Jump to content

CarpetDweller

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Got machine to finally open in Safemode. Will attempt the above and reply back.
  2. Thank you for replying so quickly, but it appears there is another issue.. My computer shut down sometime during the night when I went home. Came into work this AM and it will NOT boot up. Since this is a work computer, I have to log in through Credant Mobile Shield. Once I do enter my password, I get the Windows sound when it opens & then nothing. Only my background. No icons, can't access start menu and Cntl Alt Delete brings up the option to get to the Task Manager, then it never opens. There is only the fan running. It almost seems like the processor isn't working. So at startup, the only other option other than it starting Windows XP Pro (which is normally what I select) is the Recovery Tool. I clicked on that and it will allow me to back up my files.. then a Window pops up labled 'Servant Salamander' At this point I am afraid to touch this machine because whatever the issue is seems to be getting worse. Help? Ideas? I am desperate since the computer I am working off of to type this is being shipped off for repairs today sometime and I am dead in the water since the other one won't even boot up all the way. I have been here for 3 hours now & nothing about the state of this other computer has changed.. it appears I have killed this computer somehow.. please, please help!
  3. Step 07 ESET log C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\reflect.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\refsetup_v1.13.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir Win32/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir Win64/Thinknice.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir Win32/ELEX.AR potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir Win32/Thinknice.D potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir Win64/Thinknice.B potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir Win32/Thinknice.C potentially unwanted application C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir Win64/Thinknice.C potentially unwanted application C:\Documents and Settings\A7AS\Application Data\9468\a7165.exe a variant of Win32/Amonetize.BI potentially unwanted application C:\Documents and Settings\A7AS\Application Data\9876\a7228.exe a variant of Win32/Amonetize.BI potentially unwanted application C:\Documents and Settings\A7AS\Local Settings\Temp\suntemp.ex_ Win32/DownloadAdmin.G potentially unwanted application C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3F.tmp.exe a variant of Win32/ELEX.AQ potentially unwanted application C:\Documents and Settings\A7AS\Local Settings\Temp\UNT40.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5A.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\Adobe Acrobat 7.0 Pro.exe a variant of Win32/4Shared.U potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\cbsidlm-cbsi188-Trojan_Remover_Update-SEO-10038982.exe a variant of Win32/CNETInstaller.B potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (1).exe a variant of Win32/SquareNet.A potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (2).exe a variant of Win32/SquareNet.A potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer.exe a variant of Win32/SquareNet.A potentially unwanted application C:\Documents and Settings\A7AS\My Documents\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application Step 08 FARBAR log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014 Ran by A7AS (administrator) on AFLACA7AS on 22-07-2014 12:05:11 Running from C:\Documents and Settings\A7AS\My Documents\Downloads Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe ( ) C:\WINDOWS\system32\lxdqcoms.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe () C:\WINDOWS\system32\mswnetchk.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\DoScan.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe () C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe () C:\WINDOWS\system32\MsChkPrompt.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\WINDOWS\Dll32Agent.Exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Farbar) C:\Documents and Settings\A7AS\My Documents\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {4F1623FC-35C9-416E-9517-1F42B885A52E} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4F1623FC-35C9-416E-9517-1F42B885A52E} URL = https://www.google.com/search?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll () BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253118906560 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Extension: (Google Drive) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17] CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-17] CHR Extension: (Google Wallet) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed] R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation) R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed] R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks) R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation) R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.) R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed] R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec) S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation) R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation) R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed] S3 ReflectService; "C:\Program Files\NCH Software\Reflect\reflect.exe" -service [X] ==================== Drivers (Whitelisted) ==================== R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed] S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed] S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.) R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.) R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation) S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP) S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed] R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed] S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-07-21] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-22] (Malwarebytes Corporation) S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola) R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed] R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation) R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation) R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation) R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation) S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed] U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35152 2014-07-03] () S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation) R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed] R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell) R1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt; C:\WINDOWS\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys [55224 2014-07-12] (StdLib) S3 asdids; system32\DRIVERS\asdids.sys [X] S3 asdidsmp; system32\DRIVERS\asdids.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-22 10:24 - 2014-07-22 10:24 - 00000000 ____D () C:\Program Files\ESET 2014-07-22 09:35 - 2014-07-22 09:35 - 00010842 _____ () C:\Documents and Settings\A7AS\Desktop\AdwCleaner[R0].txt 2014-07-22 09:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll 2014-07-22 09:19 - 2014-07-22 09:42 - 00000000 ____D () C:\AdwCleaner 2014-07-22 08:31 - 2014-07-22 09:18 - 00002249 _____ () C:\Documents and Settings\A7AS\Desktop\JRT.txt 2014-07-22 08:25 - 2014-07-22 08:25 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-21 09:48 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\MBAM 2014-07-21 09:41 - 2014-07-21 09:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini072114-01.dmp 2014-07-21 09:01 - 2014-07-22 09:52 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-21 08:55 - 2014-07-21 09:01 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-21 08:55 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-21 08:19 - 2014-07-21 08:19 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Program Files\ERUNT 2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-07-17 13:01 - 2014-07-12 17:18 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys 2014-07-17 11:57 - 2014-07-17 11:57 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9876 2014-07-17 11:55 - 2014-07-17 11:55 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9468 2014-07-16 13:43 - 2014-07-16 13:49 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-07-09 12:22 - 2014-07-09 12:22 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 _____ () C:\Documents and Settings\A7AS\Desktop\New Text Document (3).txt 2014-07-03 11:22 - 2014-07-03 11:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-07-03 11:22 - 2014-07-03 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-07-02 10:49 - 2014-07-02 10:49 - 00065844 _____ () C:\Documents and Settings\A7AS\My Documents\Benefit Code Chart 3-2014-xls.xlsx 2014-07-02 08:50 - 2014-07-22 12:06 - 00000000 ____D () C:\FRST 2014-06-26 09:47 - 2014-07-17 08:20 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll 2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll 2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll 2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll 2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll 2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software ==================== One Month Modified Files and Folders ======= 2014-07-22 12:09 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp 2014-07-22 12:07 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox 2014-07-22 12:06 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST 2014-07-22 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job 2014-07-22 11:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-22 11:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-22 11:09 - 2014-07-21 09:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\MBAM 2014-07-22 10:24 - 2014-07-22 10:24 - 00000000 ____D () C:\Program Files\ESET 2014-07-22 10:15 - 2012-11-02 07:27 - 00622713 _____ () C:\WinTab.log 2014-07-22 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job 2014-07-22 09:52 - 2014-07-21 09:01 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-22 