Jump to content

Prevented by Software Restriction Policy - No Access to Safe Mode


Recommended Posts

Earlier this month I logged into my computer to see that my Avira Virus Detection Scan was frozen with a bunch of virus's found.  I quarentined them, but when I went to do a cold boot, I can nolonger go into safe mode by hitting F8, as the up and down arrows nolonger respond.  If I try to do a system restore, it says: ' Prevented by software restriction policy.  Over the years I've been pretty proud of the fact that I could get rid of just about any virus or malware, but this one got me good.  I'm running Windows XP.  I also can't get access to:

SuperAntiSpyware

Avira Control Center, even though I see Avira working in the task bar, I can nolonger do updates nor do I see it in the bottom bar anymore.  I was able to run Microsoft's Online Scanner, and nothing comes up.  Malwarebytes can also be run, but detects nothing. Any help would be much appreciated. From StuckInMn.

 

Here are my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Dell (administrator) on DELL-771604A950 on 07-02-2015 22:36:44
Running from C:\Documents and Settings\Dell\Desktop
Loaded Profiles: Dell (Available profiles: Dell & Dan & Terry & Henley & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [835584 2011-08-22] (Sphinx Software)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-651377827-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-527237240-651377827-725345543-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-03-25] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\zd95o6i8.default-1372227706453
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Dell\Local Settings\Application Data\619f9d14-f85f-4804-8a4d-53998cad567f.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-11-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-07] (Avira Operations GmbH & Co. KG)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-11] (Mozilla Foundation) [File not signed]
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [397312 2011-08-22] (Sphinx Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [83392 2012-09-07] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137928 2012-09-07] (Avira GmbH)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [36000 2012-09-07] (Avira GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 P0630VID; C:\WINDOWS\System32\DRIVERS\P0630Vid.sys [91830 2004-07-30] (Creative Technology Ltd.)
S3 P1120VID; C:\WINDOWS\System32\DRIVERS\P1120Vid.sys [1252474 2004-01-12] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-03-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-03-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
R1 Windows7FirewallControl; C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.sys [19072 2011-08-17] () [File not signed]
S3 CamDrL; system32\DRIVERS\Camdrl.sys [X]
S3 catchme; \??\C:\DOCUME~1\Dell\LOCALS~1\Temp\catchme.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:36 - 2015-02-07 22:37 - 00009792 _____ () C:\Documents and Settings\Dell\Desktop\FRST.txt
2015-02-07 22:36 - 2015-02-07 22:36 - 00000000 ____D () C:\FRST
2015-02-07 22:35 - 2015-02-07 22:35 - 01124352 _____ (Farbar) C:\Documents and Settings\Dell\Desktop\FRST.exe
2015-02-06 20:30 - 2015-02-06 20:30 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-06 20:30 - 2015-02-06 20:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-06 00:53 - 2015-02-06 16:57 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-20 20:44 - 2015-01-20 20:44 - 00002215 _____ () C:\Documents and Settings\Dell\My Documents\DCHV_Positions.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 22:37 - 2010-06-29 15:10 - 00000000 ____D () C:\Documents and Settings\Dell\Local Settings\temp
2015-02-07 22:22 - 2004-08-04 04:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-07 22:21 - 2014-11-08 21:13 - 00000178 ___SH () C:\Documents and Settings\Terry\ntuser.ini
2015-02-07 22:21 - 2014-11-08 21:13 - 00000000 ____D () C:\Documents and Settings\Terry
2015-02-07 22:20 - 2014-11-08 21:13 - 00000000 ____D () C:\Documents and Settings\Terry\Local Settings\temp
2015-02-07 22:18 - 2013-11-16 23:55 - 01274436 ____N () C:\WINDOWS\WindowsUpdate.log
2015-02-07 22:17 - 2013-11-16 23:56 - 00000157 ____N () C:\WINDOWS\wiadebug.log
2015-02-07 22:17 - 2013-11-16 23:56 - 00000048 ____N () C:\WINDOWS\wiaservc.log
2015-02-07 22:17 - 2008-08-29 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-07 22:14 - 2013-11-16 23:56 - 00015080 ____N () C:\WINDOWS\SchedLgU.Txt
2015-02-07 22:14 - 2009-02-28 12:06 - 00001220 _____ () C:\sti.log
2015-02-07 22:14 - 2008-08-29 04:33 - 00000000 ____D () C:\WINDOWS\security
2015-02-07 02:51 - 2008-08-29 10:42 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-06 23:06 - 2008-08-29 10:54 - 00000178 ___SH () C:\Documents and Settings\Dell\ntuser.ini
2015-02-06 23:06 - 2008-08-29 10:54 - 00000000 ____D () C:\Documents and Settings\Dell
2015-02-06 21:24 - 2010-06-29 13:42 - 00001456 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-06 16:25 - 2014-04-12 17:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-05 22:31 - 2010-06-29 13:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-05 20:08 - 2014-04-12 16:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-05 19:19 - 2011-02-14 01:09 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-30 00:34 - 2009-02-14 09:16 - 00210944 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-12 09:42 - 2009-07-22 18:45 - 00000000 ____D () C:\Documents and Settings\Dell\My Documents\My Received Files

