-16 13:01 - 2014-03-04 11:10 - 00032612 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-16 13:01 - 2012-09-12 17:38 - 00000278 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-10-16 12:33 - 2014-01-07 16:24 - 00000000 ____D () C:\Program Files\Opera
2014-10-16 12:14 - 2013-01-19 15:40 - 00002497 _____ () C:\Documents and Settings\User\Desktop\Microsoft Office Word 2003.lnk
2014-10-16 11:11 - 2014-02-13 22:07 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\LastPass
2014-10-16 09:39 - 1980-01-04 20:37 - 00572046 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-15 20:28 - 2013-06-28 21:37 - 00000000 ____D () C:\Qoobox
2014-10-15 20:26 - 2001-08-23 07:00 - 00000327 _____ () C:\WINDOWS\system.ini
2014-10-15 19:58 - 2014-09-10 05:13 - 00000191 _____ () C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
2014-10-15 11:31 - 2013-01-12 20:11 - 00426962 _____ () C:\Documents and Settings\User\Desktop\TD Checking.amj
2014-10-15 05:58 - 2014-08-18 03:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2014-10-15 05:58 - 2013-01-15 12:09 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-15 05:58 - 2013-01-15 12:09 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-10-14 10:07 - 2013-01-28 20:20 - 00000000 ____D () C:\Documents and Settings\User\Application Data\vlc
2014-10-11 21:49 - 2012-09-12 17:37 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-10-11 10:03 - 2013-01-10 19:12 - 00000228 _____ () C:\WINDOWS\wininit.ini
2014-10-11 09:49 - 1980-01-04 20:35 - 00000360 ___SH () C:\boot.ini
2014-10-11 06:37 - 2013-02-07 11:25 - 00000000 ____D () C:\Documents and Settings\User\dwhelper
2014-10-10 12:48 - 2014-01-13 05:42 - 00000000 ____D () C:\AdwCleaner
2014-10-10 12:48 - 2013-06-15 15:00 - 00000000 ____D () C:\bookmarkbackups
2014-10-07 13:51 - 2014-06-04 21:31 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 05:15 - 2014-07-23 07:49 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Job Openings
2014-10-04 20:18 - 2001-08-23 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-03 05:12 - 2013-06-28 07:52 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-10-02 08:01 - 2012-09-12 17:30 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-10-02 07:57 - 2014-06-03 11:19 - 00000386 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399038432.job.bak
2014-09-27 20:03 - 2014-07-27 09:08 - 00158137 _____ () C:\Documents and Settings\User\My Documents\Opera Bookmarks Backup.htm
2014-09-27 05:42 - 2013-07-27 08:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 15:10 - 2013-01-12 17:40 - 00000000 ____D () C:\Program Files\Google
2014-09-24 15:10 - 2013-01-12 17:40 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-10-2014
Ran by User at 2014-10-16 13:56:43
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Cloud Antivirus (Disabled - Up to date) {5AD27692-540A-464E-B625-78275FA38393}
FW: Panda Cloud Firewall (Disabled) {1337562C-110A-4AF8-B12B-750C0B30E802}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceMoney (HKLM\...\AceMoney_is1) (Version: - MechCAD Software)
AceMoney Lite (HKLM\...\AceMoney Lite_is1) (Version: - MechCAD Software)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}) (Version: 10.15.01 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
HP PCMCIA Smart Card Reader (HKLM\...\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}) (Version: 1.01.0001 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
LastPass (uninstall only) (HKLM\...\LastPass) (Version: - LastPass)
LightScribe System Software (HKLM\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.50 (HKLM\...\Opera 25.0.1614.50) (Version: 25.0.1614.50 - Opera Software ASA)
Paint Shop Pro 6.0 (ESD) (HKLM\...\Paint Shop Pro 6.0) (Version: - )
Panda Cloud Antivirus (HKLM\...\Panda Universal Agent Endpoint) (Version: 03.00.01.0000 - Panda Security)
Panda Cloud Antivirus (Version: 7.05.00.0000 - Panda Security) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5240 - Analog Devices)
Stickies 7.1e (HKLM\...\ZhornStickies) (Version: - Zhorn Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