09:50 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox 2014-07-22 09:49 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster 2014-07-22 09:48 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-22 09:48 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-22 09:47 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job 2014-07-22 09:47 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-22 09:47 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-22 09:47 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp 2014-07-22 09:47 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus 2014-07-22 09:47 - 2009-09-16 11:16 - 01735241 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-22 09:47 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb 2014-07-22 09:46 - 2009-09-16 07:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-07-22 09:46 - 2009-09-16 07:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-07-22 09:45 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-22 09:43 - 2009-09-16 11:23 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt 2014-07-22 09:42 - 2014-07-22 09:19 - 00000000 ____D () C:\AdwCleaner 2014-07-22 09:42 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini 2014-07-22 09:42 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS 2014-07-22 09:35 - 2014-07-22 09:35 - 00010842 _____ () C:\Documents and Settings\A7AS\Desktop\AdwCleaner[R0].txt 2014-07-22 09:18 - 2014-07-22 08:31 - 00002249 _____ () C:\Documents and Settings\A7AS\Desktop\JRT.txt 2014-07-22 08:25 - 2014-07-22 08:25 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-21 14:22 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-21 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job 2014-07-21 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-07-21 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job 2014-07-21 09:49 - 2013-01-08 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON 2014-07-21 09:41 - 2012-11-08 10:41 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-21 09:41 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC 2014-07-21 09:40 - 2014-07-21 09:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini072114-01.dmp 2014-07-21 09:01 - 2014-07-21 08:55 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-21 08:55 - 2014-05-14 12:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-07-21 08:43 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-07-21 08:19 - 2014-07-21 08:19 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Program Files\ERUNT 2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-07-20 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job 2014-07-20 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-17 15:59 - 2013-01-30 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01007$ 2014-07-17 13:44 - 2014-05-05 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\f654fe39c13d631b 2014-07-17 13:31 - 2009-09-16 14:38 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-07-17 13:29 - 2006-02-28 06:00 - 00001023 _____ () C:\WINDOWS\win.ini 2014-07-17 13:01 - 2009-09-16 11:22 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-07-17 11:57 - 2014-07-17 11:57 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9876 2014-07-17 11:57 - 2009-09-16 06:58 - 00000000 ____D () C:\WINDOWS\Resources 2014-07-17 11:55 - 2014-07-17 11:55 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9468 2014-07-17 08:20 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-07-16 13:49 - 2014-07-16 13:43 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-07-16 13:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google 2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-07-16 13:43 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google 2014-07-15 14:53 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats 2014-07-12 17:18 - 2014-07-17 13:01 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys 2014-07-09 12:22 - 2014-07-09 12:22 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2014-07-09 12:22 - 2013-01-06 11:50 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-09 12:22 - 2013-01-06 11:50 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 _____ () C:\Documents and Settings\A7AS\Desktop\New Text Document (3).txt 2014-07-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job 2014-07-07 08:30 - 2009-09-18 13:50 - 00073136 _____ () C:\Documents and Settings\1000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-07-07 08:27 - 2009-09-16 07:05 - 00284520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-03 14:08 - 2014-05-15 09:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-07-03 14:03 - 2009-09-16 07:07 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-07-03 12:58 - 2014-05-15 09:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 2014-07-03 11:22 - 2014-07-03 11:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-07-03 11:22 - 2014-07-03 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-07-02 10:49 - 2014-07-02 10:49 - 00065844 _____ () C:\Documents and Settings\A7AS\My Documents\Benefit Code Chart 3-2014-xls.xlsx 2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$ 2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$ 2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss 2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini 2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpakhznz.dll C:\Documents and Settings\A7AS\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3B.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3C.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3D.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3E.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3F.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT40.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT41.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT42.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT43.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT55.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT56.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT57.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT58.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT59.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5A.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5B.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5C.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5D.tmp.exe C:\Documents and Settings\A7AS\Local Settings\Temp\VOPackage.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  4. STEP 04 JUNKWARE REMOVAL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Microsoft Windows XP x86Ran by A7AS on Tue 07/22/2014 at 8:25:12.76~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URLSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URLSuccessfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"Successfully deleted: [Folder] "C:\Documents and Settings\A7AS\Local Settings\Application Data\torch"Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 07/22/2014 at 8:31:16.29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ STEP 05 ADW log(s) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/22/2014Scan Time: 9:53:53 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.03.04.09Rootkit Database: v2014.02.20.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: A7AS Scan Type: Threat ScanResult: CompletedObjects Scanned: 294987Time Elapsed: 14 min, 59 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 7/22/2014Scan Time: 9:53:53 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.03.04.09Rootkit Database: v2014.02.20.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: A7AS Scan Type: Threat ScanResult: CompletedObjects Scanned: 294987Time Elapsed: 14 min, 59 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) # AdwCleaner v3.216 - Report created 22/07/2014 at 09:19:33# Updated 17/07/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : A7AS - AFLACA7AS# Running from : C:\Documents and Settings\A7AS\My Documents\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crxFolder Found : C:\DOCUME~1\A7AS\LOCALS~1\Temp\NorpallaFolder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\1000\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\A7AS\Application Data\NCH SoftwareFolder Found : C:\Documents and Settings\A7AS\Application Data\VOPackageFolder Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\A7AS\Start Menu\Programs\VOPackageFolder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\All Users\Application Data\AppReady SoftwareFolder Found : C:\Documents and Settings\All Users\Application Data\MMiNimumPrICeFolder Found : C:\Documents and Settings\All Users\Application Data\NCH SoftwareFolder Found : C:\Documents and Settings\All Users\Application Data\save nettFolder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torchFolder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic BrowserFolder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejkFolder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdjFolder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torchFolder Found : C:\Program Files\NCH SoftwareFolder Found : C:\Program Files\save nettFolder Found : C:\Program Files\SupTab ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18b20944-f54e-4509-88fa-f0ad137bf8de}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18b20944-f54e-4509-88fa-f0ad137bf8de}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Found : HKCU\Software\RegisteredApplicationsExKey Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedhKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbbomaKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7DD5E91C-3864-77EC-7635-D14910C2A03E}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackageKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CCKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EAKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0EKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDFKey Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65EKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackageKey Found : HKLM\Software\SupDpValue Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms} -\\ Google Chrome v36.0.1985.125 [ File : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Found [startup_urls] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6Found [Homepage] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6Found [Extension] : bopakagnckmlgajfccecajhnimjiiedhFound [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma ************************* AdwCleaner[R0].txt - [10700 octets] - [22/07/2014 09:19:33] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10761 octets] ########## Step 06 Malware Bytes log(s) Check & install logs mbam-check result log version: 2.1.1.1001======================================== User Account type: AdministratorOS: Windows XP Service Pack 3 Service Pack 3 32 bit Operating SystemCurrent Version and Build: 5.1.2600.0 OS Product Info: Professional Malwarebytes Anti-Malware: 2.0.2.1012Installed On: 2014/07/21Malware Database: 2014.03.04.09Rootkit Database: 2014.02.20.01Remediation Database: 2013.10.16.01IP Database: 0000.00.00.00Domain Database: 0000.00.00.00License: PremiumMalware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtectorMalicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControlChameleon: 4 (The service is running.)Log Created: 2014/07/21 09:21:34Compatibility Flag Settings:================================= Malwarebytes Anti-Malware Shell Extension Block Check:====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked MBAM Startup Entries: =====================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status:======================================================= --------------Driver File Info:--------------C:\WINDOWS\system32\drivers\mbam.sysFile Size: 23256 BYTES FileVersion: 0.1.13.0 MD5: [8683c1b450f4b3872839308d836e0f92]C:\WINDOWS\system32\drivers\mbamswissarmy.sysFile Size: 110296 BYTES FileVersion: 0.1.7.0 MD5: [12e71da845d76665b56753ad149e32b3]C:\WINDOWS\system32\drivers\mbamchameleon.sysFile Size: 53208 BYTES FileVersion: 1.0.4.0 MD5: [dc7e770cd68e91fb65b2d841741f43f6] --------------MBAMProtector:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtectorWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMService:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMServiceWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMScheduler:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMSchedulerWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A --------------MBAMChameleon:--------------Type: 2State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE: 0SERVICE_EXIT_CODE: 0CHECKPOINT: 0WAIT_HINT: 0 --------------MBAMWebAccessControl:--------------Type: N/AState: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControlWIN32_EXIT_CODE: N/ASERVICE_EXIT_CODE: N/ACHECKPOINT: N/AWAIT_HINT: N/A Required Dependencies:====================== --------------fltmgr:--------------Type: 2State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)WIN32_EXIT_CODE: 0SERVICE_EXIT_CODE: 0CHECKPOINT: 0WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgrType REG_DWORD 2Start REG_DWORD 0ErrorControl REG_DWORD 1Tag REG_DWORD 1ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sysDisplayName REG_SZ FltMgrGroup REG_SZ FSFilter InfrastructureDescription REG_SZ File System Filter Manager DriverAttachWhenLoaded REG_DWORD 1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\SecuritySecurity REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum0 REG_SZ Root\LEGACY_FLTMGR\0000Count REG_DWORD 1NextInstance REG_DWORD 1 C:\WINDOWS\system32\drivers\fltmgr.sysFile Size: 129792 BYTES FileVersion: 5.1.2600.5512 MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0]C:\WINDOWS\system32\comctl32.ocxFile Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]C:\WINDOWS\system32\mscomctl.ocxFile Size: 1077336 BYTES FileVersion: 6.1.95.45 MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d]C:\WINDOWS\system32\olepro32.dllFile Size: 84992 BYTES FileVersion: 5.1.2600.5512 MD5: [5652f6ce1d9e9d8068b9d29bc21b5409] MBAM Registry Settings and License Info:========================================--------------Settings:--------------Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: 0 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: false SilentErrors: false Logging: ExportLog: true Notification: ProtectionTray: DisplayMilliseconds: 7000 ScanHistory: Duration_Driver: 0 Duration_Filesystem: 96000 Duration_Heuristics: 8000 Duration_Loading: 0 Duration_MasterBootRecord: 0 Duration_Memory: 40000 Duration_PreScan: 44000 Duration_Registry: 3000 Duration_Sector: 0 Duration_Startup: 7000 ItemCount_Driver: 0 ItemCount_Filesystem: 6890 ItemCount_Heuristics: 108509 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 0 ItemCount_Memory: 2797 ItemCount_PreScan: 0 ItemCount_Registry: 38948 ItemCount_Sector: 0 ItemCount_Startup: 447 LastScanDateEpoch: 1405951249890 LastScanType: 1 (Threat Scan)Update: NotifyInstallReady: true NotifyOutdatedDatabase: 1 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false --------------Account:-------------- Account Status: Premium Expiration Time: 2034/07/21 08:57:22 Activation Time: 2014/07/21 08:57:22 Trial Used: false --------------Access Policies:-------------- Scheduler Queue:================ tasks: 7f456038-b6d3-4c4b-8ff7-1184420fa35c: parameters: NotifyWhenUpdateCompletes: true TaskType: 3 triggers: 03ffad18-f739-4220-83bd-c501d58074fd: dateinterval: 0:0:0 lastscheduled: Mon, 21 Jul 2014 09:15:29.046875 -0500 lasttriggered: nextscheduled: Mon, 21 Jul 2014 10:15:29.046875 -0500 recovery: 00:00:00 start: Mon, 21 Jul 2014 09:04:00.046875 -0500 timeinterval: 01:00:00 type: 3 uuid: 03ffad18-f739-4220-83bd-c501d58074fd type: update uuid: 7f456038-b6d3-4c4b-8ff7-1184420fa35c bb012531-e7a9-4ec6-a45d-3911c0901eef: parameters: CheckForUpdatesBeforeScanStart: true ScanConfig: ExitWhenNoMalwareDetected: false ExportLog: true FileSystemOption: true RebootSystemWhenMalwareDetected: false RemoveMalwareAutomaticallyWhenScanEnds: false ScanArchives: true ScanExtra: true ScanHeuristic: true ScanMemoryObjects: true ScanPUM: 2 ScanPUP: 2 ScanRegistry: true ScanRootkits: false ScanStartup: true ScanTargets: ScanType: 1 (Threat Scan) Silent: true TerminateExplorerWhenMalwareIsRemoved: false StartTaskFromSystemAccount: false TaskType: 0 triggers: f370c5f3-abd2-4d83-8415-4321e358bf46: dateinterval: 1:0:0 lastscheduled: lasttriggered: nextscheduled: Tue, 22 Jul 2014 03:11:51 -0500 recovery: 23:00:00 start: Tue, 22 Jul 2014 02:57:04 -0500 timeinterval: 00:00:00 type: 4 uuid: f370c5f3-abd2-4d83-8415-4321e358bf46 type: scan uuid: bb012531-e7a9-4ec6-a45d-3911c0901eef Pending File Rename Operations: ================================If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector MBAMService Registry Values:============================ MBAMScheduler Registry Values:============================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler Terminal Services Status for (null) entries in PM logs and GetUserToken errors:=============================================================================== --------------TERMService:--------------Type: 32State: 4 (The service is running.) (State is stopped)WIN32_EXIT_CODE: 0SERVICE_EXIT_CODE: 0CHECKPOINT: 0WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set LAN Settings:============= only 'Automatically detect settings' is selected SystemPartition:================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition REG_SZ \Device\HarddiskVolume2 Balloon Tips Status:==================== Enabled Time Format Settings:===================== Should be:h:mm:ss ttAM PM : Currently:REG_SZ h:mm:ss ttREG_SZ AMREG_SZ PMREG_SZ : Language and Regional Settings:=============================== ACP: Language is English (United States)MACCP: Language is English (United States)OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check:==================================================== All Users Startup Folder Exists.Current User's startup Folder Exists. Context Menu Entries:===================== List of MBAM Related Directories:================================= C:\Program Files\Malwarebytes Anti-Malware\7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e]changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6]license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf]master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d]mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5]mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7]mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188]mbamext.dll File Size: 157496 BYTES FileVersion: 3.0.4.0 MD5: [1be09650974c36d9b2a890eea0c338c3]mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1]mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b]mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd]mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa]msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe]QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20]QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8]unins000.dat File Size: 23127 BYTES FileVersion: N/A MD5: [d16e74752c7e81d7ca9de90bc9dd96ea]unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a] C:\Program Files\Malwarebytes Anti-Malware\\Chameleon C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windowschameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731]rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee] C:\Program Files\Malwarebytes Anti-Malware\\imageformatsqgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e] C:\Program Files\Malwarebytes Anti-Malware\\Languageslang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325]lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba]lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427]lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d]lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864]lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6]lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f]lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51]lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4]lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387]lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920]lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7]lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7]lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94]lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d]lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97]lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67]lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f]lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067]lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0]lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84]lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81]lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4]lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f]lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9]lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d] C:\Program