Author Topic: [Resolved - K] Laptop often freezes, occasional random reboots,  (Read 2052 times)

Offline blackzzz01

  • Bronze Member
  • Posts: 52
[Resolved - K] Laptop often freezes, occasional random reboots,
« on: November 29, 2015, 02:24:08 PM »
Began having issues several months ago and initially suspected that it might be related to Firefox. Uninstalled Firefox but problems have continued with frequent error messages, freezing, occasional random reboots. Currently am using Google Chrome as my browser. Thanks in advance for any help provided.

   DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376  BrowserJavaVersion: 11.60.2
Run by Pete Konefke at 15:14:21 on 2015-11-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.432 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
C:\WINDOWS\SCMain.exe
C:\WINDOWS\WCMain.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_60\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_60\bin\jp2ssv.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [20150107] c:\program files\avast software\avast\setup\emupdate\a55fb2c6-720a-422a-a58d-7ef50c0eb1f8.exe /check
StartupFolder: c:\docume~1\peteko~1\startm~1\programs\startup\amazon~1.lnk - c:\documents and settings\pete konefke\local settings\apps\2.0\376noqmz.o15\lee1pmpa.8dy\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.11.226\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stardu~1.lnk - c:\windows\SCMain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stardu~2.lnk - c:\windows\WCMain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{42A718B7-0FBF-47E5-A858-60BFE21544D5} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\46.0.2490.86\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.1   mssplus.mcafee.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-4-20 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-4-20 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-10 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-10 428120]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-3 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-20 74976]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-10 343336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-24 1513784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-24 1135416]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-7-8 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-7-6 14088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-24 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-24 170200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 eapihdrv;eapihdrv;c:\docume~1\peteko~1\locals~1\temp\ehdrv.sys [2015-8-20 135760]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\wildtangent games\app\GamesAppIntegrationService.exe [2013-9-5 240736]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.11.226\McCHSvc.exe [2015-10-30 235696]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2015-9-1 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2015-11-25 15:54:10   --------   d-----w-   c:\program files\McAfee Security Scan
.
==================== Find3M  ====================
.
2015-11-29 17:03:37   170200   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-28 14:41:40   56   --sh--r-   c:\windows\system32\2FC5E775B5.sys
2015-11-28 14:41:40   4704   -csha-w-   c:\windows\system32\KGyGaAvL.sys
2015-11-10 19:38:06   780488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-11-10 19:38:06   142536   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-10 19:37:11   5286088   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2015-10-05 13:50:10   121560   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 13:50:04   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:15:54.25 ===============
« Last Edit: December 12, 2015, 11:16:41 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #1 on: December 02, 2015, 03:55:50 AM »
Hello blackzzz01 and welcome back to SpywareHammer,

P2P/illegal software Warning:

Quote
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the Forum policy on P2P and Illegal Software.

Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....
Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Let me see those logs in your reply....

Thank you,

Kevin...

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #2 on: December 02, 2015, 09:42:31 PM »
 Hi Kevin and thanks for helping me out on this...it's very much appreciated.

Regarding the P2P warning: To my knowledge I'm not using any such software and actually have never even heard of it.

Here are the logs you requested and looking forward to hearing from you. Will have to post the RogueKiller log in a second post due to exceeded maximum character limit.

 Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/2/2015
Scan Time: 6:40:00 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.12.02.06
Rootkit Database: v2015.11.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Pete Konefke