==================== Files in the root of some directories =======

2013-05-14 23:39 - 2013-05-14 23:39 - 0162776 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\375ba950-a762-4904-b4aa-6921cbd41006
2009-02-14 09:16 - 2015-01-30 00:34 - 0210944 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\Dell\settings.dat


Some content of TEMP:
====================
C:\Documents and Settings\Dan\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Dell\Local Settings\temp\dllnt_dump.dll
C:\Documents and Settings\Henley\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Terry\Local Settings\temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Dell at 2015-02-07 22:38:54
Running from C:\Documents and Settings\Dell\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Advanced Video FX Utility (HKLM\...\Advanced Video FX Utility) (Version:  - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 12.1.9.2500 - Avira)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Creative WebCam Center (HKLM\...\Creative WebCam Center) (Version:  - )
Creative WebCam Live! Driver (1.01.01.0730) (HKLM\...\Creative PD0630) (Version:  - )
Creative WebCam NX Ultra Driver (1.01.03.0112) (HKLM\...\Creative PD1120) (Version:  - )
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
HTML Calendar Maker Pro (HKLM\...\HTML Calendar Maker Pro) (Version: 3.8.4 - Creative Computer Solutions)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.95.0000 - innoheim)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MGI PhotoSuite 4 (Remove Only) (HKLM\...\MGI_PRISM_V4_0) (Version:  - MGI Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 2.4 (HKLM\...\{2CD2C0DB-81C3-416B-9FA6-589B9235359B}) (Version: 2.4.9310 - OpenOffice.org)
Paltalk Messenger  11.4 (HKLM\...\Paltalk Messenger) (Version: 11.4.562.15996 - AVM Software Inc.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.39.1002 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Web Album Generator 1.8.2 (HKLM\...\Web Album Generator_is1) (Version:  - ornj.net)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windows7FirewallControl Free XP Edition (32/64) 4.1.21.93 (HKLM\...\Windows7FirewallControl_is1) (Version: 4.1.21.93 - Sphinx Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-01-2015 20:01:14 System Checkpoint
13-01-2015 21:01:27 System Checkpoint
15-01-2015 00:13:59 System Checkpoint
16-01-2015 02:15:42 System Checkpoint
17-01-2015 03:01:40 System Checkpoint
18-01-2015 04:01:22 System Checkpoint
19-01-2015 05:00:58 System Checkpoint
20-01-2015 06:01:14 System Checkpoint
21-01-2015 07:01:07 System Checkpoint
22-01-2015 08:01:18 System Checkpoint
23-01-2015 09:00:58 System Checkpoint
24-01-2015 10:01:17 System Checkpoint
25-01-2015 11:01:17 System Checkpoint
26-01-2015 12:00:55 System Checkpoint
27-01-2015 13:01:17 System Checkpoint
28-01-2015 14:00:58 System Checkpoint
29-01-2015 15:01:15 System Checkpoint
30-01-2015 16:00:58 System Checkpoint
31-01-2015 17:01:17 System Checkpoint
01-02-2015 18:01:18 System Checkpoint
02-02-2015 19:01:05 System Checkpoint
03-02-2015 20:01:09 System Checkpoint
04-02-2015 21:00:58 System Checkpoint
06-02-2015 00:38:16 System Checkpoint
07-02-2015 00:39:55 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2010-06-29 15:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2013-10-30 19:51 - 2012-09-07 19:26 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-05-15 15:57 - 2014-05-15 15:57 - 00042064 _____ () C:\Program Files\Paltalk Messenger\ctrlkey.dll
2014-06-05 21:39 - 2014-02-20 16:11 - 38713856 _____ () C:\Program Files\Paltalk Messenger\libcef.dll
2014-07-27 19:26 - 2014-06-24 09:58 - 02219520 _____ () C:\Program Files\Paltalk Messenger\Images.dll
2014-07-27 19:26 - 2014-06-24 09:59 - 00088576 _____ () C:\Program Files\Paltalk Messenger\sirenproj.dll
2004-08-04 04:00 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 04:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-05-11 22:02 - 2014-03-15 02:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-527237240-651377827-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Dell^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Dell^Start Menu^Programs^Startup^PalTalk.lnk => C:\WINDOWS\pss\PalTalk.lnkStartup
MSCONFIG\startupreg: Creative WebCam Tray => "C:\Program Files\Creative\Shared Files\CamTray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe

==================== Accounts: =============================

Administrator (S-1-5-21-527237240-651377827-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Dan (S-1-5-21-527237240-651377827-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dan
Dell (S-1-5-21-527237240-651377827-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dell
Guest (S-1-5-21-527237240-651377827-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-527237240-651377827-725345543-1000 - Limited - Disabled)
Henley (S-1-5-21-527237240-651377827-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Henley
SUPPORT_388945a0 (S-1-5-21-527237240-651377827-725345543-1002 - Limited - Disabled)
Terry (S-1-5-21-527237240-651377827-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Terry

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 04:41:00 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/06/2015 04:26:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam2.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2015 05:32:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam2.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam2.exe!ws!]

Error: (02/05/2015 09:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam2.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 06:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avscan.exe, version 12.3.0.48, faulting module avscan.exe, version 12.3.0.48, fault address 0x0001225e.
Processing media-specific event for [avscan.exe!ws!]

Error: (01/25/2015 02:24:36 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (01/25/2015 00:11:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2015 00:11:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/24/2015 11:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application paltalk.exe, version 11.4.564.16149, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/24/2015 11:16:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application paltalk.exe, version 11.4.564.16149, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/06/2015 04:41:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/06/2015 04:41:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/06/2015 04:41:00 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ System Application service, but this action failed with the following error:
%%1056

Error: (02/06/2015 04:40:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/06/2015 05:26:54 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000243{35117ec6- .. d450c}.exeHarddiskVolume1

Error: (02/05/2015 06:09:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 20 time(s).

Error: (02/05/2015 06:09:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/05/2015 06:09:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/05/2015 06:09:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/05/2015 06:08:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MS Software Shadow Copy Provider service terminated unexpectedly.  It has done this 19 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 49%
Total physical RAM: 1021.99 MB
Available physical RAM: 519.26 MB
Total Pagefile: 1309.36 MB
Available Pagefile: 687.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:18.62 GB) (Free:0.68 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 18.6 GB) (Disk ID: 48D7EA17)
Partition 1: (Active) - (Size=18.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 



 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"



 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Ok, I ran the Malwarebytes Anti-Rootkit and once it starts to install, I get the Blue Screen Of Death. " A problem has been detected and Windows has been shut down. A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine.

Stop: Ox000000F7 Mbamcharmeleon.sys.

 

Tried twice and the above happened both time after reboot.

 

Scan with Farbar Recovery Scan Tool did better and I was able to get both log files.  Here they are below:

 

Thanks for trying to help me on this one :)