Files\Malwarebytes Anti-Malware\\Pluginsfixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305] C:\Documents and Settings\A7AS\Application Data\Malwarebytes\Malwarebytes Anti-Malware C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malwareactions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737]exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]rules.ref File Size: 7349775 BYTES FileVersion: N/A MD5: [a4c6832946d2ce099c41d812792259c0]S-1-5-18-0-ntuser.dat S-1-5-18-0-ntuser.dat.LOG S-1-5-19-0-ntuser.dat S-1-5-19-0-ntuser.dat.LOG S-1-5-20-0-ntuser.dat S-1-5-20-0-ntuser.dat.LOG S-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.dat.LOGS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.dat.LOGswissarmy.ref File Size: 21081 BYTES FileVersion: N/A MD5: [a6d56a73c602e64853aa689bf3400769] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configurationbuild.conf File Size: 4547 BYTES FileVersion: N/A MD5: [b8f8a1582e4cccdef21f165d399dbf77]database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]license.conf File Size: 554 BYTES FileVersion: N/A MD5: [2c8437d61fe2a091bdd67fc766d8d160]manifest.conf File Size: 1573 BYTES FileVersion: N/A MD5: [5783f572b2f913ca675e1454d95b56ca]marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80]net.conf File Size: 6164 BYTES FileVersion: N/A MD5: [816964edf0726d4a50f4a681c61c9bab]notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]scheduler.conf File Size: 2087 BYTES FileVersion: N/A MD5: [5054500ebea9fdd6646d00ca277ea0ee]settings.conf File Size: 1916 BYTES FileVersion: N/A MD5: [d03de6998445a97029152f725be836ea]statistics.conf File Size: 385 BYTES FileVersion: N/A MD5: [320f58128c13ad409d55c8ff2b116004] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions:===================Web Exclusions:================Quarantined Items:==================================================================================END OF FILE Acrobat.com Adobe Systems Incorporated 9/16/2009 1.7.186Adobe AIR Adobe Systems Inc. 9/16/2009 1.5.2.8870Adobe Flash Player 14 ActiveX Adobe Systems Incorporated 7/16/2014 14.0.0.145Adobe Flash Player 14 Plugin Adobe Systems Incorporated 7/16/2014 14.0.0.145Adobe Reader XI (11.0.07) Adobe Systems Incorporated 5/13/2014 139.00 MB 11.0.07Afaria Client Sybase, Inc. 4/15/2013 6.60Agere Systems HDA Modem LSI Corporation 6/4/2014 Apple Application Support Apple Inc. 8/10/2013 66.43 MB 2.3.4Apple Software Update Apple Inc. 8/10/2013 2.38 MB 2.1.3.127CCleaner Piriform 5/14/2014 4.13Compatibility Pack for the 2007 Office system Microsoft Corporation 10/29/2012 76.12 MB 12.0.6514.5001Crystal Reports Basic Runtime for Visual Studio 2008 Business Objects 4/15/2013 36.29 MB 10.5.1.0Dropbox Dropbox, Inc. 5/28/2014 2.8.2EncryptionByCredant AFLAC 1/21/2008 1.04.0002Epson Connect Epson Connect Printer Setup SEIKO EPSON CORPORATION 3/12/2014 8.34 MB 1.2.0EPSON Connect version 1.0 Epson America Inc. 10/1/2013 1.0Epson Customer Participation SEIKO EPSON CORPORATION 1/8/2013 2.49 MB 1.0.0.0Epson E-Web Print SEIKO EPSON CORPORATION 2/10/2014 9.23 MB 1.19.0000Epson Event Manager Seiko Epson Corporation 10/1/2013 42.47 MB 3.01.0003Epson FAX Utility SEIKO EPSON CORPORATION 10/1/2013 1.30.00Epson PC-FAX Driver 6/3/2014 EPSON Printer Finder SEIKO EPSON CORPORATION 10/28/2013 1.80 MB 1.0.0EPSON Scan Seiko Epson Corporation 1/8/2013 EPSON WF-2530 Series Printer Uninstall SEIKO EPSON Corporation 6/3/2014 EpsonNet Print SEIKO EPSON CORPORATION 10/1/2013 2.5.00Google Chrome Google Inc. 7/16/2014 36.0.1985.125Google Drive Google, Inc. 6/16/2014 33.48 MB 1.16.6866.4367HP FWUpdateEDO2 Hewlett-Packard 4/1/2014 1.53 MB 1.2.0.0HP Integrated Module with Bluetooth wireless technology HP 9/22/2009 19.89 MB 5.5.0.5800HP Officejet Pro 8600 Help Hewlett Packard 1/29/2013 22.56 MB 140.0.2.2HP Officejet Pro 8600 Product Improvement Study Hewlett-Packard Co. 1/29/2013 5.98 MB 25.0.619.0HP Update Hewlett-Packard 10/24/2013 3.98 MB 5.005.000.002I.R.I.S. OCR HP 1/29/2013 68.96 MB 12.3.4.0Intel® Graphics Media Accelerator Driver Intel Corporation 7/9/2014 InterVideo WinDVD 8 InterVideo Inc. 10/23/2009 8.5-B0.143Java 7 Update 60 Oracle 6/25/2014 120.00 MB 7.0.600Juniper Networks Network Connect 6.0.0 Juniper Networks 10/1/2012 6.0.0.12507Juniper Networks Network Connect 6.3.0 Juniper Networks 10/10/2012 6.3.0.13725Juniper Networks Network Connect 6.5.0 Juniper Networks 10/10/2012 6.5.0.16789Juniper Networks Network Connect 7.1.15 Juniper Networks 9/4/2013 7.1.15.25271Juniper Networks Setup Client Activex Control Juniper Networks 6/4/2014 2.1.1.1Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 7/2/2014 7.1.15.36013Lexmark Toolbar 5/30/2013 4.0.53.0Lexmark Tools for Office 5/30/2013 1.24.0.0Lexmark Z2400 Series Lexmark International, Inc. 5/30/2013 LiveUpdate 3.1 (Symantec Corporation) Symantec Corporation 10/1/2012 3.1.0.90Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 7/17/2014 2.0.2.1012McAfee Security Scan Plus McAfee, Inc. 6/16/2014 3.8.150.1Microsoft .NET Framework 1.1 10/10/2012 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10/11/2012 301.00 MB 2.2.30729Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 10/11/2012 264.00 MB 3.2.30729Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10/11/2012 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 5/19/2013 4.0.30319Microsoft .NET Framework 4 Extended Microsoft Corporation 5/19/2013 4.0.30319Microsoft Access database engine 2010 (English) Microsoft Corporation 4/15/2013 110.00 MB 14.0.4763.1000Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation 6/4/2014 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 9/16/2009 1Microsoft Office 2003 Primary Interop Assemblies Microsoft Corporation 5/19/2013 7.38 MB 11.0.6553.0Microsoft Office Enterprise 2007 Microsoft Corporation 5/15/2014 12.0.4518.1014Microsoft Report Viewer Redistributable 2005 Microsoft Corporation 9/17/2009 Microsoft Silverlight Microsoft Corporation 3/11/2014 60.39 MB 5.1.20913.0Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 9/16/2009 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/15/2013 5.28 MB 8.0.61001Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10/28/2013 9.65 MB 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/25/2014 9.64 MB 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 4/15/2013 10.19 MB 9.0.30729.4148Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Corporation 5/19/2013 Microsoft WinUsb 2.0 Microsoft Corporation 6/26/2014 Motorola Device Manager Motorola Mobility 3/10/2014 2.4.5Motorola Mobile Drivers Installation 6.3.0 Motorola Mobility LLC 3/10/2014 4.42 MB 6.3.0MSXML 4.0 SP2 (KB954430) Microsoft Corporation 1/21/2010 2.67 MB 4.20.9870.0MSXML 4.0 SP2 (KB973688) Microsoft Corporation 1/21/2010 2.77 MB 4.20.9876.0MSXML 4.0 SP3 Parser Microsoft Corporation 1/30/2013 2.87 MB 4.30.2100.0Premium Quote 10/1/2012 QuickBooks Pro 2013 Intuit Inc. 1/6/2014 23.0.4001.2305RealPlayer RealNetworks 4/14/2014 16.0.3Reflect Customer Database NCH Software 11/17/2012 Rosetta Stone Version 3 Rosetta Stone Ltd. 5/20/2014 138.00 MB 3.3.7.0save nett siavve, nnet 5/5/2013 4.3.0.1667Security Update for Windows Search 4 - KB963093 Microsoft Corporation 9/16/2009 SmartApp Next Generation AFLAC 9/17/2009 2,946.00 MB 1.03.4000SmartPremium AFLAC 9/17/2009 1.00.0000SN.Sustainer 1.80 Certified Publisher 5/5/2013 SNG Prerequisites AFLAC 9/18/2009 87.70 MB 1.00.1000SNGCoreUpgrade AFLAC 4/15/2013 35.11.2012Software Updater SEIKO EPSON CORPORATION 3/12/2014 8.21 MB 4.2.6SoundMAX Analog Devices 9/22/2009 5.10.01.7240Symantec AntiVirus Symantec Corporation 9/17/2009 182.00 MB 10.1.5000.5Synaptics Pointing Device Driver Synaptics 10/12/2012 10.0.13.2Topaz 4X5 WinTab Driver v2.16 Topaz Systems, Inc. 6/4/2014 2.16Topaz e-Signatures SigPlus 3.55 Topaz Systems, Inc. 6/4/2014 3.55Update for Windows XP (KB943729) Microsoft Corporation 9/16/2009 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 9/16/2009 Windows Internet Explorer 8 Microsoft Corporation 5/5/2014 20090308.140743Windows Live ID Sign-in Assistant Microsoft Corporation 10/29/2012 4.69 MB 6.500.3165.0Windows Media Format 11 runtime 10/12/2012 Windows Media Player 11 10/12/2012 Windows Search 4.0 Microsoft Corporation 9/16/2009 04.00.6001.503Windows XP Service Pack 3 Microsoft Corporation 9/16/2009 20080414.031525WinZip 10/12/2012 WorksitePro ETI Benefits 9/17/2009 50.77 MB 2.51.0344
  5. Sorry for the multiple post, I couldn't get the images to load to attach them here. Please see above messages CheckResults.txt Rkill.txt CheckResults.txt
  6. OK guys, I have done per the instructions, uninstalled, cleaned, re installed, attempted to run using the Chameleon but I can't get the thing to update at all.. Even after I downloaded the most current version of MalwareBytes, I can't get it to update. Period. As soon as I start to scan, I get an error saying 'Runtime Error' Abnormal program termination, then it shuts down. The issue as a whole is that I cannot get mbam to run a scan without this Runtime error in Microsoft Visual C++ Runtime library popping up, which makes the program shut down. I posted up above the log I DID get to run once by using the Chameleon utility, however it was a fleeting thing, because I can't get it to run again since. This is what happens Runtime Error pic.bmpRuntime Error pic.bmp
  7. Thank you John. I posted it in the wrong forum it appears. I resubmitted it and the logs under the Malware removal forum you suggested. Thanks again
