Jump to content

Cannot open AVG or MBAM due to Software Restriction Policy


CSM

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-12-2014
Ran by Mooie (administrator) on COMPUTER on 27-12-2014 00:36:15
Running from C:\Documents and Settings\Mooie\Desktop
Loaded Profile: Mooie (Available profiles: Mooie & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-07-24] (SigmaTel, Inc.)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-22] (BillP Studios)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=2070128
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2899139735-2965690088-2057177934-1005 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1398055891375
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} http://blacks.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.226.1.93 24.226.10.193 24.226.10.194

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mooie\Application Data\Mozilla\Firefox\Profiles\k30go35g.default
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @veetle.com/vbp;version=0.9.17 -> C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: @veoh.com/VeohTVPlugin -> C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF Plugin: @veoh.com/VeohWebPlayer -> C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2899139735-2965690088-2057177934-1005: @facebook.com/FBPlugin,version=1.0.1 -> C:\Documents and Settings\Mooie\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ClipConverter Desktop - C:\Documents and Settings\Mooie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\desktop@clipconverter.cc.xpi [2013-06-24]
FF Extension: printpdf - C:\Documents and Settings\Mooie\Application Data\Mozilla\Firefox\Profiles\k30go35g.default\Extensions\printpdf@pavlov.net.xpi [2012-07-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Mooie\Application Data\Mozilla\Firefox\Profiles\k30go35g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-15]
FF HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\...\Firefox\Extensions: [web@veoh.com] - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder
FF Extension: Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008-12-24]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-28] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S4 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
S4 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [90112 2006-07-06] (Intel Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [316416 2012-12-19] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [198936 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.) [File not signed]
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [218688 2011-04-09] (DT Soft Ltd)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation ) [File not signed]
R1 nvport; C:\WINDOWS\system32\Drivers\nvport.sys [4608 2006-05-05] (NVIDIA Corporation.) [File not signed]
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2008-05-26] (VSO Software) [File not signed]
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [9856 2006-03-29] (Padus, Inc.) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [38468 2004-12-08] (Alcor Micro Corp.) [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25216 2008-07-31] (The OpenVPN Project) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\Mooie\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 00:36 - 2014-12-27 00:36 - 00018653 _____ () C:\Documents and Settings\Mooie\Desktop\FRST.txt
2014-12-27 00:36 - 2014-12-27 00:36 - 00000000 ____D () C:\FRST
2014-12-27 00:35 - 2014-12-27 00:35 - 01114112 _____ (Farbar) C:\Documents and Settings\Mooie\Desktop\FRST.exe
2014-12-27 00:24 - 2014-12-27 00:36 - 00000000 ____D () C:\Documents and Settings\Mooie\Local Settings\temp
2014-12-27 00:24 - 2014-12-27 00:24 - 00012997 _____ () C:\ComboFix.txt
2014-12-27 00:24 - 2014-12-27 00:24 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-12-27 00:24 - 2014-12-27 00:24 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-12-27 00:24 - 2014-12-27 00:24 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp
2014-12-26 23:38 - 2014-12-26 23:38 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-12-26 23:38 - 2014-12-26 23:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-12-26 23:30 - 2014-12-26 23:30 - 00006096 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-12-26 23:12 - 2014-12-26 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-26 22:40 - 2014-12-26 22:40 - 05603624 ____R (Swearware) C:\Documents and Settings\Mooie\Desktop\ComboFix.exe