StuckInMn.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Dell (administrator) on DELL-771604A950 on 16-02-2015 21:59:38
Running from C:\Documents and Settings\Dell\Desktop
Loaded Profiles: Dell & Dan & Terry & Henley & Administrator (Available profiles: Dell & Dan & Terry & Henley & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sphinx Software) C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
(AVM Software Inc.) C:\Program Files\Paltalk Messenger\paltalk.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [Windows7FirewallControl] => C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe [835584 2011-08-22] (Sphinx Software)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [348664 2012-09-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Program Files\SUPERAntiSpyware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-527237240-651377827-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-527237240-651377827-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-527237240-651377827-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [s-1-5-21-527237240-651377827-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-527237240-651377827-725345543-1003 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-03-25] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dell\Application Data\Mozilla\Firefox\Profiles\zd95o6i8.default-1372227706453
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cdjbnddbclciabnckgeahmneohjlahdm] - C:\Documents and Settings\Dell\Local Settings\Application Data\619f9d14-f85f-4804-8a4d-53998cad567f.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-11-11] (SUPERAntiSpyware.com) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86224 2012-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110032 2012-09-07] (Avira Operations GmbH & Co. KG)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33176 2009-03-03] (NOS Microsystems Ltd.)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-11] (Mozilla Foundation) [File not signed]
R2 Windows7FirewallService; C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [397312 2011-08-22] (Sphinx Software) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [83392 2012-09-07] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [137928 2012-09-07] (Avira GmbH)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [36000 2012-09-07] (Avira GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 P0630VID; C:\WINDOWS\System32\DRIVERS\P0630Vid.sys [91830 2004-07-30] (Creative Technology Ltd.)
S3 P1120VID; C:\WINDOWS\System32\DRIVERS\P1120Vid.sys [1252474 2004-01-12] (Creative Technology Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-03-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-03-25] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
R1 Windows7FirewallControl; C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.sys [19072 2011-08-17] () [File not signed]
S3 CamDrL; system32\DRIVERS\Camdrl.sys [X]
S3 catchme; \??\C:\DOCUME~1\Dell\LOCALS~1\Temp\catchme.sys [X]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 21:59 - 2015-02-16 22:05 - 00010035 _____ () C:\Documents and Settings\Dell\Desktop\FRST.txt
2015-02-16 21:58 - 2015-02-16 21:58 - 00000000 ____D () C:\Documents and Settings\Dell\Desktop\FRST-OlderVersion
2015-02-15 00:59 - 2015-02-15 01:39 - 24456192 _____ () C:\Documents and Settings\Dell\Desktop\alicia_lovely.avi
2015-02-15 00:03 - 2015-02-15 00:14 - 19283456 _____ () C:\Documents and Settings\Dell\Desktop\Violet_Heart.avi
2015-02-09 01:08 - 2015-02-09 01:08 - 00000403 _____ () C:\WINDOWS\wmsetup.log
2015-02-07 22:36 - 2015-02-16 21:59 - 00000000 ____D () C:\FRST
2015-02-07 22:35 - 2015-02-16 21:58 - 01125888 _____ (Farbar) C:\Documents and Settings\Dell\Desktop\FRST.exe
2015-02-06 20:30 - 2015-02-06 20:30 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-06 20:30 - 2015-02-06 20:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2015-02-06 00:53 - 2015-02-06 16:57 - 00000000 ____D () C:\WINDOWS\system32\MpEngineStore
2015-01-20 20:44 - 2015-01-20 20:44 - 00002215 _____ () C:\Documents and Settings\Dell\My Documents\DCHV_Positions.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 22:05 - 2010-06-29 15:10 - 00000000 ____D () C:\Documents and Settings\Dell\Local Settings\temp
2015-02-16 21:44 - 2008-08-29 10:54 - 00000000 ____D () C:\Documents and Settings\Dell
2015-02-16 19:55 - 2004-08-04 04:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-15 02:46 - 2008-08-29 10:54 - 00000178 ___SH () C:\Documents and Settings\Dell\ntuser.ini
2015-02-14 23:21 - 2013-11-16 23:55 - 01283665 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 23:20 - 2013-11-16 23:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-14 23:20 - 2013-11-16 23:56 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-14 23:20 - 2008-08-29 10:51 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 23:19 - 2013-11-16 23:56 - 00015322 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-14 23:04 - 2008-08-29 10:42 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-08 11:24 - 2014-04-12 17:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 22:21 - 2014-11-08 21:13 - 00000178 ___SH () C:\Documents and Settings\Terry\ntuser.ini
2015-02-07 22:21 - 2014-11-08 21:13 - 00000000 ____D () C:\Documents and Settings\Terry
2015-02-07 22:20 - 2014-11-08 21:13 - 00000000 ____D () C:\Documents and Settings\Terry\Local Settings\temp
2015-02-07 22:14 - 2009-02-28 12:06 - 00001220 _____ () C:\sti.log
2015-02-07 22:14 - 2008-08-29 04:33 - 00000000 ____D () C:\WINDOWS\security
2015-02-06 21:24 - 2010-06-29 13:42 - 00001456 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-02-05 22:31 - 2010-06-29 13:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-05 20:08 - 2014-04-12 16:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-05 19:19 - 2011-02-14 01:09 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-01-30 00:34 - 2009-02-14 09:16 - 00210944 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2013-05-14 23:39 - 2013-05-14 23:39 - 0162776 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\375ba950-a762-4904-b4aa-6921cbd41006
2009-02-14 09:16 - 2015-01-30 00:34 - 0210944 _____ () C:\Documents and Settings\Dell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Documents and Settings\Dell\settings.dat


