Serious Issue, Need help please...

Hello,
This computer gets so slow you can't do anything. I am not sure what is going on. Please take a look and help. I have enclosed the 3 scan logs below. Thanks in advance.

adw:
# AdwCleaner v3.000 - Report created14/08/2013at01:31:59
# Updated 13/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Station - USER-EF1572EA42
# Running from : C:\Documents and Settings\Station\Desktop\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\DOCUME~1\Station\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\Documents and Settings\Station\Application Data\Viewpoint

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E3A2ABE-A449-4B98-9F60-1B4B56FC7D26}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E6F8D5A-ADD1-4D13-9474-E93CB3A33A64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1070CF-AD16-42E1-99C6-A6CAC453C634}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C06AA53-0EC2-4C46-AD95-2438EA177D7D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54DD3197-E6DB-432D-AC39-2B08C3034744}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{899AA96C-A74E-46B3-A815-349D84F44552}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{98447D7E-01EE-4BC4-893B-B8FBB080C6EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CC45D147-2309-4FC7-B4CF-7B3CA6F87EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D7861D39-E9E8-449F-A466-BFED73CDD2A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E62F2185-9495-422C-B8A0-AC5E23AA5EA8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1422EC71-AEF4-421F-98DC-1FEF299BB124}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2B9E510-EC1B-4806-AF06-FC9231980E3C}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Mudlogging Systems\MControl\Version 2.6.3\mcontrol.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.google.com/ie

-\\ Mozilla Firefox v22.0 (en-US)


[ File : C:\Documents and Settings\Station\Application Data\Mozilla\Firefox\Profiles\jziphf31.default\prefs.js ]

[OK] No bad entry found.

*************************

AdwCleaner[0].txt - [2504 octets] - [14/08/2013 01:32:00]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [2563 octets] ##########


malware

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.12.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Station :: USER-EF1572EA42 [administrator]

Protection: Enabled

8/14/2013 1:45:59 AM
MBAM-log-2013-08-14 (04-07-12).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252164
Time elapsed: 2 hour(s), 20 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{48A46F19-9EE6-46E7-B9D2-9EEC1552C69E}\RP1287\A0126086.exe (PUP.Optional.AirInstaller) -> No action taken.

(end)

sec check

Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Free Antivirus
Microsoft Security Essentials
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 7
Adobe Flash Player 11.8.800.94
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Please run MBAM again and remove the infections.
The Security check shows you have two AV's on your computer; Avira Free Antivirus and Microsoft Security Essentials. You must make sure that only one AV is enabled at any time on your computer otherwise, they will conflict.

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
********************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Thanks much!

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Station :: USER-EF1572EA42 [administrator]

Protection: Enabled

8/15/2013 12:38:26 AM
mbam-log-2013-08-15 (00-38-26).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253302
Time elapsed: 1 hour(s), 49 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{48A46F19-9EE6-46E7-B9D2-9EEC1552C69E}\RP1287\A0126086.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.