  8. Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014Ran by A7AS at 2014-07-02 08:51:36Running from C:\Documents and Settings\A7AS\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) HiddenAdobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)Afaria Client (HKLM\...\Afaria Client) (Version: 6.60 - Sybase, Inc.)Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)EncryptionByCredant (HKLM\...\InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}) (Version: 1.04.0002 - AFLAC)EncryptionByCredant (Version: 1.04.0002 - AFLAC) HiddenEpson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.5800 - HP)HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.)InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) HiddenJava 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) HiddenJuniper Networks Network Connect 6.0.0 (HKLM\...\Juniper Network Connect 6.0.0) (Version: 6.0.0.12507 - Juniper Networks)Juniper Networks Network Connect 6.3.0 (HKLM\...\Juniper Network Connect 6.3.0) (Version: 6.3.0.13725 - Juniper Networks)Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16789 - Juniper Networks)Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks)Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version: - Lexmark International, Inc.)LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.90 - Symantec Corporation)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) HiddenMicrosoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)Midland LifeSolutions (Version: 18.4 - Midland National) HiddenMidland LifeSolutions (Version: 18.5 - Midland National) HiddenMotorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)Premium Quote (HKLM\...\Premium Quote) (Version: - )QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) HiddenQuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenReflect Customer Database (HKLM\...\Reflect) (Version: - NCH Software)Rosetta Stone Version 3 (HKLM\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)save nett (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1667 - siavve, nnet) <==== ATTENTIONSmartApp Next Generation (HKLM\...\{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}) (Version: 1.03.4000 - AFLAC)SmartPremium (HKLM\...\InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}) (Version: 1.00.0000 - AFLAC)SmartPremium (Version: 1.00.0000 - AFLAC) HiddenSN.Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}) (Version: - Certified Publisher) <==== ATTENTIONSNG Prerequisites (HKLM\...\{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}) (Version: 1.00.1000 - AFLAC)SNGCoreUpgrade (HKLM\...\InstallShield_{9D02381C-397E-4FDE-B127-BE6B78202CB4}) (Version: 35.11.2012 - AFLAC)SNGCoreUpgrade (Version: 35.11.2012 - AFLAC) HiddenSoftware Updater (HKLM\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices)Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)Topaz 4X5 WinTab Driver v2.16 (HKLM\...\Topaz 4X5 WinTab Driver v2.16) (Version: 2.16 - Topaz Systems, Inc.)Topaz e-Signatures SigPlus 3.55 (HKLM\...\Topaz e-Signatures SigPlus 3.55) (Version: 3.55 - Topaz Systems, Inc.)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) HiddenWebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows PowerShell 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WinZip (HKLM\...\WinZip) (Version: - )WorksitePro (HKLM\...\{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}) (Version: 2.51.0344 - ETI Benefits) ==================== Restore Points ========================= 01-04-2014 20:44:34 System Checkpoint03-04-2014 17:54:58 System Checkpoint15-04-2014 14:08:02 Installed Windows XP Wdf01009.16-04-2014 17:28:53 System Checkpoint17-04-2014 20:29:32 System Checkpoint18-04-2014 21:38:06 System Checkpoint19-04-2014 23:08:05 System Checkpoint21-04-2014 00:38:05 System Checkpoint22-04-2014 02:03:28 System Checkpoint23-04-2014 02:07:23 System Checkpoint24-04-2014 03:14:04 System Checkpoint28-04-2014 20:28:18 System Checkpoint29-04-2014 20:29:29 System Checkpoint30-04-2014 21:38:38 System Checkpoint01-05-2014 23:08:56 System Checkpoint03-05-2014 00:38:38 System Checkpoint04-05-2014 02:08:37 System Checkpoint05-05-2014 03:38:38 System Checkpoint05-05-2014 16:34:52 Removed Ask Toolbar.05-05-2014 17:21:13 Software Distribution Service 3.005-05-2014 19:35:50 Installed Windows Internet Explorer 8.05-05-2014 19:39:00 Software Distribution Service 3.006-05-2014 16:18:55 Installed Java 7 Update 5507-05-2014 20:30:16 System Checkpoint08-05-2014 21:29:35 System Checkpoint09-05-2014 22:59:47 System Checkpoint11-05-2014 00:29:35 System Checkpoint12-05-2014 01:59:34 System Checkpoint13-05-2014 03:29:34 System Checkpoint14-05-2014 04:36:39 System Checkpoint14-05-2014 16:51:05 Removed Maxload Pro Demo14-05-2014 16:55:34 Removed HP Officejet Pro 8600 Basic Device Software15-05-2014 14:04:29 Installed Microsoft Office Enterprise 200715-05-2014 14:51:27 Printer Driver Send To Microsoft OneNote Driver Installed15-05-2014 15:59:52 Configured Microsoft Office Enterprise 200716-05-2014 17:06:08 System Checkpoint17-05-2014 18:36:00 System Checkpoint18-05-2014 20:06:00 System Checkpoint19-05-2014 20:16:35 System Checkpoint20-05-2014 23:06:44 Installed Rosetta Stone Version 321-05-2014 23:07:32 System Checkpoint23-05-2014 00:37:41 System Checkpoint24-05-2014 02:07:32 System Checkpoint25-05-2014 03:37:32 System Checkpoint26-05-2014 05:07:32 System Checkpoint27-05-2014 06:37:32 System Checkpoint28-05-2014 08:07:46 System Checkpoint29-05-2014 09:37:40 System Checkpoint02-06-2014 20:33:45 System Checkpoint03-06-2014 21:43:44 System Checkpoint04-06-2014 23:13:48 System Checkpoint06-06-2014 00:43:55 System Checkpoint07-06-2014 02:13:43 System Checkpoint08-06-2014 03:43:43 System Checkpoint09-06-2014 05:13:43 System Checkpoint10-06-2014 06:43:44 System Checkpoint11-06-2014 08:13:49 System Checkpoint12-06-2014 09:38:49 System Checkpoint16-06-2014 15:39:18 System Checkpoint17-06-2014 20:30:24 System Checkpoint23-06-2014 13:45:30 System Checkpoint25-06-2014 13:55:17 avast! antivirus system restore point26-06-2014 13:46:03 Installed Windows XP winusb0200.26-06-2014 14:14:20 avast! antivirus system restore point27-06-2014 14:26:30 System Checkpoint28-06-2014 15:56:28 System Checkpoint29-06-2014 17:26:28 System Checkpoint30-06-2014 17:36:05 System Checkpoint ==================== Hosts content: ========================== 2006-02-28 06:00 - 2014-03-11 16:52 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exeTask: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\ReclaimerResumeInstall_A7AS.job => C:\Documents and Settings\A7AS\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exeTask: C:\WINDOWS\Tasks\SN.Booster-S-469265631.job => c:\documents and settings\all users\application data\appready software\sn.booster\SN.Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2008-01-21 12:55 - 2007-05-08 11:57 - 00159822 _____ () C:\WINDOWS\system32\CredNP.dll2013-05-30 14:28 - 2009-08-13 07:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdqdrpp.dll2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll2010-01-21 12:37 - 2008-11-07 14:38 - 00122880 _____ () C:\WINDOWS\system32\MsWnetChk.exe2010-01-21 12:37 - 2006-02-22 19:22 - 00110592 _____ () C:\WINDOWS\system32\WPSScanner.dll2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2013-05-30 14:27 - 2010-02-04 04:17 - 00672424 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe2013-05-30 14:27 - 2010-02-04 04:17 - 00025256 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe2013-05-30 14:27 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Common.dll2013-05-30 14:27 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Core.dll2013-05-30 14:27 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.dll2013-05-30 14:27 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll2010-01-21 12:37 - 2008-11-07 14:38 - 00028672 _____ () C:\windows\system32\mschkprompt.exe2010-01-21 12:37 - 2008-11-07 14:38 - 00032768 _____ () C:\windows\system32\MsSupCa.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00098816 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32api.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00110080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pywintypes27.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00364544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pythoncom27.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00045568 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_socket.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01160704 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ssl.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00320512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32com.shell.shell.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00713216 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_hashlib.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01175040 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._core_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00805888 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._gdi_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00811008 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._windows_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01062400 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._controls_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00735232 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._misc_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00128512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_elementtree.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00127488 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pyexpat.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00557056 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pysqlite2._sqlite.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00007168 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\hashobjs_ext.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00087552 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ctypes.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00119808 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32file.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00108544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32security.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00018432 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32event.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00038912 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32inet.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00070656 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._html2.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00167936 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32gui.