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365527
Time Elapsed: 38 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by Pete Konefke (administrator) on DELLNOTEBOOK (02-12-2015 21:49:19)
Running from C:\Documents and Settings\Pete Konefke\Desktop
Loaded Profiles: Pete Konefke (Available Profiles: Pete Konefke & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Intel(R) Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
() C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(AOL LLC) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Intel Corporation) C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
(Stardust Software) C:\WINDOWS\WCMain.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Amazon Digital Services, LLC.) C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
(Sun Microsystems, Inc.) C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2005-12-28] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2005-12-28] (Intel Corporation)
HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-10-31] (Creative Technology Ltd)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-05-11] (Hewlett-Packard Co.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-14] (Avast Software s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-02-15] (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\...\Run: [SetDefaultMIDI] => C:\WINDOWS\MIDIDef.exe [24576 2004-12-22] (Creative Technology Ltd)
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-03] (SUPERAntiSpyware)
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\AUGUST~1.SCR [564736 2007-02-11] (Stardust Software)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-14] (Avast Software s.r.o.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-12-23]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-11-22]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Stardust Screen Saver Control 2003.lnk [2007-02-11]
ShortcutTarget: Stardust Screen Saver Control 2003.lnk -> C:\WINDOWS\SCMain.exe (Stardust Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Stardust Wallpaper Control 2003.lnk [2007-02-11]
ShortcutTarget: Stardust Wallpaper Control 2003.lnk -> C:\WINDOWS\WCMain.exe (Stardust Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013-10-26]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Pete Konefke\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2015-12-02]
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{42A718B7-0FBF-47E5-A858-60BFE21544D5}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
SearchScopes: HKU\S-1-5-21-4191100092-4119948040-1106457078-1005 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-4191100092-4119948040-1106457078-1005 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4191100092-4119948040-1106457078-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06] (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-14] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-22] (Oracle Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Pete Konefke\Application Data\Mozilla\Firefox\Profiles\9js8h4ko.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-22] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\Easy Media Player\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\Easy Media Player\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\Easy Media Player\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-09-27] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-08] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Profile: C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-28]
CHR Extension: (Gmail) - C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 AdobeActiveFileMonitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [98304 2004-10-20] () [File not signed]
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [46640 2006-10-23] (AOL LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-14] (Avast Software s.r.o.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed]
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [69632 2006-07-20] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-12] (Creative Technology Ltd) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753 2005-12-28] (Intel Corporation) [File not signed]
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [451904 2009-08-19] ()
S3 GameConsoleService; C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [181784 2007-12-19] (WildTangent, Inc.)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [235696 2015-10-30] (McAfee, Inc.)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-07-08] (Memeo)
S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [380928 2006-04-06] (Dell Inc.) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-13] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164 2005-12-28] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2005-12-28] (Intel Corporation ) [File not signed]
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-07-06] (Memeo)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2005-12-28] (Intel(R) Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2006-07-20] (Meetinghouse Data Communications) [File not signed]
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2006-07-20] (Windows (R) 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-14] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-14] (Avast Software s.r.o.)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-14] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-14] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-14] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-14] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-14] ()
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87488 2004-12-01] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions) [File not signed]
S3 eapihdrv; C:\Documents and Settings\Pete Konefke\Local Settings\Temp\ehdrv.sys [135760 2015-08-20] (ESET)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-22] (HP)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-21] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-10] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-10] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-13] (Microsoft Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [9728 2004-10-19] (Creative Technology Ltd.) [File not signed]
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2005-12-28] (Intel Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions) [File not signed]
R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S0 Inspect; System32\DRIVERS\inspect.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 21:49 - 2015-12-02 21:50 - 00026236 _____ C:\Documents and Settings\Pete Konefke\Desktop\FRST.txt
2015-12-02 21:48 - 2015-12-02 21:49 - 00000000 ____D C:\FRST
2015-12-02 21:47 - 2015-12-02 21:48 - 01721344 _____ (Farbar) C:\Documents and Settings\Pete Konefke\Desktop\FRST.exe
2015-11-29 20:39 - 2015-11-29 20:39 - 00000000 ____D C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240EE.TMP
2015-11-25 10:54 - 2015-11-25 10:54 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-11-25 10:54 - 2015-11-25 10:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
2015-11-22 08:23 - 2015-11-22 08:23 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2015-11-13 10:48 - 2015-11-13 10:48 - 00094208 _____ C:\WINDOWS\Minidump\Mini111315-01.dmp
2015-11-11 10:00 - 2015-11-11 10:00 - 00000588 _____ C:\WINDOWS\system32\settingsbkup.sfm
2015-11-11 10:00 - 2015-11-11 10:00 - 00000588 _____ C:\WINDOWS\system32\settings.sfm
2015-11-02 05:28 - 2015-11-02 05:28 - 00000383 _____ C:\ftconfig.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 21:50 - 2013-10-31 13:35 - 00000000 ____D C:\Documents and Settings\Pete Konefke\Local Settings\Temp
2015-12-02 21:49 - 2005-08-16 04:22 - 00000000 ____D C:\WINDOWS
2015-12-02 21:37 - 2013-07-24 13:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 21:36 - 2012-11-10 09:22 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-12-02 21:35 - 2014-11-24 12:57 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-02 21:35 - 2014-03-08 21:14 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-02 21:35 - 2010-07-15 15:22 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 21:33 - 2005-08-16 04:38 - 00000000 ____D C:\WINDOWS\Registration
2015-12-02 21:32 - 2006-07-20 15:39 - 00004608 _____ C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2015-12-02 21:31 - 2013-07-12 08:01 - 00000300 _____ C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job
2015-12-02 21:31 - 2005-08-16 04:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 21:30 - 2006-09-20 12:11 - 00000178 ___SH C:\Documents and Settings\Pete Konefke\ntuser.ini
2015-12-02 21:30 - 2006-09-20 12:11 - 00000000 ____D C:\Documents and Settings\Pete Konefke
2015-12-02 21:30 - 2005-08-16 04:49 - 00032268 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-02 20:00 - 2013-07-12 08:01 - 00000300 _____ C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job
2015-12-02 19:57 - 2010-07-15 15:22 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 20:34 - 2015-01-19 14:34 - 00000714 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-11-29 15:16 - 2015-08-17 07:09 - 00023161 _____ C:\Documents and Settings\Pete Konefke\Desktop\attach.txt
2015-11-29 15:15 - 2015-08-17 07:09 - 00012622 _____ C:\Documents and Settings\Pete Konefke\Desktop\dds.txt
2015-11-28 09:41 - 2014-10-09 11:31 - 00000056 __RSH C:\WINDOWS\system32\2FC5E775B5.sys
2015-11-28 09:41 - 2008-11-30 05:30 - 00004704 __SHC C:\WINDOWS\system32\KGyGaAvL.sys
2015-11-27 19:22 - 2007-01-13 11:02 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-11-25 10:54 - 2015-04-29 09:58 - 00001772 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
2015-11-22 11:36 - 2006-09-20 12:11 - 00000000 ____D C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\ApplicationHistory
2015-11-20 11:07 - 2006-09-20 11:59 - 00000000 __SHD C:\WINDOWS\CSC
2015-11-15 12:34 - 2005-08-16 04:18 - 00000764 _____ C:\WINDOWS\win.ini
2015-11-15 09:27 - 2007-02-08 14:26 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-13 10:48 - 2007-02-08 13:43 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-11 14:53 - 2012-11-09 13:54 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-11-10 14:38 - 2012-11-03 13:10 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-10 14:38 - 2012-11-03 13:10 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-10 14:37 - 2015-10-16 23:37 - 05286088 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-11-02 13:32 - 2010-09-14 13:56 - 00134656 ____C C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2006-10-07 10:12 - 2006-10-07 10:12 - 0000251 ____C () C:\Program Files\wt3d.ini
2010-06-28 07:48 - 2010-06-28 07:48 - 0012358 ____C () C:\Documents and Settings\Pete Konefke\Application Data\PFP120JCM.{PB
2010-06-28 07:48 - 2010-06-28 07:48 - 0061678 ____C () C:\Documents and Settings\Pete Konefke\Application Data\PFP120JPR.{PB
2010-09-14 13:56 - 2015-11-02 13:32 - 0134656 ____C () C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-09-20 12:11 - 2006-09-20 12:12 - 0000135 _____ () C:\Documents and Settings\Pete Konefke\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0rtw2g.dll
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\iv_uninstall.exe
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\Pete Konefke\Local Settings\Temp\wperfenhancer.3de9fc8f0e619c822c97eb4d3b9098f8eb2ac894.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by Pete Konefke (2015-12-02 21:51:17)
Running from C:\Documents and Settings\Pete Konefke\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-09-20 17:11:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4191100092-4119948040-1106457078-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-4191100092-4119948040-1106457078-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-4191100092-4119948040-1106457078-1004 - Limited - Disabled)
Pete Konefke (S-1-5-21-4191100092-4119948040-1106457078-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Pete Konefke
SUPPORT_388945a0 (S-1-5-21-4191100092-4119948040-1106457078-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 3.0 (HKLM\...\{851C67EF-068A-4060-9EF5-2E3DDCD68382}) (Version: 003.000.0000 - Adobe Systems Inc.)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.226.1 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB953295) (HKLM\...\KB953295) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version:  - Microsoft Corporation)
Windows PowerShell(TM) 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB908250 (HKLM\...\KB908250) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB912067 (HKLM\...\KB912067) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4191100092-4119948040-1106457078-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Pete Konefke\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-4191100092-4119948040-1106457078-1005_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Pete Konefke\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No F (the data entry has 3 more characters).