2014-12-25 17:09 - 2014-12-25 17:09 - 00015872 _____ () C:\Documents and Settings\Mooie\Application Data\misinterpreters.sx
2014-12-25 16:06 - 2014-03-13 22:19 - 00449915 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20141225-160627.backup
2014-12-13 13:35 - 2014-12-13 13:35 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-13 13:34 - 2014-12-13 13:34 - 00000000 _____ () C:\WINDOWS\system32\REN393.tmp
2014-12-13 13:34 - 2014-12-13 13:34 - 00000000 _____ () C:\WINDOWS\system32\REN392.tmp
2014-12-13 13:34 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-12-13 13:34 - 2014-09-26 18:16 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-12-13 13:33 - 2014-12-13 13:34 - 00004671 _____ () C:\WINDOWS\system32\jupdate-1.7.0_71-b14.log
2014-12-11 22:42 - 2014-12-03 23:35 - 697778135 _____ () C:\Documents and Settings\Mooie\Desktop\Architects of the Divine - The First Gothic Age.mp4
2014-12-10 00:00 - 2014-12-10 00:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-03 21:22 - 2014-11-07 20:58 - 696946874 _____ () C:\Documents and Settings\Mooie\Desktop\Architects of the Divine - The First Gothic Age.mkv
2014-12-01 22:40 - 2014-12-03 23:35 - 00000000 ____D () C:\Documents and Settings\Mooie\Application Data\avidemux
2014-12-01 22:39 - 2014-12-01 22:39 - 00000000 ____D () C:\Program Files\Avidemux 2.6
2014-12-01 22:39 - 2014-12-01 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux
2014-12-01 20:33 - 2014-12-01 20:33 - 00000765 _____ () C:\Documents and Settings\Mooie\Start Menu\Programs\MediaInfo.lnk
2014-12-01 20:33 - 2014-12-01 20:33 - 00000000 ____D () C:\Program Files\MediaInfo
2014-11-27 14:55 - 2014-11-27 14:55 - 00000000 ____D () C:\Documents and Settings\Mooie\Application Data\AVG2015
2014-11-27 14:47 - 2014-11-27 14:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2014-11-27 14:42 - 2014-11-27 14:55 - 00000000 ____D () C:\Documents and Settings\Mooie\Local Settings\Application Data\Avg2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 00:24 - 2010-10-27 13:03 - 00000000 ____D () C:\Qoobox
2014-12-27 00:21 - 2005-08-16 05:33 - 00528976 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-27 00:18 - 2007-01-28 23:33 - 00039472 _____ () C:\WINDOWS\system32\nvapps.xml
2014-12-27 00:18 - 2005-08-16 05:40 - 01598552 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-27 00:18 - 2005-08-16 05:38 - 00000000 ____D () C:\WINDOWS\Registration
2014-12-27 00:18 - 2005-08-16 05:18 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-27 00:18 - 2005-08-16 05:18 - 00000227 _____ () C:\WINDOWS\system.ini
2014-12-27 00:17 - 2014-04-21 22:40 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-27 00:17 - 2005-08-16 05:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-27 00:17 - 2005-08-16 05:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-12-27 00:16 - 2005-08-15 23:27 - 54788096 _____ () C:\WINDOWS\system32\config\SOFTWARE.bak
2014-12-27 00:16 - 2005-08-15 23:27 - 07602176 _____ () C:\WINDOWS\system32\config\SYSTEM.bak
2014-12-27 00:16 - 2005-08-15 23:27 - 05242880 _____ () C:\WINDOWS\system32\config\DEFAULT.bak
2014-12-27 00:16 - 2005-08-15 23:27 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-12-27 00:16 - 2005-08-15 23:27 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-12-27 00:15 - 2008-12-26 23:56 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-12-27 00:15 - 2008-12-26 23:47 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-12-27 00:15 - 2007-02-01 22:06 - 00000178 ___SH () C:\Documents and Settings\Mooie\ntuser.ini
2014-12-26 23:59 - 2005-08-16 05:49 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-26 23:51 - 2014-06-25 12:41 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-26 23:44 - 2005-08-16 05:22 - 00000000 ____D () C:\WINDOWS\security
2014-12-26 22:55 - 2007-02-01 22:06 - 00000000 ____D () C:\Documents and Settings\Mooie
2014-12-26 22:36 - 2008-08-31 18:55 - 00000000 ____D () C:\WINDOWS\l2schemas
2014-12-26 22:31 - 2010-09-02 19:44 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-26 21:56 - 2014-06-25 12:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-26 21:56 - 2014-06-25 12:41 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-26 21:47 - 2010-10-17 22:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-12-26 00:43 - 2007-09-30 18:56 - 00000000 ____D () C:\Program Files\DC++