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00011264 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32crypt.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00027136 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_multiprocessing.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00122368 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._wizard.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00010240 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\select.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00024064 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pipe.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00686080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\unicodedata.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00025600 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pdh.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00525640 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\windows._lib_cacheinvalidation.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00035840 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32process.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00017408 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32profile.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00022528 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32ts.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00078336 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._animate.pyd2008-12-11 13:22 - 2008-12-11 13:22 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll2008-12-11 13:20 - 2008-12-11 13:20 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll2008-01-21 12:42 - 2010-01-21 12:37 - 00290816 ____N () C:\WINDOWS\Dll32Agent.Exe2010-01-21 12:37 - 2010-01-21 12:37 - 00200704 __RSH () C:\WINDOWS\MSCAE32.dll2010-01-21 12:37 - 2010-01-21 12:37 - 00172032 __RSH () C:\WINDOWS\system32\MSCHKSYS.DLL2014-07-02 08:39 - 2014-07-02 08:39 - 00043008 _____ () c:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\libcef.dll2013-11-15 18:45 - 2013-11-15 18:45 - 00269128 _____ () C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2013\boost_regex-vc90-mt-p-1_33.dll2006-02-28 06:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2006-02-28 06:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2014-06-30 09:24 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-30 09:24 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-30 09:24 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll2014-06-30 09:24 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: EPLTarget => ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/02/2014 08:41:38 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "x; 2013":DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:44:23 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "x; 2013":DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:40:04 AM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/26/2014 08:45:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 02:29:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 01:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 11:17:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 10:28:07 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: AFLACA7AS)Description: Risk: C:\WINDOWS\system32\taskmgr.exe in File: C:\Program Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked. Action Description: Error: (06/25/2014 09:58:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/11/2014 01:03:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\MY DOCUMENTS\MY PICTURES\$$$$$$$$.$$$> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (07/02/2014 08:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/02/2014 08:29:03 AM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (07/01/2014 08:38:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/01/2014 08:36:11 AM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 04:53:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: atapiIntelIdePCIIdePcmcia Error: (06/26/2014 04:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (06/26/2014 04:52:12 PM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 00:38:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Description with the following error: %%5 Microsoft Office Sessions:=========================Error: (05/15/2014 11:06:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 434 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 87%Total physical RAM: 1976.19 MBAvailable physical RAM: 249.83 MBTotal Pagefile: 3868.28 MBAvailable Pagefile: 2444.66 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1938.01 MB ==================== Drives ================================ Drive c: (OSdisk) (Fixed) (Total:134.04 GB) (Free:95.61 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2BD2C32A)Partition 1: (Not Active) - (Size=15 GB) - (Type=17)Partition 2: (Active) - (Size=134 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. I keep getting this error and I have tried a multitude of options to clear it up. I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards. I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did. I copied the logs per the instructions but it won't let me reply back to that post so here is another one. I ran the one for my system, (32 bit) so now I am at a stumbling block. Please help! Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues. Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user. Below is the pic of the error. Ideas?? Here are my logs... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014 Ran by A7AS (administrator) on AFLACA7AS on 02-07-2014 08:50:09 Running from C:\Documents and Settings\A7AS\My Documents\Downloads Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...an-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...an-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe ( ) C:\WINDOWS\system32\lxdqcoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe () C:\WINDOWS\system32\mswnetchk.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe (Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe () C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe () C:\WINDOWS\system32\MsChkPrompt.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\WINDOWS\Dll32Agent.Exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-04-13] (Agere Systems) HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.) HKLM\...\Run: [WSPPurge] => C:\Program Files\Aflac\Common\WSPPurge.exe [20480 2007-12-26] (AFLAC) HKLM\...\Run: [Aflac_Do_Not_Remove] => C:\Aflac2000\WSPInfo.exe [45056 2006-09-12] (AFLAC) HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation) HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-16] (Analog Devices, Inc.) HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [200848 2009-03-04] (InterVideo Inc.) HKLM\...\Run: [CMGCredUI] => C:\WINDOWS\system32\CredUI.exe [204878 2007-05-08] (Credant Technologies, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [179712 2011-06-16] (Sybase, Inc.) HKLM\...\Run: [Afaria Client Event Monitor] => C:\Program Files\AClient\Bin\XCMonitor.exe [819712 2010-09-02] (Sybase, Inc.) HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-15] (Intuit Inc. All rights reserved.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-04-14] (RealNetworks, Inc.) HKLM\...\Run: [lxdqmon.exe] => C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] () HKLM\...\Run: [lxdqamon] => C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe [16040 2010-02-04] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [!SysInit] => c:\windows\system32\mschkprompt.exe [28672 2008-11-07] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.aflac....o/SSOLogin.aspx SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253118906560 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com/" CHR StartupUrls: "hxxp://www.google.com" CHR DefaultSearchKeyword: trovi.search CHR DefaultSearchProvider: Trovi search CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No File CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Angry Birds) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-01] CHR Extension: (YouTube) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01] CHR Extension: (Google Search) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01] CHR Extension: (saVE net) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk [2014-05-05] CHR Extension: (DiscountExttensi) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gehhgpjdfdephlpmkjddgogkadbgmjom [2014-05-13] CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-13] CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj [2014-05-05] CHR Extension: (HTML Saver) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-05] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-10-01] CHR Extension: (Gmail) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed] R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation) R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed] R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks) R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation) R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.) R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed] R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 ReflectService; C:\Program Files\NCH Software\Reflect\reflect.exe [1039364 2012-11-17] (NCH Software) [File not signed] S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec) S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation) R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation) R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed] ==================== Drivers (Whitelisted) ==================== R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed] S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed] S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.) R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.) R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation) S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP) S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed] R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed] S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-26] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-02] (Malwarebytes Corporation) S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola) R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed] R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation) R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation) R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation) R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation) S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed] S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation) R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed] R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell) S3 asdids; system32\DRIVERS\asdids.sys [X] S3 asdidsmp; system32\DRIVERS\asdids.