(end)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Microsoft Windows XP x86
Ran by Station on Thu 08/15/2013 at 5:01:01.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Station\Application Data\mozilla\firefox\profiles\jziphf31.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 5:04:27.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ComboFix 13-08-14.02 - Station 08/15/2013 5:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.243 [GMT -5:00]
Running from: c:\documents and settings\Station\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\SPL411.tmp
c:\documents and settings\Station\WINDOWS
c:\windows\SET405.tmp
c:\windows\SET4B9.tmp
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004485_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004507_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004518_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\ctfmon(3).exe
c:\windows\system32\HFX308.tmp
c:\windows\system32\HFX3A4.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\SET1C5.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1D2.tmp
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1E1.tmp
c:\windows\system32\SET1E3.tmp
c:\windows\system32\SET1E4.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1E9.tmp
c:\windows\system32\SET1EA.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EE.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F6.tmp
c:\windows\system32\SET1F7.tmp
c:\windows\system32\SET1FA.tmp
c:\windows\system32\SET1FC.tmp
c:\windows\system32\SET1FD.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET207.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20E.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET211.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET21D.tmp
c:\windows\system32\SET21E.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET22C.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23D.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET242.tmp
c:\windows\system32\SET243.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET246.tmp
c:\windows\system32\SET247.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25E.tmp
c:\windows\system32\SET260.tmp
c:\windows\system32\SET263.tmp
c:\windows\system32\SET266.tmp
c:\windows\system32\SET267.tmp
c:\windows\system32\SET26C.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET271.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET278.tmp
c:\windows\system32\SET279.tmp
c:\windows\system32\SET281.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET288.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET28A.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A0.tmp
c:\windows\system32\SET2A2.tmp
c:\windows\system32\SET2A3.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2B1.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2B7.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2BF.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2C5.tmp
c:\windows\system32\SET2C6.tmp
c:\windows\system32\SET2C7.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2CB.tmp
c:\windows\system32\SET2CC.tmp
c:\windows\system32\SET2CD.tmp
c:\windows\system32\SET2CE.tmp
c:\windows\system32\SET2D0.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D4.tmp
c:\windows\system32\SET2D5.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET2D7.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DA.tmp
c:\windows\system32\SET2DB.tmp
c:\windows\system32\SET2DC.tmp
c:\windows\system32\SET2DD.tmp
c:\windows\system32\SET2DE.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E2.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E7.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2E9.tmp
c:\windows\system32\SET2EA.tmp
c:\windows\system32\SET2EB.tmp
c:\windows\system32\SET2EC.tmp
c:\windows\system32\SET2ED.tmp
c:\windows\system32\SET2EE.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET2F0.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2F2.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2F4.tmp
c:\windows\system32\SET2F5.tmp
c:\windows\system32\SET2F6.tmp
c:\windows\system32\SET2F7.tmp
c:\windows\system32\SET2F8.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET2FE.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\SET303.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET306.tmp
c:\windows\system32\SET309.tmp
c:\windows\system32\SET30A.tmp
c:\windows\system32\SET30B.tmp
c:\windows\system32\SET30C.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30E.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET310.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET312.tmp
c:\windows\system32\SET313.tmp
c:\windows\system32\SET314.tmp
c:\windows\system32\SET315.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET317.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31B.tmp
c:\windows\system32\SET31C.tmp
c:\windows\system32\SET31D.tmp
c:\windows\system32\SET31E.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET320.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET322.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET325.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET327.tmp
c:\windows\system32\SET328.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET32A.tmp