2014-12-25 23:27 - 2011-04-17 17:48 - 00000000 ____D () C:\Documents and Settings\Mooie\Desktop\Youtube
2014-12-25 23:24 - 2007-02-03 16:18 - 00000000 ____D () C:\Documents and Settings\Mooie\Desktop\BitTorrent
2014-12-25 22:03 - 2009-04-10 23:30 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-12-25 17:02 - 2007-02-03 14:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-25 13:03 - 2008-06-28 13:22 - 00000000 ____D () C:\Documents and Settings\Mooie\Application Data\uTorrent
2014-12-17 23:42 - 2007-02-04 20:24 - 00242688 _____ () C:\Documents and Settings\Mooie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-15 13:12 - 2012-05-05 09:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-14 01:57 - 2008-12-08 21:11 - 00000000 ____D () C:\Documents and Settings\Mooie\Desktop\Poster Images
2014-12-13 13:34 - 2007-01-28 23:44 - 00000000 ____D () C:\Program Files\Java
2014-12-13 13:22 - 2014-06-24 23:30 - 00000000 ____D () C:\Documents and Settings\Mooie\Local Settings\Application Data\Adobe
2014-12-13 13:22 - 2012-04-23 12:52 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-13 13:22 - 2011-05-18 08:31 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-11 22:21 - 2007-02-10 23:56 - 00000000 ____D () C:\Documents and Settings\Mooie\Application Data\vlc
2014-12-09 22:08 - 2012-05-21 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-12-09 22:04 - 2014-04-21 00:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 21:53 - 2009-01-14 21:41 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-08 23:11 - 2007-03-23 17:00 - 00000000 ____D () C:\Documents and Settings\Mooie\Application Data\dvdcss
2014-12-08 22:59 - 2007-02-03 18:17 - 00000000 ____D () C:\Documents and Settings\Mooie\Desktop\Movies
2014-12-08 22:58 - 2007-02-06 22:56 - 00000000 ____D () C:\Documents and Settings\Mooie\Local Settings\Application Data\QuickPar
2014-12-01 20:14 - 2007-02-10 00:57 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-12-01 18:36 - 2014-07-12 21:44 - 00023502 _____ () C:\WINDOWS\setupapi.log
2014-11-27 23:25 - 2007-02-01 22:20 - 00028768 _____ () C:\Documents and Settings\Mooie\Application Data\wklnhst.dat
2014-11-27 15:05 - 2013-10-01 20:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-11-27 14:56 - 2014-04-21 19:25 - 00000000 ____D () C:\Documents and Settings\Mooie\Local Settings\Application Data\AVG
2014-11-27 14:56 - 2008-05-21 16:50 - 00000000 ____D () C:\Program Files\AVG
2014-11-27 14:55 - 2013-11-30 14:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-11-27 14:55 - 2010-09-06 18:02 - 00000000 ____D () C:\$AVG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-12-2014
Ran by Mooie at 2014-12-27 00:37:12
Running from C:\Documents and Settings\Mooie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.1.2 - )
µTorrent (HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\...\uTorrent) (Version: 1.8.1 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Any Video Converter 3.0.7 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiochecker (HKLM\...\{D8C6F2D1-96C2-4C4A-83A0-4492E7A48491}) (Version: 1.20.0000 - Crown Software)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.20.44 - )
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
dBpoweramp FLAC Codec (HKLM\...\dBpoweramp FLAC Codec) (Version:  - )
dBpoweramp m4a Codec (HKLM\...\dBpoweramp m4a Codec) (Version: Release 7 - Illustrate)
dBpoweramp Monkeys Audio Codec (HKLM\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
dBpoweramp Music Converter (HKLM\...\dBpoweramp Music Converter) (Version: Release 12.3 - )
dBpoweramp Shorten Codec (HKLM\...\dBpoweramp Shorten Codec) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Support 3.2.1 (HKLM\...\{CEE2252C-4035-4B27-8EC6-0B085DD3A413}) (Version: 5.5.2087 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
DVD Flick 1.3.0.6 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.6 - Dennis Meuwissen)
eMule (HKLM\...\eMule) (Version:  - )
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
Facebook Plug-In (HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
foobar2000 v1.1.11 (HKLM\...\foobar2000) (Version: 1.1.11 - Peter Pawlowski)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version:  - )
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
GrabIt 1.6.2 Beta (build 940) (HKLM\...\GrabIt_is1) (Version:  - Ilan Shemes)