==================== Restore Points =========================

24-10-2015 10:48:37 System Checkpoint
25-10-2015 12:15:55 System Checkpoint
26-10-2015 13:13:08 System Checkpoint
27-10-2015 15:11:30 System Checkpoint
28-10-2015 16:31:08 System Checkpoint
29-10-2015 18:17:44 System Checkpoint
30-10-2015 18:39:09 System Checkpoint
01-11-2015 09:40:46 System Checkpoint
02-11-2015 09:52:25 System Checkpoint
03-11-2015 15:05:09 System Checkpoint
04-11-2015 16:23:57 System Checkpoint
06-11-2015 11:03:53 System Checkpoint
07-11-2015 12:33:50 System Checkpoint
08-11-2015 13:02:17 System Checkpoint
09-11-2015 13:51:57 System Checkpoint
10-11-2015 14:23:35 System Checkpoint
11-11-2015 14:54:14 System Checkpoint
12-11-2015 15:38:55 System Checkpoint
13-11-2015 15:43:50 System Checkpoint
14-11-2015 17:35:04 System Checkpoint
15-11-2015 09:26:11 Software Distribution Service 3.0
16-11-2015 12:02:48 System Checkpoint
17-11-2015 14:52:48 System Checkpoint
18-11-2015 17:58:09 System Checkpoint
19-11-2015 21:43:20 System Checkpoint
20-11-2015 22:50:50 System Checkpoint
22-11-2015 09:18:33 System Checkpoint
23-11-2015 13:16:10 System Checkpoint
25-11-2015 00:13:31 System Checkpoint
26-11-2015 12:35:53 System Checkpoint
27-11-2015 13:15:18 System Checkpoint
29-11-2015 09:49:10 System Checkpoint
30-11-2015 11:55:33 System Checkpoint
01-12-2015 13:19:38 System Checkpoint
02-12-2015 13:59:32 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2005-08-16 04:18 - 2015-11-25 10:54 - 00000770 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.1   mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate 2.job => C:\WINDOWS\system32\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeFlashPlayerUpdate.job => C:\WINDOWS\system32\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2005-12-28 12:11 - 2005-12-28 12:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00053322 _____ () C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2015-06-14 19:54 - 2015-06-14 19:54 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-14 19:54 - 2015-06-14 19:54 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-02 09:34 - 2015-12-02 09:34 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120201\algo.dll
2004-10-20 04:47 - 2004-10-20 04:47 - 00098304 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
2004-10-20 04:47 - 2004-10-20 04:47 - 00147456 _____ () C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
2005-09-09 03:24 - 2005-09-09 03:24 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2006-09-14 07:56 - 2006-09-14 07:56 - 00102400 _____ () C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-16 04:18 - 2011-02-04 16:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2005-08-16 04:18 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2005-08-16 04:18 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-16 04:18 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2009-08-19 09:09 - 2009-08-19 09:09 - 00451904 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2009-08-19 09:05 - 2009-08-19 09:05 - 01581056 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2009-04-08 09:36 - 2009-04-08 09:36 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-08 09:41 - 2009-04-08 09:41 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2015-04-13 12:20 - 2015-04-13 12:20 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-02-22 16:56 - 2010-02-22 16:56 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2015-04-13 12:20 - 2015-04-13 12:20 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00053322 _____ () C:\Program Files\Intel\Wireless\bin\IntStngs.dll
2005-11-16 10:05 - 2005-11-16 10:05 - 00970862 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00208965 _____ () C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
2005-12-28 12:11 - 2005-12-28 12:11 - 00876544 _____ () C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
2015-03-13 12:50 - 2015-06-14 19:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-28 20:45 - 2015-12-02 21:38 - 00046080 _____ () C:\Documents and Settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
2013-10-31 14:05 - 2013-10-31 14:05 - 00541696 _____ () C:\Documents and Settings\Pete Konefke\Local Settings\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4191100092-4119948040-1106457078-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\dell.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Creative Detector => "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dell QuickSet => C:\Program Files\Dell\QuickSet\quickset.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupport- => "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1170777916\ee\AOLSoftware.exe
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MBMon => Rundll32 CTMBHA.DLL,MBMon
MSCONFIG\startupreg: Memeo AutoSync => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\netWaiting.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: VoiceCenter => "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe] => Disabled:Adobe Photoshop Elements Media Server
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe] => :LocalSubNet:Disabled:Intuit Update Shared Downloads Server
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2015 09:41:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, faulting module jucheck.exe, version 2.8.60.27, fault address 0x00052d24.
Processing media-specific event for [jucheck.exe!ws!]