c:\windows\system32\SET32B.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32D.tmp
c:\windows\system32\SET32E.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET331.tmp
c:\windows\system32\SET332.tmp
c:\windows\system32\SET333.tmp
c:\windows\system32\SET334.tmp
c:\windows\system32\SET335.tmp
c:\windows\system32\SET336.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET338.tmp
c:\windows\system32\SET339.tmp
c:\windows\system32\SET33A.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33D.tmp
c:\windows\system32\SET33E.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET340.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET346.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET349.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34B.tmp
c:\windows\system32\SET34C.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34E.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET352.tmp
c:\windows\system32\SET353.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET356.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET358.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET35A.tmp
c:\windows\system32\SET35B.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET35F.tmp
c:\windows\system32\SET360.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET362.tmp
c:\windows\system32\SET363.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET367.tmp
c:\windows\system32\SET368.tmp
c:\windows\system32\SET369.tmp
c:\windows\system32\SET36A.tmp
c:\windows\system32\SET36B.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET36E.tmp
c:\windows\system32\SET36F.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET371.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET373.tmp
c:\windows\system32\SET374.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET376.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET378.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET37A.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET37F.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET390.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3A7.tmp
c:\windows\system32\SET3A8.tmp
c:\windows\system32\SET3A9.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3AB.tmp
c:\windows\system32\SET3AC.tmp
c:\windows\system32\SET3AD.tmp
c:\windows\system32\SET3AE.tmp
c:\windows\system32\SET3AF.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B2.tmp
c:\windows\system32\SET3B3.tmp
c:\windows\system32\SET3B4.tmp
c:\windows\system32\SET3B5.tmp
c:\windows\system32\SET3B6.tmp
c:\windows\system32\SET3B7.tmp
c:\windows\system32\SET3B8.tmp
c:\windows\system32\SET3B9.tmp
c:\windows\system32\SET3BA.tmp
c:\windows\system32\SET3BB.tmp
c:\windows\system32\SET3BC.tmp
c:\windows\system32\SET3BD.tmp
c:\windows\system32\SET3BE.tmp
c:\windows\system32\SET3BF.tmp
c:\windows\system32\SET3C0.tmp
c:\windows\system32\SET3C1.tmp
c:\windows\system32\SET3C2.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C4.tmp
c:\windows\system32\SET3C5.tmp
c:\windows\system32\SET3C6.tmp
c:\windows\system32\SET3C7.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3C9.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3CB.tmp
c:\windows\system32\SET3CC.tmp
c:\windows\system32\SET3CF.tmp
c:\windows\system32\SET3D0.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D2.tmp
c:\windows\system32\SET3D3.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D7.tmp
c:\windows\system32\SET3D8.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DB.tmp
c:\windows\system32\SET3DC.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EA.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET401.tmp
c:\windows\system32\SET402.tmp
c:\windows\system32\SET406.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET433.tmp
c:\windows\system32\SET43A.tmp
c:\windows\system32\SET43B.tmp
c:\windows\system32\SET43C.tmp
c:\windows\system32\SET43F.tmp
c:\windows\system32\SET440.tmp
c:\windows\system32\SET443.tmp
c:\windows\system32\SET445.tmp
c:\windows\system32\SET446.tmp
c:\windows\system32\SET447.tmp
c:\windows\system32\SET44A.tmp
c:\windows\system32\SET44C.tmp
c:\windows\system32\SET451.tmp
c:\windows\system32\SET452.tmp
c:\windows\system32\SET45A.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET466.tmp
c:\windows\system32\SET469.tmp
c:\windows\system32\SET46C.tmp
c:\windows\system32\SET46E.tmp
c:\windows\system32\SET472.tmp
c:\windows\system32\SET474.tmp
c:\windows\system32\SET475.tmp
c:\windows\system32\SET476.tmp
c:\windows\system32\SET479.tmp
c:\windows\system32\SET47A.tmp
c:\windows\system32\SET47E.tmp
c:\windows\system32\SET47F.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET48B.tmp
c:\windows\system32\SET48F.tmp
c:\windows\system32\SET491.tmp
c:\windows\system32\SET493.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET6E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 )))))))))))))))))))))))))))))))
.
.
2013-08-15 10:00 . 2013-08-15 10:00 -------- d-----w- c:\windows\ERUNT
2013-08-15 07:58 . 2013-07-02 04:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{104E4682-0ED0-4187-89A2-B33535826871}\mpengine.dll
2013-08-14 08:07 . 2013-07-02 04:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-14 06:23 . 2013-08-14 06:39 -------- d-----w- C:\AdwCleaner