HijackThis 1.99.1 (HKLM\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Deskjet 3000 J310 series Basic Device Software (HKLM\...\{1AFB6EA5-DBD0-43A4-AA56-4D1EBF8E39D8}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3000 J310 series Help (HKLM\...\{654A65DA-7173-4B51-ACEB-F855201EE033}) (Version: 140.0.66.66 - Hewlett Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version:  - Dell)
IsoBuster 2.0 (HKLM\...\IsoBuster_is1) (Version: 2.0 - Smart Projects)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MCU (Version: 1.00.0000 - Dell) Hidden
MediaInfo 0.7.71 (HKLM\...\MediaInfo) (Version: 0.7.71 - MediaArea.net)
MetFileRegenerator v3.0.16 (HKLM\...\MetFileRegenerator) (Version: 3.0.16 - William Roberts)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU (HKLM\...\{9309DD7E-EBFE-3C95-8B47-30D3A012F606}) (Version: 2.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU (HKLM\...\{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}) (Version: 3.1.21022 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Digital Image Standard 2006 (HKLM\...\PictureItPrem_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Money 2006 (HKLM\...\Money2006b) (Version: 15 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Streets & Trips 2006 (HKLM\...\{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}) (Version: 13.00.09.0200 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft Works Suite 2006 Setup Launcher (HKLM\...\Works2006Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}) (Version: 8.0.0.0000 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{51F96AEC-D902-4434-A0DC-B9692A21AE7C}) (Version: 3.0.0.101 - Apple Inc.)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MRU-Blaster v1.5 (Database 3/28/2004) (HKLM\...\MRU-Blaster_is1) (Version: 1.5 - Javacool Software LLC)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM\...\InstallShield_{CA529363-D0F2-41EA-B44B-D7515A254645}) (Version: 1.07 - )
Multimedia Card Reader (Version: 1.07 - ) Hidden
Nero 8 Trial (HKLM\...\{D6C9AF27-9414-46C8-B9D8-D878BA041033}) (Version: 8.3.314 - Nero AG)
Nero Digital (HKLM\...\NeroVision!UninstallKey) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Media Center Extensions (HKLM\...\{4BE15737-07C5-4705-9DFC-D9D533939942}) (Version: 1.00.0000 - )
NVIDIA PureVideo Decoder (HKLM\...\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}) (Version: 1.00.0000 - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
overland (Version: 2.1.5 - HP) Hidden
Pharaoh (HKLM\...\Pharaoh) (Version:  - )
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTax 2006 (HKLM\...\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}) (Version:  - )
QuickTax 2007 (HKLM\...\{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}) (Version: 1.00.0000 - Intuit Canada)
QuickTax 2008 (HKLM\...\{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}) (Version: 1.00.0000 - Intuit Canada)
QuickTax 2009 (HKLM\...\{ECB9C58E-C565-4683-9599-B72290BD3B25}) (Version: 1.00.0000 - Intuit Canada)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Serviio (HKLM\...\Serviio) (Version:  - )
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy 1.5.2.20 (HKLM\...\Spybot - Search & Destroy_is1) (Version:  - Safer Networking Ltd.)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2010 (HKLM\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2011 (HKLM\...\{12CAA28E-56CA-4C3D-B3F2-7311540DD410}) (Version: 1.00.0000 - Intuit Canada)
TurboTax 2012 (HKLM\...\{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}) (Version: 1.00.0000 - Intuit Canada)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Veetle TV 0.9.18 (HKLM\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
Veoh Video Compass (HKLM\...\Veoh Video Compass) (Version: 1.4.5.1004 - Veoh Networks, Inc.)
Visual AVI FourCC Changer (HKLM\...\{43A885E3-E2B9-4CB4-9CA4-5ABD15BB54E9}) (Version: 1.0.0 - witkatz)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version:  - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Xvid 1.1.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
yEnc32 (remove only) (HKLM\...\yEnc32) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2899139735-2965690088-2057177934-1005_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Documents and Settings\Mooie\Application Data\Facebook\axfbootloader.dll ( )
CustomCLSID: HKU\S-1-5-21-2899139735-2965690088-2057177934-1005_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Documents and Settings\Mooie\Application Data\Facebook\npfbplugin_1_0_1.dll ( )