Error: (12/02/2015 09:37:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application scmain.exe, version 3.0.0.66, faulting module scmain.exe, version 3.0.0.66, fault address 0x000744b2.
Processing media-specific event for [scmain.exe!ws!]

Error: (12/02/2015 08:22:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (12/02/2015 08:22:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (12/02/2015 08:22:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/02/2015 02:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15593

Error: (12/02/2015 02:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15593

Error: (12/02/2015 02:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2015 11:26:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (12/01/2015 11:26:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609


System errors:
=============
Error: (12/02/2015 09:28:09 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 10.237.204.112 on the
Network Card with network address 001302B7E1FF.

Error: (12/02/2015 04:42:12 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 10.230.29.174 on the
Network Card with network address 001302B7E1FF.

Error: (12/02/2015 09:33:02 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.14 for the Network Card with network address 001302B7E1FF has been
denied by the DHCP server 69.139.132.41 (The DHCP Server sent a DHCPNACK message).

Error: (11/30/2015 11:28:56 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.6 on the
Network Card with network address 001302B7E1FF.

Error: (11/29/2015 09:03:20 AM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.9 on the
Network Card with network address 001302B7E1FF.

Error: (11/27/2015 03:16:47 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (11/27/2015 03:16:47 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (11/27/2015 02:46:47 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (11/27/2015 02:46:47 PM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (11/27/2015 02:31:46 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 53%
Total physical RAM: 2046.37 MB
Available physical RAM: 941.48

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #3 on: December 02, 2015, 09:44:10 PM »
Kevin,

Here is the RogueKiller log.

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Pete Konefke [Administrator]
Started from : C:\Documents and Settings\Pete Konefke\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/02/2015 22:31:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\File Type Helper -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 422 ¤¤¤
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2079403$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2115168$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2121546$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2141007$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2158563$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2160329$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2229593$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2259922$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2279986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2286198$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2296011$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2296199$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2345886$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2347290$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2360937$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2378111_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2387149$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2393802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2412687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2419632$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2423089$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2436673$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2440591$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2443105$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2443685$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2467659$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2476490$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2476687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2478960$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2478971$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2479628$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2481109$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2483185$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2485376$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2485663$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2491683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2502898$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2503658$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2503665$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2506212$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2506223$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2507618$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2507938$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2508272$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2508429$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2509553$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2510581$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2511455$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2524375$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2535512$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2536276$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2536276-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2541763$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2544893$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2544893-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2555917$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2562937$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2564958$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2566454$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2567053$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2567680$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570222$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570791$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570947$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2572066$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2584146$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2585542$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2592799$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2598479$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2603381$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2604042$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2616676-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2618451$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2619340$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2620712$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2621440$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2624667$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2628259$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2631813$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2633171$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2633952$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2639417$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2641653$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2641690$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2646524$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2647518$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2653956$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2655992$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2656378$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2659262$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2660465$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2661254-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2661637$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2676562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2685939$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2686509$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2691442$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2695962$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2698035$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2698365$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2705219$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2707511$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2709162$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2712808$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2718523$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2718704$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2719985$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2723135$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2724197$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2727528$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2731847$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2736233$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2742607$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2749655$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2753842$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2753842-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2756822$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2757638$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2758857$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2761226$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2770660$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2778344$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2779030$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2779562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2780091$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2799494$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2802968$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2807986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2808735$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2813170$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2813345$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2820197$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2820917$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2829361$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2833951$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834886$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834905_MCEUR2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2839229$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2845187$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2847311$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2849470$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2850851$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2850869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2859537$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862152$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862330$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862335$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2863058$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2864063$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2868038$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2868626$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876217$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876315$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876331$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2883150$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2892075$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2893294$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2893984$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2898715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2900986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2904266$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2904878$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2909212$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2914368$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2916036$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2922229$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2929961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2930275$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2934207$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB885836$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB886185$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB887998$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB888302$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB888795$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890046$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890859$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890927$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB891593$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB893756$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB894391$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB895961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB896428$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB898461$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899337$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899510$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899587$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899589$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900325$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900485$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900725$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB901017$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB902400$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB902841$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB903157$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB904942$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB905414$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB905749$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908250$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908531$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB910437$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911280$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911567$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911927$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB913580$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB913800$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914388$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914389$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914440$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB915865$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB916595$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917159$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917422$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917734_WMP10$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917953$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB918118$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB918899$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB919007$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920213$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920214$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920670$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920685$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920872$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921398$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921503$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921883$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922582$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922616$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922819$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923191$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923414$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923561$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923689$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923694$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923980$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924191$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924270$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924496$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924667$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925398_WMP64$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925454$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925486$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925902$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926139-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926251$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926255$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926436$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927779$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927891$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB928255$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB928843$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB929123$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB929969$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930178$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930494$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930916$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931261$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931784$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931836$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB932168$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB932823-v3$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB933360$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB933729$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB935839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB935840$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936021$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936357$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936782_WMP10$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB937894$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938828$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938829$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941202$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941568$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941569$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941644$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941693$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB942763$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943055$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943460$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943485$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB944653$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB945553$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946026$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946648$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946648_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB948590$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB948881$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950749$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950760$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950762$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950762_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950974$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950974_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951066$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951066_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951072-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376-v2_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951698$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951698_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951748$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951748_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951978$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952004$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952069_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952287$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952287_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952954$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952954_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB953295$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB953839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954155_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954211$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954459$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954600$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955069$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955759$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956391$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956572$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956744$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956803$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956841$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956844$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB957095$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB957097$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958644$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958690$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB959426$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960225$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960803$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960859$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961118$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961371$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961373$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961501$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB967715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968389$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968537$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968816_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969059$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969898$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969947$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970238$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970430$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970653-v3$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971029$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971468$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971486$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971557$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971633$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971657$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971737$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB972270$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973346$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973354$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973507$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973525$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973540_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973768$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973815$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973904$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974112$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974318$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974392$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974571$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975025$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975467$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975558_WM8$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975560$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975561$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975713$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB976098-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977165-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977816$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977914$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978037$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978251$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978262$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978338$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978542$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978601$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978695_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978706$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979306$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979309$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979482$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979559$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979904$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980195$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980218$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980232$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980436$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981322$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981349$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981793$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981852$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981957$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981997$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982132$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982214$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982665$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982802$ -> Found