Some content of TEMP:
====================
C:\Documents and Settings\Dan\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Henley\Local Settings\temp\AskSLib.dll
C:\Documents and Settings\Terry\Local Settings\temp\AskSLib.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015
Ran by Dell at 2015-02-16 22:06:40
Running from C:\Documents and Settings\Dell\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Advanced Video FX Utility (HKLM\...\Advanced Video FX Utility) (Version:  - )
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 12.1.9.2500 - Avira)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Creative WebCam Center (HKLM\...\Creative WebCam Center) (Version:  - )
Creative WebCam Live! Driver (1.01.01.0730) (HKLM\...\Creative PD0630) (Version:  - )
Creative WebCam NX Ultra Driver (1.01.03.0112) (HKLM\...\Creative PD1120) (Version:  - )
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.35 - NOS Microsystems Ltd.)
HTML Calendar Maker Pro (HKLM\...\HTML Calendar Maker Pro) (Version: 3.8.4 - Creative Computer Solutions)
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
liteCAM (HKLM\...\{BC8373FC-142C-40B9-AB2A-DA984391A9BD}) (Version: 2.95.0000 - innoheim)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MGI PhotoSuite 4 (Remove Only) (HKLM\...\MGI_PRISM_V4_0) (Version:  - MGI Software Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 2.4 (HKLM\...\{2CD2C0DB-81C3-416B-9FA6-589B9235359B}) (Version: 2.4.9310 - OpenOffice.org)
Paltalk Messenger  11.4 (HKLM\...\Paltalk Messenger) (Version: 11.4.562.15996 - AVM Software Inc.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.39.1002 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Web Album Generator 1.8.2 (HKLM\...\Web Album Generator_is1) (Version:  - ornj.net)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windows7FirewallControl Free XP Edition (32/64) 4.1.21.93 (HKLM\...\Windows7FirewallControl_is1) (Version: 4.1.21.93 - Sphinx Software)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-01-2015 10:01:17 System Checkpoint
25-01-2015 11:01:17 System Checkpoint
26-01-2015 12:00:55 System Checkpoint
27-01-2015 13:01:17 System Checkpoint
28-01-2015 14:00:58 System Checkpoint
29-01-2015 15:01:15 System Checkpoint
30-01-2015 16:00:58 System Checkpoint
31-01-2015 17:01:17 System Checkpoint
01-02-2015 18:01:18 System Checkpoint
02-02-2015 19:01:05 System Checkpoint
03-02-2015 20:01:09 System Checkpoint
04-02-2015 21:00:58 System Checkpoint
06-02-2015 00:38:16 System Checkpoint
07-02-2015 00:39:55 System Checkpoint
08-02-2015 01:22:11 System Checkpoint
09-02-2015 01:31:11 System Checkpoint
10-02-2015 02:21:48 System Checkpoint
11-02-2015 03:21:13 System Checkpoint
12-02-2015 04:21:29 System Checkpoint
13-02-2015 05:21:03 System Checkpoint
14-02-2015 06:21:06 System Checkpoint
15-02-2015 06:24:18 System Checkpoint
16-02-2015 07:24:14 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 04:00 - 2010-06-29 15:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) ==============

2013-10-30 19:51 - 2012-09-07 19:26 - 00398288 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-05-15 15:57 - 2014-05-15 15:57 - 00042064 _____ () C:\Program Files\Paltalk Messenger\ctrlkey.dll
2010-09-19 19:34 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-06-05 21:39 - 2014-02-20 16:11 - 38713856 _____ () C:\Program Files\Paltalk Messenger\libcef.dll
2014-07-27 19:26 - 2014-06-24 09:58 - 02219520 _____ () C:\Program Files\Paltalk Messenger\Images.dll
2014-07-27 19:26 - 2014-06-24 09:59 - 00088576 _____ () C:\Program Files\Paltalk Messenger\sirenproj.dll
2004-08-04 04:00 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 04:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-05-11 22:02 - 2014-03-15 02:40 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-527237240-651377827-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-527237240-651377827-725345543-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-527237240-651377827-725345543-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-527237240-651377827-725345543-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-527237240-651377827-725345543-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.254.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^Dell^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Dell^Start Menu^Programs^Startup^PalTalk.lnk => C:\WINDOWS\pss\PalTalk.lnkStartup
MSCONFIG\startupreg: Creative WebCam Tray => "C:\Program Files\Creative\Shared Files\CamTray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe

==================== Accounts: =============================

Administrator (S-1-5-21-527237240-651377827-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Dan (S-1-5-21-527237240-651377827-725345543-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dan
Dell (S-1-5-21-527237240-651377827-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dell
Guest (S-1-5-21-527237240-651377827-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-527237240-651377827-725345543-1000 - Limited - Disabled)
Henley (S-1-5-21-527237240-651377827-725345543-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Henley
SUPPORT_388945a0 (S-1-5-21-527237240-651377827-725345543-1002 - Limited - Disabled)
Terry (S-1-5-21-527237240-651377827-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Terry

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2015 04:12:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam2.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2015 04:41:00 PM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d01b)

Error: (02/06/2015 04:26:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam2.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2015 05:32:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam2.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam2.exe!ws!]

Error: (02/05/2015 09:41:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam2.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 06:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avscan.exe, version 12.3.0.48, faulting module avscan.exe, version 12.3.0.48, fault address 0x0001225e.
Processing media-specific event for [avscan.exe!ws!]

Error: (01/25/2015 02:24:36 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (01/25/2015 00:11:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2015 00:11:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/24/2015 11:59:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application paltalk.exe, version 11.4.564.16149, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/14/2015 11:20:32 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AEA88D59-39DD-44CC-ADDB-B36F2A9107EA} because another computer on the network has the same name.  The server could not start.

Error: (02/14/2015 11:20:32 PM) (Source: 0) (EventID: 4321) (User: )
Description: DELL-771604A950:20192.168.254.2192.168.254.6

Error: (02/14/2015 11:20:31 PM) (Source: 0) (EventID: 4321) (User: )
Description: DELL-771604A950:0192.168.254.2192.168.254.6

Error: (02/14/2015 11:04:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/14/2015 11:04:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (02/14/2015 11:04:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (02/14/2015 11:04:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MS Software Shadow Copy Provider service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/14/2015 11:04:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/12/2015 10:05:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/12/2015 10:05:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.00GHz
Percentage of memory in use: 63%
Total physical RAM: 1021.99 MB
Available physical RAM: 372.78 MB
Total Pagefile: 1309.36 MB
Available Pagefile: 549.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:18.62 GB) (Free:0.71 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 18.6 GB) (Disk ID: 48D7EA17)
Partition 1: (Active) - (Size=18.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:

 

fixlist.txt
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 


 
51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

Sorry for the delay.

 

Avira Antivirus is now working in the bottom toolbar, but I've had to reinstall a few programs because when I click some of the screen icons, nothing happens.  I see the hard drive light come on briefly, but the programs weren't starting.  So I just did a reinstall of them.  Everything seems to be working now except the F8 on Boot Up.  I can get to the Safe Mode working screen, but the up down arrows no longer function.  The cursor just sits on the Start Up Normal function.  If I hit the Enter Key, Windows Starts Up Normally but I can select nothing else.

 

I can no longer use the up down arrows after hitting F8 and be at the Safe Mode working screen.  I can do a create restore point, and I can do a restore backwards to a certain time and date once I'm booted up and in Windows under programs and tools, but I can't get move the cursor in the Safe Mode screen.

 

Any idea's?

 

Thanks.

Link to post
Share on other sites

Ok, tried SafeBootRepair, no luck fixing the issue with the cursor stuck and not moving after hitting F8 repeatedly.  However, I Did Find The Problem And The Fix.

 

The computer I'm running has an old Purple Plug Connector on the back of the computer for a keyboard, and I had been using a USB Keyboard instead which would not move the up down arrows in safe mode.  I found an older keyboard (Not USB), with the purple plug, rebooted, hit F8 and the Arrows Now Work in safe mode :)

 

All looks good and everything now seems to be working correctly.  Thank you so much for your help and I will be contributing.

 

StuckInMn - No longer Stuck :)

Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.