==================== Restore Points  =========================

27-09-2014 00:41:21 System Checkpoint
28-09-2014 01:34:06 System Checkpoint
29-09-2014 13:38:35 System Checkpoint
30-09-2014 13:49:19 System Checkpoint
01-10-2014 23:51:19 System Checkpoint
03-10-2014 00:08:09 System Checkpoint
04-10-2014 01:00:41 System Checkpoint
05-10-2014 13:15:20 System Checkpoint
06-10-2014 13:45:19 System Checkpoint
07-10-2014 14:11:51 System Checkpoint
09-10-2014 13:51:48 System Checkpoint
11-10-2014 00:46:59 System Checkpoint
12-10-2014 14:07:19 System Checkpoint
13-10-2014 23:08:34 System Checkpoint
15-10-2014 13:28:37 Software Distribution Service 3.0
17-10-2014 00:14:17 System Checkpoint
18-10-2014 18:53:43 System Checkpoint
20-10-2014 23:13:58 System Checkpoint
21-10-2014 23:49:02 System Checkpoint
23-10-2014 00:06:48 System Checkpoint
24-10-2014 00:27:16 System Checkpoint
25-10-2014 00:51:14 System Checkpoint
27-10-2014 13:45:55 System Checkpoint
28-10-2014 13:47:44 System Checkpoint
29-10-2014 14:23:20 System Checkpoint
30-10-2014 15:14:48 System Checkpoint
31-10-2014 23:23:57 System Checkpoint
02-11-2014 01:50:00 System Checkpoint
03-11-2014 02:31:52 System Checkpoint
05-11-2014 00:27:16 System Checkpoint
06-11-2014 00:40:04 System Checkpoint
07-11-2014 02:03:40 System Checkpoint
09-11-2014 00:18:42 System Checkpoint
10-11-2014 14:59:22 System Checkpoint
12-11-2014 01:10:00 System Checkpoint
12-11-2014 20:35:00 Software Distribution Service 3.0
15-11-2014 01:03:33 System Checkpoint
16-11-2014 01:37:38 System Checkpoint
18-11-2014 00:54:11 System Checkpoint
19-11-2014 14:57:58 System Checkpoint
20-11-2014 15:39:44 System Checkpoint
21-11-2014 16:00:11 System Checkpoint
23-11-2014 01:25:08 System Checkpoint
24-11-2014 14:46:42 System Checkpoint
25-11-2014 14:48:12 System Checkpoint
26-11-2014 14:50:10 System Checkpoint
27-11-2014 14:46:22 Installed AVG 2015
27-11-2014 14:46:49 Removed AVG 2014
27-11-2014 14:47:44 Installed AVG 2015
27-11-2014 14:54:49 Removed AVG 2014
28-11-2014 14:56:17 System Checkpoint
30-11-2014 00:18:19 System Checkpoint
01-12-2014 00:50:06 System Checkpoint
02-12-2014 00:58:28 System Checkpoint
03-12-2014 01:00:05 System Checkpoint
04-12-2014 14:18:50 System Checkpoint
05-12-2014 15:18:38 System Checkpoint
07-12-2014 14:12:39 System Checkpoint
08-12-2014 14:53:17 System Checkpoint
09-12-2014 15:22:21 System Checkpoint
09-12-2014 21:51:51 Software Distribution Service 3.0
10-12-2014 23:20:14 System Checkpoint
12-12-2014 00:13:50 System Checkpoint
13-12-2014 13:33:39 Installed Java 7 Update 71
14-12-2014 22:21:05 System Checkpoint
16-12-2014 00:54:32 System Checkpoint
18-12-2014 00:11:45 System Checkpoint
19-12-2014 14:34:02 System Checkpoint
20-12-2014 15:59:20 System Checkpoint
21-12-2014 16:50:32 System Checkpoint
22-12-2014 17:50:33 System Checkpoint
24-12-2014 00:12:56 System Checkpoint
25-12-2014 21:09:27 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2005-08-16 05:18 - 2014-12-25 16:06 - 00449979 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2005-08-16 05:18 - 2011-02-04 17:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 05:18 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 05:18 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 05:18 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-06-17 16:51 - 2014-04-22 13:39 - 00645592 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2014-12-10 00:00 - 2014-12-10 00:01 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2899139735-2965690088-2057177934-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2899139735-2965690088-2057177934-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2899139735-2965690088-2057177934-1004 - Limited - Disabled)
Mooie (S-1-5-21-2899139735-2965690088-2057177934-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mooie
SUPPORT_388945a0 (S-1-5-21-2899139735-2965690088-2057177934-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2014 01:10:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/07/2014 01:52:06 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (260) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (12/05/2014 02:34:48 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (364) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/27/2014 00:16:25 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_esx.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:20 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_ztx.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:18 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_zhx.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:16 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_trx.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:15 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_rux.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:13 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_msx.cab. Verify that the file exists and that you can access it.

Error: (11/27/2014 00:16:11 AM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\Documents and Settings\All Users\Application Data\AVG2014\SetupBackup\lng_kox.cab. Verify that the file exists and that you can access it.


System errors:
=============
Error: (12/27/2014 00:11:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/27/2014 00:01:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 11:59:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 11:59:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 11:56:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (12/26/2014 11:20:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 10:52:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 10:44:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/26/2014 10:44:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/25/2014 11:47:56 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.130 on the
Network Card with network address 001676E390E4.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 81%
Total physical RAM: 1021.84 MB
Available physical RAM: 187.92 MB
Total Pagefile: 2459.08 MB
Available Pagefile: 1710.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:228.13 GB) (Free:41.89 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=228.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

==================== End Of Log ============================

 

Link to post
Share on other sites

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

I seem to be running OK now.  I can access MBAM (have not tried a MBAM scan yet though) and my AVG tray icon came back so that I could update:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2014
Ran by Mooie at 2014-12-28 16:42:17 Run:1
Running from C:\Documents and Settings\Mooie\Desktop
Loaded Profile: Mooie (Available profiles: Mooie & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\Mooie\LOCALS~1\Temp\mbr.sys [X]
cmd: type C:\ComboFix.txt
2014-12-13 13:34 - 2014-12-13 13:34 - 00000000 _____ () C:\WINDOWS\system32\REN393.tmp
2014-12-13 13:34 - 2014-12-13 13:34 - 00000000 _____ () C:\WINDOWS\system32\REN392.tmp
emptytemp:
end
*****************

Processes closed successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.
mbr => Service not found.