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\system32\drivers\etc\hosts] 0.0.0.1   mssplus.mcafee.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1032GSX +++++
--- User ---
[MBR] da85a18bcfa77676722ba3d94cc44dbe
[BSP] 6a16940a05e78a8357108e829835cd80 : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 96390 | Size: 66762 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 136825605 | Size: 22387 MB [Windows XP Bootstrap | Windows XP Bootloader]
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 182675115 | Size: 4753 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] d9b72b9a25fee4f66d08e3241536e2cc
[BSP] c7b41ce832f37e92c8b0c6e447715d34 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #4 on: December 03, 2015, 04:38:18 AM »
Thanks for those logs, continue as follows:

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

Open the Files tab and locate the following detections:

[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2079403$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2115168$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2121546$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2141007$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2158563$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2160329$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2229593$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2259922$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2279986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2286198$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2296011$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2296199$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2345886$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2347290$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2360937$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2378111_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2387149$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2393802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2412687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2419632$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2423089$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2436673$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2440591$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2443105$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2443685$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2467659$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2476490$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2476687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2478960$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2478971$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2479628$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2481109$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2483185$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2485376$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2485663$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2491683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2502898$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2503658$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2503665$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2506212$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2506223$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2507618$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2507938$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2508272$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2508429$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2509553$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2510581$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2511455$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2524375$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2535512$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2536276$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2536276-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2541763$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2544893$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2544893-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2555917$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2562937$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2564958$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2566454$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2567053$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2567680$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570222$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570791$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2570947$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2572066$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2584146$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2585542$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2592799$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2598479$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2603381$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2604042$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2616676-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2618451$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2619340$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2620712$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2621440$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2624667$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2628259$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2631813$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2633171$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2633952$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2639417$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2641653$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2641690$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2646524$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2647518$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2653956$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2655992$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2656378$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2659262$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2660465$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2661254-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2661637$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2676562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2685939$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2686509$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2691442$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2695962$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2698035$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2698365$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2705219$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2707511$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2709162$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2712808$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2718523$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2718704$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2719985$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2723135$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2724197$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2727528$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2731847$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2736233$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2742607$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2749655$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2753842$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2753842-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2756822$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2757638$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2758857$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2761226$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2770660$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2778344$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2779030$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2779562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2780091$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2799494$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2802968$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2807986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2808735$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2813170$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2813345$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2820197$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2820917$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2829361$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2833951$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834886$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834905-v2_MCEUR2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2834905_MCEUR2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2839229$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2845187$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2847311$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2849470$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2850851$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2850869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2859537$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862152$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862330$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2862335$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2863058$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2864063$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2868038$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2868626$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876217$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876315$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2876331$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2883150$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2892075$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2893294$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2893984$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2898715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2900986$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2904266$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2904878$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2909212$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2914368$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2916036$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2922229$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2929961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2930275$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB2934207$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB885836$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB886185$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB887998$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB888302$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB888795$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890046$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890859$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB890927$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB891593$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB893756$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB894391$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB895961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB896428$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB898461$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899337$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899510$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899587$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB899589$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900325$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900485$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB900725$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB901017$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB902400$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB902841$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB903157$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB904942$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB905414$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB905749$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908250$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908531$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB910437$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911280$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911567$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB911927$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB913580$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB913800$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914388$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914389$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB914440$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB915865$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB916595$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917159$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917422$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917734_WMP10$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB917953$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB918118$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB918899$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB919007$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920213$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920214$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920670$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920685$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB920872$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921398$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921503$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB921883$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922582$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922616$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB922819$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923191$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923414$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923561$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923689$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923694$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB923980$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924191$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924270$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924496$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB924667$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925398_WMP64$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925454$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925486$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB925902$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926139-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926251$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926255$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB926436$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927779$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB927891$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB928255$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB928843$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB929123$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB929969$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930178$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930494$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB930916$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931261$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931784$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB931836$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB932168$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB932823-v3$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB933360$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB933729$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB935839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB935840$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936021$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936357$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB936782_WMP10$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB937894$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938464_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938828$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB938829$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941202$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941568$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941569$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941644$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB941693$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB942763$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943055$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943460$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB943485$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB944653$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB945553$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946026$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946648$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB946648_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB948590$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB948881$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950749$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950760$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950762$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950762_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950974$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB950974_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951066$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951066_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951072-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376-v2_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951376_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951698$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951698_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951748$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951748_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB951978$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952004$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952069_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952287$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952287_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952954$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB952954_0$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB953295$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB953839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954155_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954211$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954459$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB954600$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955069$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955759$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB955839$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956391$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956572$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956744$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956802$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956803$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956841$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB956844$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB957095$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB957097$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958644$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958690$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB958869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB959426$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960225$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960803$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB960859$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961118$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961371$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961373$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB961501$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB967715$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968389$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968537$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB968816_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969059$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969898$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB969947$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970238$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970430$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB970653-v3$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971029$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971468$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971486$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971557$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971633$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971657$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971737$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB971961$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB972270$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973346$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973354$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973507$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973525$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973540_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973768$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973815$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973869$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB973904$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974112$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974318$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974392$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB974571$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975025$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975467$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975558_WM8$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975560$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975561$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975562$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB975713$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB976098-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977165-v2$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977816$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB977914$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978037$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978251$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978262$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978338$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978542$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978601$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978695_WM9$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB978706$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979306$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979309$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979482$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979559$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979683$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979687$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB979904$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980195$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980218$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980232$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB980436$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981322$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981349$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981793$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981852$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981957$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB981997$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982132$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982214$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982665$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB982802$ -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. Post that log to your reply,

