Jump to content

Computer Slow, and Chrome not opening


Recommended Posts

Here is the FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Administrator (administrator) on KERRY-ED393E95E on 01-07-2015 10:51:01
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator &  (Available Profiles: Kerry Strand & Joe Verdugo & Administrator & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Act.Outlook.Service] => C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe [9728 2007-03-28] (Sage Software SB, Inc)
HKLM\...\Run: [Auto EPSON Stylus C88 Series on ACCENT-0EABD1A5] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [15969280 2006-02-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [info Center] => C:\Program Files\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM\...\Run: [PC MaticRT] => C:\Program Files\PCPitstop\Super Shield\PCMaticRT.exe [2143552 2015-06-24] (PC Pitstop LLC)
HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON WorkForce 500 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEQA.EXE /FU "C:\DOCUME~1\JOEVER~1\LOCALS~1\Temp\E_S31.tmp" /EF "HKCU"
HKU\S-1-5-21-1614895754-682003330-725345543-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1614895754-682003330-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartCapture.lnk [2012-09-14]
ShortcutTarget: SmartCapture.lnk -> C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.9.2\slpcap.exe (Seiko Instruments USA Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-05-19] (Google)
CHR HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-682003330-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1614895754-682003330-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [s-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1614895754-682003330-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1614895754-682003330-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [s-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  No File
URLSearchHook: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
URLSearchHook: [s-1-5-21-1614895754-682003330-725345543-500] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [s-1-5-21-1614895754-682003330-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [s-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -  No File
URLSearchHook: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  No File
SearchScopes: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F4DF580-CB5E-4073-9406-81E85105C441}&mid=bf49e577a8c43e01d40c7190bc082c1f-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=sa&d=2012-09-2713:05:54&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F4DF580-CB5E-4073-9406-81E85105C441}&mid=bf49e577a8c43e01d40c7190bc082c1f-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=sa&d=2012-09-2713:05:54&v=15.5.0.2&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F4DF580-CB5E-4073-9406-81E85105C441}&mid=bf49e577a8c43e01d40c7190bc082c1f-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=sa&d=2012-09-2713:05:54&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={2F4DF580-CB5E-4073-9406-81E85105C441}&mid=bf49e577a8c43e01d40c7190bc082c1f-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=sa&d=2012-09-2713:05:54&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-04] (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2E37EBE9-8F6F-4C87-8E40-C187345FE7DC}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A5675947-6D65-43F4-A889-B8666C8BC38E}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-29] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Documents and Settings\Guest\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-23]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-23]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-23]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-23]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-23]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2015-04-22] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S2 PCPitstop Realtime; C:\Program Files\PCPitstop\Super Shield\PCPitstopRTService.exe [671040 2015-06-24] (PC Pitstop LLC)
S2 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [198456 2015-06-05] (PC Pitstop LLC)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 helpsvc; %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-11] (AVG Technologies)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-01] (Malwarebytes Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [22064 2014-04-15] (GFI Software)
S2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [66344 2014-04-15] (GFI Software)
S3 WinDriver6; C:\WINDOWS\System32\drivers\windrvr9.sys [193304 2007-11-22] (Jungo)
S3 catchme; \??\C:\DOCUME~1\KERRYS~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 TED200M5; System32\Drivers\TED200M5.sys [X]