=========  type C:\ComboFix.txt =========

ComboFix 14-12-25.01 - Mooie 28/12/2014   2:31.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.384 [GMT -5:00]
Running from: c:\documents and settings\Mooie\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-28 to 2014-12-28  )))))))))))))))))))))))))))))))
.
.
2014-12-28 07:13 . 2014-12-28 07:13    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2014-12-28 06:44 . 2014-12-28 07:13    114904    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 06:43 . 2014-12-28 06:43    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-12-28 06:43 . 2014-12-28 06:43    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2014-12-28 06:43 . 2014-11-21 11:23    54360    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 06:43 . 2014-11-21 11:23    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-12-27 05:36 . 2014-12-28 05:16    --------    d-----w-    C:\FRST
2014-12-27 04:38 . 2014-12-27 04:38    35064    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-12-27 04:38 . 2014-12-27 04:38    --------    d-----w-    c:\documents and settings\All Users\Application Data\RogueKiller
2014-12-27 04:12 . 2014-12-27 04:16    --------    d-----w-    C:\AdwCleaner
2014-12-13 18:35 . 2014-12-13 18:35    --------    d-----w-    c:\program files\Common Files\Java
2014-12-13 18:34 . 2014-09-26 23:16    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-12-13 18:34 . 2014-12-13 18:34    0    ----a-w-    c:\windows\system32\REN393.tmp
2014-12-13 18:34 . 2014-12-13 18:34    0    ----a-w-    c:\windows\system32\REN392.tmp
2014-12-13 18:34 . 2014-09-26 23:42    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-12-02 03:40 . 2014-12-04 04:35    --------    d-----w-    c:\documents and settings\Mooie\Application Data\avidemux
2014-12-02 03:39 . 2014-12-02 03:39    --------    d-----w-    c:\program files\Avidemux 2.6
2014-12-02 01:33 . 2014-12-02 01:33    --------    d-----w-    c:\program files\MediaInfo
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 18:22 . 2012-04-23 17:52    701616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-12-13 18:22 . 2011-05-18 13:31    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-18 19:56 . 2014-11-18 19:56    1202848    ----a-w-    c:\windows\system32\FM20.DLL
2014-10-30 02:35 . 2014-07-22 01:03    198936    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2014-10-10 19:13 . 2010-09-07 07:49    200984    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-10-06 01:42 . 2011-03-01 18:25    98584    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2014-04-23 533568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-10 3653136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\IoctlSvc.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioService.exe"=
"c:\\Program Files\\Serviio\\bin\\ServiioConsole.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgemcx.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 3:50 AM 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 3:46 AM 230680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 3:03 PM 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 3:06 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [21/07/2014 8:03 PM 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 PM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 5:41 AM 192792]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 2:49 AM 200984]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [09/04/2011 1:09 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [10/10/2013 5:54 PM 142648]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [09/11/2014 9:49 PM 298080]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [09/11/2014 9:57 PM 3488784]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [28/12/2014 1:44 AM 114904]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [26/05/2008 10:49 PM 47360]
S4 Blackberry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [18/01/2013 4:10 PM 577536]
S4 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [19/12/2012 11:04 AM 316416]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2012 7:41 AM 92632]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\TurboTax 2012\ic2012pp.dll
FF - ProfilePath - c:\documents and settings\Mooie\Application Data\Mozilla\Firefox\Profiles\k30go35g.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-12-28 02:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(344)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-12-28  02:43:50
ComboFix-quarantined-files.txt  2014-12-28 07:43
ComboFix2.txt  2014-12-27 05:24
ComboFix3.txt  2010-10-27 18:25
ComboFix4.txt  2010-09-03 01:50
.
Pre-Run: 44,520,198,144 bytes free
Post-Run: 44,502,122,496 bytes free
.
- - End Of File - - 06BB6658E8225E594A9067090B612F15
5CB90281D1A59B251F6603134774EEC3

========= End of CMD: =========

C:\WINDOWS\system32\REN393.tmp => Moved successfully.
C:\WINDOWS\system32\REN392.tmp => Moved successfully.
EmptyTemp: => Removed 518.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 16:45:21 ====

Link to post
Share on other sites

Hi,

 

 

Nice work. From the logs above (including the Combofix.log) it seems that your system is malware free.

Do you have any problems that need to be addressed?