02-10-2014 12:01:23 System Checkpoint
03-10-2014 18:59:30 System Checkpoint
05-10-2014 00:38:34 System Checkpoint
07-10-2014 09:29:29 System Checkpoint
08-10-2014 08:55:21 Installed Sophos Virus Removal Tool.
08-10-2014 13:13:22 Removed Sophos Virus Removal Tool.
09-10-2014 15:34:13 System Checkpoint
10-10-2014 15:56:43 restore point before running fix-it
11-10-2014 16:49:22 System Checkpoint
12-10-2014 01:36:12 my combofix restore point
13-10-2014 17:34:36 System Checkpoint
15-10-2014 18:35:30 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-08-11 02:58 - 2014-10-15 20:25 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399038432.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1399038432.job.bak => C:\Program Files\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============

2013-04-12 13:23 - 2013-04-12 13:23 - 00612664 _____ () C:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk => C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^HP SimpleSave Monitor.lnk => C:\WINDOWS\pss\HP SimpleSave Monitor.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-329068152-1935655697-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-329068152-1935655697-1417001333-1004 - Limited - Disabled)
Guest (S-1-5-21-329068152-1935655697-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-329068152-1935655697-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-329068152-1935655697-1417001333-1002 - Limited - Disabled)
User (S-1-5-21-329068152-1935655697-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2014 09:06:07 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 09:06:00 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:56:53 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:56:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:56:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:56:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:56:29 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:51:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server returned an invalid or unrecognized response

Error: (10/11/2014 08:51:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/11/2014 08:51:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

System errors:
=============
Error: (10/16/2014 01:54:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2014 01:54:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (10/16/2014 09:35:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2014 09:35:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (10/16/2014 06:12:24 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2014 06:12:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (10/16/2014 05:14:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/16/2014 05:14:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2

Error: (10/16/2014 05:04:37 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Error: (10/16/2014 05:04:34 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0

Microsoft Office Sessions:
=========================
Error: (10/11/2014 09:06:07 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 09:06:00 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:56:53 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:56:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:56:41 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:56:35 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:56:29 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:51:55 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server returned an invalid or unrecognized response

Error: (10/11/2014 08:51:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (10/11/2014 08:51:50 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz
Percentage of memory in use: 20%
Total physical RAM: 2039.23 MB
Available physical RAM: 1626.01 MB
Total Pagefile: 5968.04 MB
Available Pagefile: 5698.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:55.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (VRMPVOL_EN) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive e: (KINGSTON) (Removable) (Total:3.78 GB) (Free:1.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 5363540D)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 004FC0B3)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End Of Log ============================

TwinHeadedEagle · October 16, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

You're missing Addition.txt report, so let's scan again:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

equaltemp · October 16, 2014

Thanks for assisting me. I attached the logs you requested.

Addition.txt

FRST.txt

equaltemp · October 16, 2014

TwinHeadedEagle,

I just wanted to let you know that I may have replied to my own topic by mistake. This message I'm sending you now was no problem because all I needed to do was click the "post" button. But when I click the "more reply options" button in order to attach the logs, it takes me to a new page that has no "post" button. So after I attach the logs, I'm not sure what to do in order to post it.

equaltemp

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

You're missing Addition.txt report, so let's scan again:

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.

TwinHeadedEagle · October 17, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

fixlist.txt

equaltemp · October 17, 2014

TwinHeadedEagle,

I ran FRST and Combofix and attached the 2 logs.

equaltemp

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Fixlog.txt

ComboFix.txt

TwinHeadedEagle · October 17, 2014

How is the situation now?

equaltemp · October 17, 2014

TwiinHeadedEagle,

It's definitely running better than it was. And it's not as slow as it was. The cut and paste seems to be working fine now.

As far as all the files in my Windows folder that shouldn't be there, should I just leave them there if they're not causing any problems?

Also, I know you recommended that I get the premium Malwarebytes to help prevent this from happening again, but are there any free programs you can recommend that would do as good a job?

equaltemp

How is the situation now?I

TwinHeadedEagle · October 19, 2014

Don't mess with Windows folder, you can break your system. Don't do anything unless you know what are you doing.

Yes, MalwareBytes Premium is definitely good recommendation.

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:

MUST READ - security tips:

Computer Security - a short guide to staying safer online.

Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

What to do if your Computer is running slowly?

The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

TFC - to clean unneeded temporary files.
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
McShield - to prevent infections spread by removable media.
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
FiheHippo.com Update Checker - to keep your programs up-to-date.
Adblock - to surf the web without annoying ads!

Post-cleanup procedures:

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:

Thank you!

Stay safe,
TwinHeadedEagle

Maurice Naggar · October 22, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PC performance continually decreasing with other odd symptoms

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information