2013-08-11 16:27 . 2013-08-11 16:27 -------- d-----w- c:\documents and settings\Station\Local Settings\Application Data\Sun
2013-08-11 14:53 . 2013-08-11 14:53 -------- d-----w- c:\documents and settings\Station\Application Data\Avira
2013-08-11 14:36 . 2013-08-11 14:26 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-11 14:36 . 2013-08-11 14:26 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-11 14:36 . 2013-08-11 14:26 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-11 14:35 . 2013-08-11 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2013-08-11 14:35 . 2013-08-11 14:35 -------- d-----w- c:\program files\Avira
2013-08-10 15:02 . 2013-08-12 15:15 2472 ----a-w- c:\windows\system32\regHiveData.bin
2013-08-10 12:05 . 2013-08-10 14:33 -------- d-----w- c:\windows\SystemRepair
2013-08-10 11:57 . 2013-08-10 11:57 -------- d-----w- c:\documents and settings\Station\Application Data\AOL
2013-08-10 11:57 . 2013-08-10 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Computer Checkup
2013-08-10 11:50 . 2013-08-10 11:50 -------- d-----w- C:\temp
2013-08-10 11:50 . 2013-08-10 15:27 -------- d-----w- c:\program files\AOL Computer Checkup
2013-08-10 11:46 . 2013-08-10 11:56 -------- d-----w- c:\documents and settings\Station\Downloads
2013-08-09 10:06 . 2013-08-09 10:06 -------- d-----w- c:\documents and settings\Station\Application Data\Malwarebytes
2013-08-09 10:06 . 2013-08-09 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-09 10:06 . 2013-08-09 10:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-09 10:06 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-06 13:41 . 2013-08-06 13:41 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-06 13:41 . 2013-08-06 13:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-06 13:35 . 2013-08-06 13:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2013-08-03 12:42 . 2013-08-03 12:42 -------- d-----w- c:\windows\system32\Adobe
2013-07-28 21:40 . 2013-07-28 21:40 -------- d-----w- c:\documents and settings\Station\Local Settings\Application Data\Mozilla
2013-07-28 21:40 . 2013-07-28 21:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-07-28 20:56 . 2013-07-28 20:56 -------- d-----w- C:\logs
2013-07-26 14:30 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-26 13:40 . 2013-07-26 13:40 -------- d-----w- c:\program files\Microsoft Security Client
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 13:41 . 2007-06-11 04:59 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-08-06 13:41 . 2011-08-08 17:46 789416 -c--a-w- c:\windows\system32\deployJava1.dll
2013-07-28 21:49 . 2013-01-08 22:28 692104 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 21:49 . 2011-08-04 18:13 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-08 04:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2011-08-17 09:33 1876736 ----a-w- c:\windows\system32\win32k.sys
2008-03-09 11:15 . 2008-03-09 11:15 4506256 -c--a-w- c:\program files\LimeWireWin.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"lxdcamon"="c:\program files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"MakiwaraNotify"="c:\program files\AOL Computer Checkup\sdccont.exe" [2013-03-13 82296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-11 345144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5001:TCP"= 5001:TCP:MSI MControl Port 5001
"22:TCP"= 22:TCP:MSI SCP Port 22
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl047669a3;MpKsl047669a3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{99349241-8D41-49F8-BEC1-A2AD8306123C}\MpKsl047669a3.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 99248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-08-11 589368]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-08-11 37352]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-11 84024]
S2 AOL Computer Checkup;AOL Computer Checkup;c:\program files\AOL Computer Checkup\SDCService.exe [2013-03-13 584568]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 537520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 21:49]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 22:25]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 22:25]
.
2013-08-13 c:\windows\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job
- c:\program files\AOL Computer Checkup\sdcCont.exe [2013-03-13 04:41]
.
2013-08-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-07-18 21:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.123.254
FF - ProfilePath - c:\documents and settings\Station\Application Data\Mozilla\Firefox\Profiles\jziphf31.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-lxdcmon.exe - c:\program files\Lexmark 1300 Series\lxdcmon.exe
AddRemove-LogView 7 - c:\progra~1\RockWare\LogView7\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-15 05:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(768)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
- - - - - - - > 'explorer.exe'(2288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-08-15 05:42:22 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-15 10:42
.
Pre-Run: 65,645,334,528 bytes free
Post-Run: 65,721,589,760 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 20ECE7EDCBA9C02F8A6CF9970309FEAB
8F558EB6672622401DA993E1E865C861