 

In the meantime if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

  • Please run MBAM.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

STEP 2

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • For 64-bit Operating System - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 

6-scanfin-choose.jpg

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 4

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. smile.png

Let me know for any remaining issues.

 

 

Regards,

Georgi

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/01/2015
Scan Time: 3:59:34 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.01.05
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Mooie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382965
Time Elapsed: 1 hr, 21 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

HitmanPro 3.7.9.232www.hitmanpro.com   Computer name . . . . : COMPUTER   Windows . . . . . . . : 5.1.3.2600.X86/2   User name . . . . . . : COMPUTER\Mooie   License . . . . . . . : Free   Scan date . . . . . . : 2015-01-01 19:45:47   Scan mode . . . . . . : Normal   Scan duration . . . . : 8m 4s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 5   Objects scanned . . . : 1,274,106   Files scanned . . . . : 38,656   Remnants scanned  . . : 177,760 files / 1,057,690 keysSuspicious files ____________________________________________________________   C:\Documents and Settings\Mooie\Desktop\FRST.exe      Size . . . . . . . : 1,114,624 bytes      Age  . . . . . . . : 4.8 days (2014-12-27 23:35:02)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 40E7AC0080BA26FA8C8A968942E9B8036FE75A7C88E32EEE6973A1D09D2311FE      Needs elevation  . : Yes      Fuzzy  . . . . . . : 24.0         Program has no publisher information but prompts the user for permission elevation.         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         Time indicates that the file appeared recently on this computer.      References         HKU\S-1-5-21-2899139735-2965690088-2057177934-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Mooie\Desktop\FRST.exe   C:\WINDOWS\system32\RLSpeexDec.ax      Size . . . . . . . : 51,712 bytes      Age  . . . . . . . : 2622.8 days (2007-10-27 23:43:51)      Entropy  . . . . . : 7.8      SHA-256  . . . . . : D48D880F69E3AB720BBBFAD6BB4323933B2EC8A411EE827DCBC2FCEFADDB308E      Fuzzy  . . . . . . : 23.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The hidden file attribute bit is set. This is not common to most programs.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.   C:\WINDOWS\system32\Smab.dll      Size . . . . . . . : 394,240 bytes      Age  . . . . . . . : 2622.8 days (2007-10-27 23:44:04)      Entropy  . . . . . : 8.0      SHA-256  . . . . . : 6A8FB0E3D0C44A021E9137F4DBE8F500962CB63B8AC5C634FBDAD3DD9CC87CED      Fuzzy  . . . . . . : 26.0         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.         The Entry Point of this file lies in a resource section. This is an indication of malware infection.         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.         Authors name is missing in version info. This is not common to most programs.         Version control is missing. This file is probably created by an individual. This is not typical for most programs.         Program contains PE structure anomalies. This is not typical for most programs.         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.Cookies _____________________________________________________________________   C:\Documents and Settings\Mooie\Application Data\Mozilla\Firefox\Profiles\k30go35g.default\cookies.sqlite:adtechus.com
 
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.93  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus 2015   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date Spybot installed!
 WinPatrol
 MVPS Hosts File  
 Out of date HijackThis  installed!
 Spybot - Search & Destroy 1.5.2.20
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 SUPERAntiSpyware     
 HijackThis 1.99.1    
 Java 7 Update 71  
 Adobe Flash Player     16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Hi,

 

We need to remove the remnant found by Eset. There are no patched system files from Bamital so I don't see a reason to not remove it.

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply

 

Next please go ahead and uninstall the following programs from the Control Panel:

 

Spybot - Search & Destroy 1.5.2.20

HijackThis 1.99.1

 

 

Regards,

Georgi

 

 

Link to post
Share on other sites

Hi,

 

Now that we are at the end of our journey I have some final words for you. smile.png
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 - CLEANUP
 

 
To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

 

  • Please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

 

 

 
STEP 2 - SECURITY ADVICES


Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately including those for bank accounts, credit cards and home loans, PIN codes etc)! (just in case).

 

If you're storing passwords in the browser to access websites than they are non encrypted well. Only if you use Firefox with master password protection, this provide better security. You can add Secure Login to prevent Java and other exploits when log-in.