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST 2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-06-26 09:47 - 2014-06-26 09:51 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk 2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013 2014-06-26 09:44 - 2014-07-02 08:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-26 09:44 - 2014-06-26 10:45 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll 2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll 2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll 2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll 2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll 2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software 2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk 2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk 2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus 2014-06-10 12:36 - 2014-06-11 12:23 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV 2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx 2014-06-04 10:35 - 2014-06-04 10:55 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log 2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series 2014-06-02 09:14 - 2014-06-11 14:59 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY ==================== One Month Modified Files and Folders ======= 2014-07-02 08:51 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp 2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST 2014-07-02 08:42 - 2012-11-02 07:27 - 00424488 _____ () C:\WinTab.log 2014-07-02 08:40 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox 2014-07-02 08:39 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox 2014-07-02 08:39 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster 2014-07-02 08:37 - 2014-06-26 09:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 08:37 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job 2014-07-02 08:37 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 08:37 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp 2014-07-02 08:37 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb 2014-07-02 08:31 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus 2014-07-02 08:30 - 2009-09-16 11:16 - 01662659 ____N () C:\WINDOWS\WindowsUpdate.log 2014-07-02 08:29 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-02 08:29 - 2009-09-16 07:10 - 00000159 ____N () C:\WINDOWS\wiadebug.log 2014-07-02 08:29 - 2009-09-16 07:10 - 00000048 ____N () C:\WINDOWS\wiaservc.log 2014-07-01 15:01 - 2009-09-16 11:23 - 00032552 ____N () C:\WINDOWS\SchedLgU.Txt 2014-07-01 15:01 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini 2014-07-01 15:01 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS 2014-07-01 14:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-01 14:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-01 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job 2014-07-01 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job 2014-07-01 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job 2014-07-01 10:50 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats 2014-07-01 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job 2014-07-01 08:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google 2014-07-01 08:37 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-06-30 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-06-30 09:23 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google 2014-06-29 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job 2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$ 2014-06-26 16:30 - 2014-05-05 11:17 - 00000000 ____D () C:\Program Files\save nett 2014-06-26 10:45 - 2014-06-26 09:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$ 2014-06-26 09:51 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk 2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013 2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss 2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini 2014-06-26 09:36 - 2006-02-28 06:00 - 00000921 _____ () C:\WINDOWS\win.ini 2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-26 08:43 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software 2014-06-23 08:04 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk 2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk 2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv 2014-06-16 08:01 - 2013-11-07 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus 2014-06-16 07:36 - 2013-02-02 15:54 - 00001781 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk 2014-06-16 07:36 - 2012-11-02 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan 2014-06-12 09:36 - 2014-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\AFLAC logos 2014-06-11 14:59 - 2014-06-02 09:14 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY 2014-06-11 12:23 - 2014-06-10 12:36 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV 2014-06-11 12:23 - 2008-01-21 12:57 - 00000000 ____S () C:\WINDOWS\8JVFLKZC.DDP 2014-06-10 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-06-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job 2014-06-05 13:57 - 2009-09-16 07:07 - 00634624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx 2014-06-04 10:55 - 2014-06-04 10:35 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log 2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series 2014-06-02 09:10 - 2009-09-17 12:04 - 00000000 ____D () C:\Program Files\WorksitePro Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Runtime Error pic.bmp
  10. Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014 Ran by A7AS at 2014-07-02 08:51:36 Running from C:\Documents and Settings\A7AS\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated) Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.) Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.) Afaria Client (HKLM\...\Afaria Client) (Version: 6.60 - Sybase, Inc.) Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) EncryptionByCredant (HKLM\...\InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}) (Version: 1.04.0002 - AFLAC) EncryptionByCredant (Version: 1.04.0002 - AFLAC) Hidden Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - ) Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION) EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.5800 - HP) HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.) InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) Hidden Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden Juniper Networks Network Connect 6.0.0 (HKLM\...\Juniper Network Connect 6.0.0) (Version: 6.0.0.12507 - Juniper Networks) Juniper Networks Network Connect 6.3.0 (HKLM\...\Juniper Network Connect 6.3.0) (Version: 6.3.0.13725 - Juniper Networks) Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16789 - Juniper Networks) Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.) Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - ) Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - ) Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version: - Lexmark International, Inc.) LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.90 - Symantec Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation) Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation) Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation) Midland LifeSolutions (Version: 18.4 - Midland National) Hidden Midland LifeSolutions (Version: 18.5 - Midland National) Hidden Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Premium Quote (HKLM\...\Premium Quote) (Version: - ) QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) Hidden QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Reflect Customer Database (HKLM\...\Reflect) (Version: - NCH Software) Rosetta Stone Version 3 (HKLM\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.) save nett (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1667 - siavve, nnet) <==== ATTENTION SmartApp Next Generation (HKLM\...\{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}) (Version: 1.03.4000 - AFLAC) SmartPremium (HKLM\...\InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}) (Version: 1.00.0000 - AFLAC) SmartPremium (Version: 1.00.0000 - AFLAC) Hidden SN.Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}) (Version: - Certified Publisher) <==== ATTENTION SNG Prerequisites (HKLM\...\{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}) (Version: 1.00.1000 - AFLAC) SNGCoreUpgrade (HKLM\...\InstallShield_{9D02381C-397E-4FDE-B127-BE6B78202CB4}) (Version: 35.11.2012 - AFLAC) SNGCoreUpgrade (Version: 35.11.2012 - AFLAC) Hidden Software Updater (HKLM\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices) Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics) Topaz 4X5 WinTab Driver v2.16 (HKLM\...\Topaz 4X5 WinTab Driver v2.16) (Version: 2.16 - Topaz Systems, Inc.) Topaz e-Signatures SigPlus 3.55 (HKLM\...\Topaz e-Signatures SigPlus 3.55) (Version: 3.55 - Topaz Systems, Inc.) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation) Windows PowerShell 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation) Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinZip (HKLM\...\WinZip) (Version: - ) WorksitePro (HKLM\...\{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}) (Version: 2.51.0344 - ETI Benefits) ==================== Restore Points ========================= 01-04-2014 20:44:34 System Checkpoint 03-04-2014 17:54:58 System Checkpoint 15-04-2014 14:08:02 Installed Windows XP Wdf01009. 