S3 TED200S5; System32\Drivers\TED200S5.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 10:51 - 2015-07-01 10:55 - 00021272 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-07-01 10:44 - 2015-07-01 10:51 - 00000000 ____D C:\FRST
2015-07-01 10:42 - 2015-07-01 10:42 - 01636352 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-07-01 08:22 - 2015-07-01 08:22 - 00001675 _____ C:\Documents and Settings\Kerry Strand\Desktop\PC Matic.lnk
2015-06-29 14:12 - 2015-06-29 14:13 - 00000000 ____D C:\Program Files\GUM19F.tmp
2015-06-29 14:12 - 2015-06-29 14:12 - 48199680 _____ C:\Program Files\GUT1A0.tmp
2015-06-29 12:43 - 2015-07-01 09:57 - 00153164 _____ C:\WINDOWS\setupapi.log
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-01 10:58 - 2011-03-15 16:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-07-01 10:07 - 2014-04-25 08:03 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 10:02 - 2006-02-28 05:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-01 10:00 - 2010-03-15 15:12 - 00000000 __SHD C:\WINDOWS\CSC
2015-07-01 09:57 - 2015-01-23 19:56 - 01623411 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 09:57 - 2011-01-21 11:29 - 00000434 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{1AC735C8-1215-4190-BA38-8A1E7B9CBB87}.job
2015-07-01 09:57 - 2009-06-12 11:49 - 00000436 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{8829E2B3-23DF-4E5D-A55C-99DD33BBF694}.job
2015-07-01 09:55 - 2011-01-21 11:54 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBB3E077-CB69-4DFC-A847-C9718FBF03FC}.job
2015-07-01 09:54 - 2009-09-17 10:30 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{39EC67C9-61A1-41CB-8529-8325600062A0}.job
2015-07-01 09:51 - 2011-03-15 16:19 - 00000000 ____D C:\Documents and Settings\Kerry Strand\Local Settings\temp
2015-07-01 09:35 - 2007-05-16 09:51 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-07-01 09:30 - 2015-01-23 19:57 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-01 09:26 - 2015-01-23 19:57 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-01 09:26 - 2015-01-23 19:57 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-01 09:26 - 2014-03-13 08:05 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-01 09:26 - 2013-05-31 10:47 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-07-01 09:25 - 2007-04-14 10:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 09:20 - 2007-04-14 10:38 - 00000278 ___SH C:\Documents and Settings\Kerry Strand\ntuser.ini
2015-07-01 08:53 - 2015-01-23 18:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstopDat
2015-07-01 08:48 - 2015-01-23 18:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCPitstop
2015-07-01 08:45 - 2011-03-15 16:19 - 00000000 ____D C:\Documents and Settings\Guest\Local Settings\temp
2015-07-01 08:23 - 2012-06-22 12:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-01 08:22 - 2015-01-23 18:26 - 00000000 ____D C:\Program Files\PCPitstop
2015-06-29 13:38 - 2012-06-22 12:45 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-29 13:38 - 2011-05-18 08:03 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-29 11:25 - 2007-07-11 17:24 - 00000000 ____D C:\Documents and Settings\Guest
2015-06-29 11:24 - 2010-03-15 15:17 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-29 11:24 - 2007-05-16 10:38 - 00000000 ____D C:\Documents and Settings\Joe Verdugo
2015-06-29 11:24 - 2007-04-14 10:38 - 00000000 ____D C:\Documents and Settings\Kerry Strand
2015-06-29 11:24 - 2007-04-14 10:35 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-06-29 11:24 - 2007-04-14 10:31 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-06-29 11:22 - 2007-04-14 10:25 - 00000000 ____D C:\WINDOWS\Registration
2015-06-29 11:06 - 2010-03-15 15:17 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-23 08:01 - 2014-09-24 12:35 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-22 10:09 - 2013-02-01 17:06 - 00000467 _____ C:\WINDOWS\BRWMARK.INI
2015-06-20 19:47 - 2010-02-09 09:48 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-06-10 17:03 - 2013-08-14 17:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 16:53 - 2010-04-26 10:49 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 15:00 - 2014-03-13 08:05 - 00000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-01 17:33 - 2013-06-24 09:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-06-01 13:01 - 2014-04-25 08:03 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 13:01 - 2014-04-25 08:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-01 13:01 - 2014-04-25 08:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2015-06-29 14:12 - 2015-06-29 14:12 - 48199680 _____ () C:\Program Files\GUT1A0.tmp
2010-04-26 07:47 - 2010-04-26 07:47 - 0000000 ____H () C:\Documents and Settings\Administrator\Application Data\ActUpdate.log
 