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

**********************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

Thanks.

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F8622000
Module End: F8631000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A8296000
Module End: A82AE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8B34000
Module End: F8B36000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: A933A000
Module End: A9342000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F8AEA000
Module End: F8AEC000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F8C46DFC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: F8C46DB6
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSection
Address: F8C46E06
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F8C46DAC
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F8C46DBB
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F8C46DC5
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDuplicateObject
Address: F8C46DF7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadKey
Address: F8C46DCA
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F8C46D98
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F8C46D9D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryValueKey
Address: F8C46E1F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F8C46DD4
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRequestWaitReplyPort
Address: F8C46E10
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F8C46DCF
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: F8C46E0B
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSecurityObject
Address: F8C46E15
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F8C46DC0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSystemDebugControl
Address: F8C46E1A
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F8C46DA7
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\01\10-{E414B05D-D04C-7090-4170-1BD746317038}-v1-{27F67BC4
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\11\11-{27F67BC4-42B9-470F-9773-2C82A8465F3E}-v11-{27F67BC
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\11\11-{F660EA45-23A3-4513-A096-DDB655C35EEE}-v11-{F660EA4
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\12\12-{27F67BC4-42B9-470F-9773-2C82A8465F3E}-v12-{27F67BC
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\12\12-{F660EA45-23A3-4513-A096-DDB655C35EEE}-v12-{F660EA4
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\13\13-{27F67BC4-42B9-470F-9773-2C82A8465F3E}-v13-{27F67BC
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\13\13-{F660EA45-23A3-4513-A096-DDB655C35EEE}-v13-{F660EA4
Status: Hidden

Object: C:\Documents and Settings\Station\Local Settings\Application Data\Microsoft\Messenger\kahleesmith@yahoo.com\SharingMetadata\lez174u@hotmail.com\DFSR\Staging\CS{E414B05D-D04C-7090-4170-1BD746317038}\18\18-{27F67BC4-42B9-470F-9773-2C82A8465F3E}-v18-{27F67BC
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied






RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Station [Admin rights]
Mode : Scan -- Date : 08/16/2013 06:35:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF8C46DFC)
[Address] SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0xF8C46DB6)
[Address] SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF8C46E06)
[Address] SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0xF8C46DAC)
[Address] SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0xF8C46DBB)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0xF8C46DC5)
[Address] SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0xF8C46DF7)
[Address] SSDT[98] : NtLoadKey @ 0x805D526B -> HOOKED (Unknown @ 0xF8C46DCA)
[Address] SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0xF8C46D98)
[Address] SSDT[128] : NtOpenThread @ 0x805E484F -> HOOKED (Unknown @ 0xF8C46D9D)
[Address] SSDT[177] : NtQueryValueKey @ 0x80572F2A -> HOOKED (Unknown @ 0xF8C46E1F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065738E -> HOOKED (Unknown @ 0xF8C46DD4)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8057D153 -> HOOKED (Unknown @ 0xF8C46E10)
[Address] SSDT[204] : NtRestoreKey @ 0x80656F25 -> HOOKED (Unknown @ 0xF8C46DCF)
[Address] SSDT[213] : NtSetContextThread @ 0x806363E9 -> HOOKED (Unknown @ 0xF8C46E0B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x8059DDEB -> HOOKED (Unknown @ 0xF8C46E15)
[Address] SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0xF8C46DC0)
[Address] SSDT[255] : NtSystemDebugControl @ 0x80651C59 -> HOOKED (Unknown @ 0xF8C46E1A)
[Address] SSDT[257] : NtTerminateProcess @ 0x8058E8D1 -> HOOKED (Unknown @ 0xF8C46DA7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF8C46E2E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF8C46E33)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLA380 +++++
--- User ---
[MBR] 734ddf7b31ae16d8f72667c3e03763a8
[BSP] dcde2a7c71139517e486d21e60ea0bf2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HDS728080PLA380 +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08162013_063539.txt >>

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Thanks for all the help. Here are the requested files.


ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=599e1c32fe786f44ab1aad334914b981
# engine=14806
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-17 01:32:16
# local_time=2013-08-17 08:32:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1799 16775165 100 95 0 0 0 0
# compatibility_mode=5892 16777213 88 94 978686 4896220 0 0
# scanned=57239
# found=2
# cleaned=2
# scan_time=5724
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Program Files\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=EA30F0E44560AD115C15C8C8DBE1BE4F653979D9 ft=1 fh=9e481ab720508ce7 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{48A46F19-9EE6-46E7-B9D2-9EEC1552C69E}\RP1286\A0126067.exe"


----------------------------------


RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Station [Admin rights]
Mode : Remove -- Date : 08/17/2013 06:36:45
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x8056F8D7 -> HOOKED (Unknown @ 0xF8BFB70C)
[Address] SSDT[41] : NtCreateKey @ 0x80578ACE -> HOOKED (Unknown @ 0xF8BFB6C6)
[Address] SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (Unknown @ 0xF8BFB716)
[Address] SSDT[53] : NtCreateThread @ 0x80584D59 -> HOOKED (Unknown @ 0xF8BFB6BC)
[Address] SSDT[63] : NtDeleteKey @ 0x8059978F -> HOOKED (Unknown @ 0xF8BFB6CB)
[Address] SSDT[65] : NtDeleteValueKey @ 0x805983AE -> HOOKED (Unknown @ 0xF8BFB6D5)
[Address] SSDT[68] : NtDuplicateObject @ 0x8057F1A9 -> HOOKED (Unknown @ 0xF8BFB707)
[Address] SSDT[98] : NtLoadKey @ 0x805D526B -> HOOKED (Unknown @ 0xF8BFB6DA)
[Address] SSDT[122] : NtOpenProcess @ 0x8057F956 -> HOOKED (Unknown @ 0xF8BFB6A8)
[Address] SSDT[128] : NtOpenThread @ 0x805E484F -> HOOKED (Unknown @ 0xF8BFB6AD)
[Address] SSDT[177] : NtQueryValueKey @ 0x80572F2A -> HOOKED (Unknown @ 0xF8BFB72F)
[Address] SSDT[193] : NtReplaceKey @ 0x8065738E -> HOOKED (Unknown @ 0xF8BFB6E4)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x8057D153 -> HOOKED (Unknown @ 0xF8BFB720)
[Address] SSDT[204] : NtRestoreKey @ 0x80656F25 -> HOOKED (Unknown @ 0xF8BFB6DF)
[Address] SSDT[213] : NtSetContextThread @ 0x806363E9 -> HOOKED (Unknown @ 0xF8BFB71B)
[Address] SSDT[237] : NtSetSecurityObject @ 0x8059DDEB -> HOOKED (Unknown @ 0xF8BFB725)
[Address] SSDT[247] : NtSetValueKey @ 0x805800A4 -> HOOKED (Unknown @ 0xF8BFB6D0)
[Address] SSDT[255] : NtSystemDebugControl @ 0x80651C59 -> HOOKED (Unknown @ 0xF8BFB72A)
[Address] SSDT[257] : NtTerminateProcess @ 0x8058E8D1 -> HOOKED (Unknown @ 0xF8BFB6B7)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF8BFB73E)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF8BFB743)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728080PLA380 +++++
--- User ---
[MBR] 734ddf7b31ae16d8f72667c3e03763a8
[BSP] dcde2a7c71139517e486d21e60ea0bf2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 78520 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HDS728080PLA380 +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_08172013_063645.txt >>
RKreport[0]_S_08172013_063530.txt

That looks good. How's your computer running before we clean up?

So much better!

Good, now we can cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

****************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
****************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Thank you so much for your time and service.