Next,

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\WINDOWS\system32\2FC5E775B5.sys
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files


C:\Program Files\wt3d.ini

Next,

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Next,

Zip up and attach the following folder C:\WINDOWS\Minidump

Let me see those logs in your reply.....

Thank you,

Kevin

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #5 on: December 04, 2015, 02:52:37 PM »
Thanks Kevin and here are the requested logs and attachment.

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Pete Konefke [Administrator]
Started from : C:\Documents and Settings\Pete Konefke\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/04/2015 11:17:21

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\File Type Helper -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB976098-v2$ -> Found

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\system32\drivers\etc\hosts] 0.0.0.1   mssplus.mcafee.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1032GSX +++++
--- User ---
[MBR] da85a18bcfa77676722ba3d94cc44dbe
[BSP] 6a16940a05e78a8357108e829835cd80 : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 96390 | Size: 66762 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 136825605 | Size: 22387 MB [Windows XP Bootstrap | Windows XP Bootloader]
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 182675115 | Size: 4753 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] d9b72b9a25fee4f66d08e3241536e2cc
[BSP] c7b41ce832f37e92c8b0c6e447715d34 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )



SHA256:   7a940a5b792e8392bc7cd16f2d2be101180d68a9127d0baadefcfc6365d77f9f
File name:   2FC5E775B5.sys
Detection ratio:   0 / 54
Analysis date:   2015-12-04 17:01:40 UTC ( 3 hours, 39 minutes ago )
0 1
 Analysis
 Additional information
 Comments 0
 Votes
Antivirus   Result   Update
ALYac      20151204
AVG      20151204
AVware      20151204
Ad-Aware      20151204
AegisLab      20151204
Agnitum      20151204
AhnLab-V3      20151204
Alibaba      20151204
Antiy-AVL      20151204
Arcabit      20151204
Avast      20151204
Baidu-International      20151204
BitDefender      20151204
Bkav      20151204
ByteHero      20151204
CAT-QuickHeal      20151204
CMC      20151201
ClamAV      20151204
Comodo      20151202
Cyren      20151204
DrWeb      20151204
ESET-NOD32      20151204
Emsisoft      20151204
F-Prot      20151204
F-Secure      20151204
Fortinet      20151204
GData      20151204
Ikarus      20151204
Jiangmin      20151203
K7AntiVirus      20151202
K7GW      20151202
Kaspersky      20151204
Malwarebytes      20151204
McAfee      20151204
McAfee-GW-Edition      20151204
MicroWorld-eScan      20151204
Microsoft      20151204
NANO-Antivirus      20151204
Panda      20151204
Qihoo-360      20151204
Rising      20151203
SUPERAntiSpyware      20151204
Sophos      20151204
Symantec      20151204
Tencent      20151204
TheHacker      20151202
TrendMicro      20151204
TrendMicro-HouseCall      20151204
VBA32      20151204
VIPRE      20151204
ViRobot      20151204
Zillya      20151204
Zoner      20151204
nProtect      20151204


SHA256:   893a09edcda1963dfa60bea03dda870aeb99de804936652644ec16886c9d35a3
File name:   wt3d.ini
Detection ratio:   0 / 55
Analysis date:   2015-12-04 17:19:30 UTC ( 3 hours, 23 minutes ago )
0 1
 Analysis
 Additional information
 Comments 0
 Votes
Antivirus   Result   Update
ALYac      20151204
AVG      20151204
AVware      20151204
Ad-Aware      20151204
AegisLab      20151204
Agnitum      20151204
AhnLab-V3      20151204
Alibaba      20151204
Antiy-AVL      20151204
Arcabit      20151204
Avast      20151204
Avira      20151204
Baidu-International      20151204
BitDefender      20151204
Bkav      20151204
ByteHero      20151204
CAT-QuickHeal      20151204
CMC      20151201
ClamAV      20151204
Comodo      20151202
Cyren      20151204
DrWeb      20151204
ESET-NOD32      20151204
Emsisoft      20151204
F-Prot      20151204
F-Secure      20151204
Fortinet      20151204
GData      20151204
Ikarus      20151204
Jiangmin      20151203
K7AntiVirus      20151202
K7GW      20151202
Kaspersky      20151204
Malwarebytes      20151204
McAfee      20151204
McAfee-GW-Edition      20151204
MicroWorld-eScan      20151204
Microsoft      20151204
NANO-Antivirus      20151204
Panda      20151204
Qihoo-360      20151204
Rising      20151203
SUPERAntiSpyware      20151204
Sophos      20151204
Symantec      20151204
Tencent      20151204
TheHacker      20151202
TrendMicro      20151204
TrendMicro-HouseCall      20151204
VBA32      20151204
VIPRE      20151204
ViRobot      20151204
Zillya      20151204
Zoner      20151204
nProtect      20151204
 Blog |  Twitter |  contact@virustotal.com |  Google