 

I strongly recommend to change as much passwords as possible. Many of the modern malware samples have backdoor abilities and can steal confidential information from the compromised computer. Also you should check for any suspicious transactions if such occur. If you find out that you have been victim to fraud contact your bank or the appropriate institution for assistance.
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use Password Generator - Norton Identity Safe to create random passwords and then install an application like KeePass Password Safe to store them for easy access. If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft
 

 

 

Keep your antivirus software turned on and up-to-date

 

  • Install an antivirus program of your choice and make sure that you keep it updated
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  • Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Note: You should scan your computer with an antimalware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.
  • Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

 

 

Be prepared for CryptoLocker and similar threats:
 

 

The ascension of Crypto-Ransomware and what you need to know to protect yourself

 

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the link above) to secure the PC against these lockers. Keep in mind that if you choose high protection level in CryptoPrevent then you can encounter some problems with the installed applications. You may need to lower the protection level if you encounter such problems or to add the entries to the whitelist:

 

mtBkCIZ.jpg

 

I would not recommend you to use the latest option which is still in BETA. Many programs will not work when the latest setting is activated...

 

Also you may need to disable the protection sometimes before you can install new software or apply updates and when you are done then you need to re-apply the protection. It can be very annoying, but still better than lost all of the documents because of Cryptolocker and his variants.

 

I usually recommend to users to install HIPS based software but this type software is only effective in the right hands since it require from the users to take the right decisions.
 
HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO Firewall) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)
 
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application (AVG). Also note that if you have an antivirus installed then you should install Comodo Firewall (and not Comodo Internet Security to avoid conflicts).

It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
More information about HIPS can be found here: What is Host Intrusion Prevention System (HIPS) and how does it work?

 

Comodo Firewall/Internet Security can protect the data if you add all local disks to Protected Files and Folders.

 

Panda have an option (similar to this offered by Comodo) called Data Shield which can help you to protect your data against ransomware.

What is the Data Shield protection of Panda 2015?. but if you choose to stick to Panda then you should uninstall AVG first.

 

However using such programs on business computers can be very difficult since the users will receive a lot of pop-ups with questions and probably will be impossible for them to work in a efficient way...

 

Whatever you choose it's a good idea to have Sandboxie installed and to run your browser inside a sandbox. It's not recommended to run other applications inside a sandbox since the programs may not work well there when run in a sandbox and also all changes made during the session will be lost...

 

You may want to check Malwarebytes Anti-Exploit and add install it to be safe when surfing the net. It work with the most popular browsers and it is very effective. See the article here.

 

HitmanPro.Alert.CryptoGuard provides similar protection but it failed in the latest test here. However the tool is still under development and will be improved a lot in the future so you can keep an eye on it and its progress.

 

Note: However keep in mind that HitmanPro.Alert is not fully compatible with Malwarebytes' Anti-Exploit and you should choose only one between both of them.

 

EMET is another great tool which should lock the computer against exploits but it can be too confusing to use for home users. However you can take a look at it if you want.
 

Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.

If these kind of programs are difficult for you to use then you can use a standard user account with UAC and Smart Screen enabled (only for Windows 8 and above). If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

 

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr, .cmd or .vbs do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
  • You may want to install unchecky to prevent adware bundled into many free programs to install.

 

 

Tweak your browsers
 

MOZILLA FIREFOX

 

To prevent further infections be sure to install the following add-ons AdBlock Plus
 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.
 
Do not add to many filters subscriptions because it will slow down your browser startup time.
 
erfxUim.jpg

 

 

You can take a look at NoScript as well but NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

You can download it from here
You can find the optimal settings here
A tutorial on how to use it can be found here

 

 

Ad-Muncher is now free so you can give it a try as well.

 

 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access


 
For Internet Explorer 9/10/11 read the articles below:


Security and privacy features in Internet Explorer 9
Enhanced Protected Mode
Use Tracking Protection in Internet Explorer
Security in Internet Explorer 10

 

 

Immunize your browsers with SpywareBlaster 5 and MVPS HOSTS.

Also you can change your DNS settings 8.26.56.26 and 8.20.247.20 to use Comodo Secure DNS for free (to prevent phishing attacks). Sometime the DNS may be overloaded by the traffic coming from other networks and then you can lose your internet connection. In that case you can switch back to your ISP DNS again or to other service like OpenDNS

 

 

 

Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as image.jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.


 
Disable Autorun and Windows Scripting Host:
 
 
It's a good idea to disable the Autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.

 

If you don't use any script files then you can go ahead and disable Windows Scripting Host using the tool provided by Symantec - NoScript.exe. Simple download and run it and click on the Disable button and reboot the computer. If you need to run any js. or vbs scripts at a later stage you should run NoScript again and select Enable, then reboot the computer.
 

 

 
Create an image of your system (you can use the built-in Windows software as well if you prefer)

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorial on how to create an system image can be found here.
  • The tutorial on how to restore an system image can be found here.
  • Be sure to read the tutorial first.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

 

Safe Surfing ! smile.png

 

Regards,

Georgi

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.