Files to move or delete:
====================
C:\Documents and Settings\Administrator\fix.reg
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
 
Here is the Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Administrator at 2015-07-01 10:59:49
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1614895754-682003330-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1614895754-682003330-725345543-1144 - Limited - Enabled)
Guest (S-1-5-21-1614895754-682003330-725345543-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-1614895754-682003330-725345543-1000 - Limited - Disabled)
Joe Verdugo (S-1-5-21-1614895754-682003330-725345543-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Joe Verdugo
Kerry Strand (S-1-5-21-1614895754-682003330-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kerry Strand
SUPPORT_388945a0 (S-1-5-21-1614895754-682003330-725345543-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: PC Matic Super Shield (Enabled - Up to date) {E4ECA7EE-E09E-4CE5-AC5B-1CADD8DBD689}
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.41612 - ABBYY Software House)
ACT! (Version: 9.0.0.0000 - Sage Software SB, Inc) Hidden
ACT! 2000 (HKLM\...\ACT! 2000) (Version:  - )
ACT! Standard 9.0 (HKLM\...\InstallShield_{F231B54A-05F3-46A8-9122-01180D55ECBA}) (Version: 9.01.0000 - Sage Software SB, Inc)
ACT! Standard 9.0 (Version: 9.01.0000 - Sage Software SB, Inc) Hidden
Adobe Flash Player 18 ActiveX (HKLM\...\{901E9B21-CDB1-4C4A-ABFC-61A554912BED}) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\{B0069674-D80C-48CB-852D-88AD36EAB0A5}) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\{0E3C52E0-B4F1-4D1E-B172-E390813BD9FE}) (Version: 12.1.8.158 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Brochure (HKLM\...\{01A1A019-E1D8-482A-BE17-5E118D17C0A0}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM\...\{F626E006-C06C-466A-B133-92C1991385CA}) (Version:  - ArcSoft)
Brother MFL-Pro Suite (HKLM\...\{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DrawPlus 3.0 (HKLM\...\DrawPlus 3.0) (Version:  - )
Google Drive (HKLM\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4421 - )
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java DB 10.5.3.0 (HKLM\...\{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}) (Version: 10.5.3.0 - Sun Microsystems, Inc)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LiveUpdate (HKLM\...\LiveUpdate) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2000 Standard (HKLM\...\{00020409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Publisher 98 (HKLM\...\MSPUB5) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Move Networks Player - IE) (Version:  - )
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
PC Matic 1.1.0.54 (HKLM\...\PC Matic_is1) (Version: 1.1.0.54 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.55 (HKLM\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.55 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.18 (HKLM\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)
Pdf995 (HKLM\...\Pdf995) (Version:  - )
Presto! Forms 3.50.01 (HKLM\...\{B79920F8-AB6E-45B2-B257-900BBA969FF7}) (Version:  - )
Presto! PageManager 7.12.02 (HKLM\...\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}) (Version:  - )
PrintMaster (HKLM\...\PrintMaster 10) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.03 - Realtek Semiconductor Corp.)
Screen Shot Standard 8 (HKLM\...\Screen Shot Standard 8) (Version: 5 - Riverdeep Inc., LLC)
Smart Label Printer 6.9.2 (HKLM\...\{51F959A5-F537-44E7-976F-88B4F56E13DD}) (Version: 6.9.0387 - Seiko Instruments USA Inc.)
SolidWorks viewer (HKLM\...\{DCB5C8AE-7AEB-4449-AE62-60BB730C71FC}) (Version: 15.40.87 - SolidWorks)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\Kerry Strand\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\Kerry Strand\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Documents and Settings\Kerry Strand\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Documents and Settings\Kerry Strand\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{6CE4B8A6-4DB5-4F63-8013-1197503692EF}\InprocServer32 -> C:\Documents and Settings\Guest\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\YBPAddon_2.9.8.dll (Yahoo! Inc.)
 
==================== Restore Points =========================
 
24-06-2015 10:09:57 PC Pitstop Restore Point
25-06-2015 10:11:08 PC Pitstop Restore Point
26-06-2015 10:04:20 PC Pitstop Restore Point
26-06-2015 12:14:01 PC Pitstop Restore Point
29-06-2015 07:22:59 System Checkpoint
29-06-2015 11:05:59 Restore Operation
29-06-2015 13:06:17 PC Pitstop Restore Point
01-07-2015 08:48:36 PC Pitstop Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-02-28 05:00 - 2011-03-10 11:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{C2DB0B14-4BDE-4ECD-A10F-49FCAE89DB4D}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1AC735C8-1215-4190-BA38-8A1E7B9CBB87}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{39EC67C9-61A1-41CB-8529-8325600062A0}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8829E2B3-23DF-4E5D-A55C-99DD33BBF694}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{CBB3E077-CB69-4DFC-A847-C9718FBF03FC}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2006-02-28 05:00 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 05:00 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-06-23 08:01 - 2015-06-19 22:46 - 15003976 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
2015-07-01 10:24 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-07-01 10:24 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\secfile: Application <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 6964 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1614895754-682003330-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Kerry Strand\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1614895754-682003330-725345543-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
HKU\S-1-5-21-1614895754-682003330-725345543-500\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1614895754-682003330-725345543-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-1614895754-682003330-725345543-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\ACT\Act for Windows\ActSage.exe] => Enabled:ACT! 9.x/2007
StandardProfile\AuthorizedApplications: [C:\Program Files\Seal Hunter\Seal Hunter.exe] => Enabled:Seal Hunter
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE] => Enabled:SAgent4
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Kerry Strand\My Documents\ComicRack\ComicRack.exe] => Enabled:ComicRack
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/01/2015 10:54:46 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (07/01/2015 10:43:05 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/01/2015 10:42:54 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/01/2015 10:23:40 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (07/01/2015 10:16:12 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (07/01/2015 10:16:12 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (07/01/2015 10:16:06 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (07/01/2015 10:16:04 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (07/01/2015 10:14:28 AM) (Source: DCOM) (EventID: 10005) (User: KERRY-ED393E95E)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/01/2015 10:02:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Fips
intelppm
sbaphd
 
 
Microsoft Office:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 2039.48 MB
Available physical RAM: 1211.35 MB
Total Virtual: 3413.96 MB
Available Virtual: 2603.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.6 GB) (Free:349.55 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 372.6 GB) (Disk ID: 71D671D6)
Partition 1: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifCCleaner - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.