ComboFix 15-12-03.01 - Pete Konefke 12/04/2015  14:23:26.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.892 [GMT -5:00]
Running from: c:\documents and settings\Pete Konefke\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\Pete Konefke\WINDOWS
F:\Autorun.inf
F:\Setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FASTFREECONVERTERUPDT
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-04 to 2015-12-04  )))))))))))))))))))))))))))))))
.
.
2015-12-03 02:59 . 2015-12-04 15:54   30848   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2015-12-03 02:59 . 2015-12-03 03:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\RogueKiller
2015-12-03 02:48 . 2015-12-03 02:52   --------   d-----w-   C:\FRST
2015-11-30 01:39 . 2015-11-30 01:39   --------   d-----w-   c:\windows\CD95F661A5C444F5A6AAECDD91C240EE.TMP
2015-11-25 15:54 . 2015-11-25 15:54   --------   d-----w-   c:\program files\McAfee Security Scan
2015-11-22 13:23 . 2015-11-22 13:23   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-04 19:57 . 2014-11-24 17:57   170200   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-10 19:38 . 2012-11-03 18:10   780488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-11-10 19:38 . 2012-11-03 18:10   142536   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-11-10 19:37 . 2015-10-17 04:37   5286088   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2015-10-05 13:50 . 2014-11-24 17:57   121560   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 13:50 . 2014-11-24 17:57   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-15 00:54   645144   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-03 5625624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-15 5515496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2014-10-02 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
.
c:\documents and settings\Pete Konefke\Start Menu\Programs\Startup\
Amazon Cloud Drive.lnk - c:\documents and settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe [2013-10-28 1097024]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.226\SSScheduler.exe [2015-10-30 277920]
Stardust Screen Saver Control 2003.lnk - c:\windows\SCMain.exe [2004-1-2 355328]
Stardust Wallpaper Control 2003.lnk - c:\windows\WCMain.exe [2004-1-2 357376]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-7-16 685936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-r-   c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43   45056   -c--a-w-   c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-04 00:59   103720   -c----w-   c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23   102400   ------w-   c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-04-06 19:58   1032192   -c--a-w-   c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 07:04   332800   ----a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport-]
2005-05-15 07:04   332800   ----a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29   49152   -c----w-   c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01   67584   -c--a-w-   c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-07-20 21:01   169984   -c--a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52   50736   -c--a-w-   c:\program files\Common Files\AOL\1170777916\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44   249856   ----a-w-   c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2006-03-03 08:18   1355938   ----a-w-   c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:36   144608   -c--a-w-   c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2010-07-08 18:22   136416   -c--a-w-   c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 07:24   20480   ------w-   c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-05-15 07:04   332800   ----a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 19:23   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2010-07-06 19:32   79112   ----a-w-   c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30   282624   ----a-w-   c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 16:48   761947   -c--a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 06:00   90112   ------w-   c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2006-01-02 14:13   1126400   -c----w-   c:\program files\Creative\VoiceCenter\AndreaVC.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/20/2013 8:26 AM 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/20/2013 8:26 AM 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/10/2012 9:22 AM 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/10/2012 9:22 AM 428120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/20/2004 4:47 AM 98304]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/3/2014 7:06 AM 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/20/2013 8:26 AM 74976]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 4:48 PM 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [11/24/2014 12:57 PM 1513784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [11/24/2014 12:57 PM 1135416]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [7/8/2010 1:21 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [7/6/2010 2:32 PM 14088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/24/2014 12:57 PM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [11/24/2014 12:57 PM 170200]
S3 eapihdrv;eapihdrv;\??\c:\docume~1\PETEKO~1\LOCALS~1\Temp\ehdrv.sys --> c:\docume~1\PETEKO~1\LOCALS~1\Temp\ehdrv.sys [?]
S3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\WildTangent Games\App\GamesAppIntegrationService.exe [9/5/2013 7:41 PM 240736]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.226\McCHSvc.exe [10/30/2015 10:48 AM 235696]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [9/1/2015 10:30 AM 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-04 19:04   1000264   ----a-w-   c:\program files\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24 19:38]
.
2015-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2015-12-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-08 20:44]
.
2015-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 02:39]
.
2015-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-15 02:39]
.
2015-12-04 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2015-10-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-04 14:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\wanmpsvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\documents and settings\Pete Konefke\Local Settings\Apps\2.0\376NOQMZ.O15\LEE1PMPA.8DY\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2015-12-04  15:01:58 - machine was rebooted
ComboFix-quarantined-files.txt  2015-12-04 20:01
.
Pre-Run: 7,500,824,576 bytes free
Post-Run: 11,751,649,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7899F98C5A7B9345B8191C0B339407E0
DEA9E81F0228B68C9ADAF84C9B0CF931




Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #6 on: December 04, 2015, 06:41:43 PM »
Thanks for the logs, minidump upload was inconclusive. Continue please....

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

When the scan completes Open the Files tab and locate the following detections:

[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$ -> Found
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB976098-v2$ -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.

Next,


Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://support.eset.com/kb2268/
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning



  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats



  • Press start scan
  • The scan will now commence



  • Once the scan has finished click open report <<<--- Do not miss this step





  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

This log will be excessive,  Please attach it to your next reply…

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin..

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #7 on: December 05, 2015, 02:04:50 PM »
Here are the requested log and attachment. System runs fairly decent and haven't had any sudden system shutdowns and reboots recently but still often have some issues with the internet...getting 'wait' or warning messages that Google has lost connection, 'program unresponsive' messages.  Could that be possibly the browser I'm using? I used Firefox in the past and it seemed to perform well until my problems started several months ago and I suspected it might be a Firefox problem so I uninstalled and have been using Google Chrome.   


RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Pete Konefke [Administrator]
Started from : C:\Documents and Settings\Pete Konefke\Desktop\RogueKiller.exe
Mode : Delete -- Date : 12/04/2015 22:53:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\File Type Helper -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\eapihdrv (\??\C:\DOCUME~1\PETEKO~1\LOCALS~1\Temp\ehdrv.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\eapihdrv (\??\C:\DOCUME~1\PETEKO~1\LOCALS~1\Temp\ehdrv.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\eapihdrv (\??\C:\DOCUME~1\PETEKO~1\LOCALS~1\Temp\ehdrv.sys) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$ -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.inf -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.txt -> Deleted
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst -> Deleted
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$ -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.inf -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.txt -> Deleted
[ZeroAccess][File] C:\WINDOWS\$NtUninstallKB908246$\spuninst\updspapi.dll -> Deleted
[ZeroAccess][Folder] C:\WINDOWS\$NtUninstallKB908246$\spuninst -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1032GSX +++++
--- User ---
[MBR] da85a18bcfa77676722ba3d94cc44dbe
[BSP] 6a16940a05e78a8357108e829835cd80 : Dell MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 96390 | Size: 66762 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 136825605 | Size: 22387 MB [Windows XP Bootstrap | Windows XP Bootloader]
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 182675115 | Size: 4753 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] d9b72b9a25fee4f66d08e3241536e2cc
[BSP] c7b41ce832f37e92c8b0c6e447715d34 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #8 on: December 05, 2015, 02:57:30 PM »
Thanks for those logs, regarding browsers I personally use Firefox, never liked or used Chrome.... If you prefer Chrome but suspect it has issues let try a clean install, see if it improves....

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Install any other extensions you prefer...

Does that make any difference?

Thank you,

Kevin...

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #9 on: December 06, 2015, 11:30:20 AM »
I don't necessarily think there is an issue with Chrome but was just wondering what your take was on it. I actually prefer Firefox and am only using Chrome since I uninstalled Firefox when I suspected Firefox was causing problems. My suspicions were just an un-educated guess. :)

Would we be able to do a clean Firefox install?  I think after the uninstall that there still may be some remnants of Firefox still left over?   

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #10 on: December 06, 2015, 03:46:14 PM »
This is my instruction for clean install,

Totally remove Firefox

Lets totally remove Firefox and start over. Make sure you still have a working Browser available, eg Internet Explorer or similar...

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

    Press "Windows key + R" to open the Run box
    In the Run box, type in or copy and paste %APPDATA%
    Click OK.  A Windows Explorer window will appear.
    In this window, choose/open in succession Mozilla > Firefox > Profiles.
    Select Delete on each entry in reverse, eg  Profiles > Delete. Firefox > Delete. Mozilla > Delete.

 

Re-boot your system when complete!

Next,

Go here: US[/color]http://www.mozilla.org/en-US download and install the latest version of Firefox... Where I mark red use your own Country code letters

Next,

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Ensure to find and install AdBlock plus and Flashblock, plus any other addons you normally use.... Now try surfing, see what happens...

Let ,e know the outcome...
« Last Edit: December 10, 2015, 03:36:26 AM by kevinf80 »

Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #11 on: December 09, 2015, 06:04:04 PM »
Hi Kevin,

Sorry for the delay in my response. Been working lots of hours this week.

When I began the uninstall procedure and went to Control Panel>Add/Remove Programs there isn't a Mozilla Firefox listed. I had attempted to uninstall a few months ago using Revo. When I do a search on my C: for 'Mozilla Firefox' there are quite a few remnants appearing although I don't know what they are. I did the '%APPDATA%' command and found a profile folder. Will wait to hear back from you before doing anything else. 

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #12 on: December 10, 2015, 03:43:31 AM »
If you`ve already uninstalled Firefox use the %appdata% option and delete the folders as shown in my last reply. Reboot when complete, install Firefox once more.
Do not forget to open addons manager and install the addons you require, ensure Adblock Plus and Adblock Plus Pop-up Addon are definitely installed before going any further....

Let me know if that makes any difference....


Offline blackzzz01

  • Bronze Member
  • Posts: 52
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #13 on: December 10, 2015, 09:09:24 PM »
Have installed Firefox and it appears to run pretty well but am having some difficulties with the installation of the addons Flashblock, AdBlock Plus, and AdBlock Plus Popup. I'm not familiar with addons and am unsure of how to install them.   

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Laptop often freezes, occasional random reboots,
« Reply #14 on: December 11, 2015, 03:42:05 AM »
Certain add-ons are essential for Firefox to work safely and efficiently. The ones I listed should be installed for security. Open Firefox, on the key board select these 3 keys together Ctrl - Shift - A Addons manager will open, if you look to the top right hand corner you will see the search box. Type the required addon name into that box eg Adblock Plus. select the search function. A list will appear, from the list select "install" for the addon you want.
When complete you will need to re-start Firefox for the addon to become active....

If the system is responding ok we will need to clean up...

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Let me know if we are ok to close out...

 

Click Here