16-04-2014 17:28:53 System Checkpoint 17-04-2014 20:29:32 System Checkpoint 18-04-2014 21:38:06 System Checkpoint 19-04-2014 23:08:05 System Checkpoint 21-04-2014 00:38:05 System Checkpoint 22-04-2014 02:03:28 System Checkpoint 23-04-2014 02:07:23 System Checkpoint 24-04-2014 03:14:04 System Checkpoint 28-04-2014 20:28:18 System Checkpoint 29-04-2014 20:29:29 System Checkpoint 30-04-2014 21:38:38 System Checkpoint 01-05-2014 23:08:56 System Checkpoint 03-05-2014 00:38:38 System Checkpoint 04-05-2014 02:08:37 System Checkpoint 05-05-2014 03:38:38 System Checkpoint 05-05-2014 16:34:52 Removed Ask Toolbar. 05-05-2014 17:21:13 Software Distribution Service 3.0 05-05-2014 19:35:50 Installed Windows Internet Explorer 8. 05-05-2014 19:39:00 Software Distribution Service 3.0 06-05-2014 16:18:55 Installed Java 7 Update 55 07-05-2014 20:30:16 System Checkpoint 08-05-2014 21:29:35 System Checkpoint 09-05-2014 22:59:47 System Checkpoint 11-05-2014 00:29:35 System Checkpoint 12-05-2014 01:59:34 System Checkpoint 13-05-2014 03:29:34 System Checkpoint 14-05-2014 04:36:39 System Checkpoint 14-05-2014 16:51:05 Removed Maxload Pro Demo 14-05-2014 16:55:34 Removed HP Officejet Pro 8600 Basic Device Software 15-05-2014 14:04:29 Installed Microsoft Office Enterprise 2007 15-05-2014 14:51:27 Printer Driver Send To Microsoft OneNote Driver Installed 15-05-2014 15:59:52 Configured Microsoft Office Enterprise 2007 16-05-2014 17:06:08 System Checkpoint 17-05-2014 18:36:00 System Checkpoint 18-05-2014 20:06:00 System Checkpoint 19-05-2014 20:16:35 System Checkpoint 20-05-2014 23:06:44 Installed Rosetta Stone Version 3 21-05-2014 23:07:32 System Checkpoint 23-05-2014 00:37:41 System Checkpoint 24-05-2014 02:07:32 System Checkpoint 25-05-2014 03:37:32 System Checkpoint 26-05-2014 05:07:32 System Checkpoint 27-05-2014 06:37:32 System Checkpoint 28-05-2014 08:07:46 System Checkpoint 29-05-2014 09:37:40 System Checkpoint 02-06-2014 20:33:45 System Checkpoint 03-06-2014 21:43:44 System Checkpoint 04-06-2014 23:13:48 System Checkpoint 06-06-2014 00:43:55 System Checkpoint 07-06-2014 02:13:43 System Checkpoint 08-06-2014 03:43:43 System Checkpoint 09-06-2014 05:13:43 System Checkpoint 10-06-2014 06:43:44 System Checkpoint 11-06-2014 08:13:49 System Checkpoint 12-06-2014 09:38:49 System Checkpoint 16-06-2014 15:39:18 System Checkpoint 17-06-2014 20:30:24 System Checkpoint 23-06-2014 13:45:30 System Checkpoint 25-06-2014 13:55:17 avast! antivirus system restore point 26-06-2014 13:46:03 Installed Windows XP winusb0200. 26-06-2014 14:14:20 avast! antivirus system restore point 27-06-2014 14:26:30 System Checkpoint 28-06-2014 15:56:28 System Checkpoint 29-06-2014 17:26:28 System Checkpoint 30-06-2014 17:36:05 System Checkpoint ==================== Hosts content: ========================== 2006-02-28 06:00 - 2014-03-11 16:52 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_A7AS.job => C:\Documents and Settings\A7AS\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe Task: C:\WINDOWS\Tasks\SN.Booster-S-469265631.job => c:\documents and settings\all users\application data\appready software\sn.booster\SN.Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2008-01-21 12:55 - 2007-05-08 11:57 - 00159822 _____ () C:\WINDOWS\system32\CredNP.dll 2013-05-30 14:28 - 2009-08-13 07:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdqdrpp.dll 2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll 2010-01-21 12:37 - 2008-11-07 14:38 - 00122880 _____ () C:\WINDOWS\system32\MsWnetChk.exe 2010-01-21 12:37 - 2006-02-22 19:22 - 00110592 _____ () C:\WINDOWS\system32\WPSScanner.dll 2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 2013-05-30 14:27 - 2010-02-04 04:17 - 00672424 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe 2013-05-30 14:27 - 2010-02-04 04:17 - 00025256 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe 2013-05-30 14:27 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Common.dll 2013-05-30 14:27 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Core.dll 2013-05-30 14:27 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.dll 2013-05-30 14:27 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll 2010-01-21 12:37 - 2008-11-07 14:38 - 00028672 _____ () C:\windows\system32\mschkprompt.exe 2010-01-21 12:37 - 2008-11-07 14:38 - 00032768 _____ () C:\windows\system32\MsSupCa.dll 2014-07-02 08:38 - 2014-07-02 08:38 - 00098816 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32api.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00110080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pywintypes27.dll 2014-07-02 08:38 - 2014-07-02 08:38 - 00364544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pythoncom27.dll 2014-07-02 08:38 - 2014-07-02 08:38 - 00045568 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_socket.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 01160704 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ssl.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00320512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32com.shell.shell.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00713216 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_hashlib.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 01175040 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._core_.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00805888 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._gdi_.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00811008 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._windows_.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 01062400 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._controls_.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00735232 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._misc_.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00128512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_elementtree.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00127488 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pyexpat.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00557056 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pysqlite2._sqlite.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00007168 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\hashobjs_ext.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00087552 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ctypes.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00119808 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32file.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00108544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32security.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00018432 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32event.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00038912 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32inet.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00070656 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._html2.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00167936 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32gui.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00011264 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32crypt.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00027136 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_multiprocessing.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00122368 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._wizard.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00010240 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\select.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00024064 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pipe.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00686080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\unicodedata.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00025600 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pdh.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00525640 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\windows._lib_cacheinvalidation.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00035840 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32process.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00017408 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32profile.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00022528 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32ts.pyd 2014-07-02 08:38 - 2014-07-02 08:38 - 00078336 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._animate.pyd 2008-12-11 13:22 - 2008-12-11 13:22 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll 2008-12-11 13:20 - 2008-12-11 13:20 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2008-01-21 12:42 - 2010-01-21 12:37 - 00290816 ____N () C:\WINDOWS\Dll32Agent.Exe 2010-01-21 12:37 - 2010-01-21 12:37 - 00200704 __RSH () C:\WINDOWS\MSCAE32.dll 2010-01-21 12:37 - 2010-01-21 12:37 - 00172032 __RSH () C:\WINDOWS\system32\MSCHKSYS.DLL 2014-07-02 08:39 - 2014-07-02 08:39 - 00043008 _____ () c:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\libcef.dll 2013-11-15 18:45 - 2013-11-15 18:45 - 00269128 _____ () C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2013\boost_regex-vc90-mt-p-1_33.dll 2006-02-28 06:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2006-02-28 06:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2014-06-30 09:24 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-30 09:24 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-30 09:24 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll 2014-06-30 09:24 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: EPLTarget => ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2014 08:41:38 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "x; 2013": DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:44:23 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "x; 2013": DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:40:04 AM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/26/2014 08:45:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 02:29:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 01:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 11:17:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 10:28:07 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: AFLACA7AS) Description: Risk: C:\WINDOWS\system32\taskmgr.exe in File: C:\Program Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked. Action Description: Error: (06/25/2014 09:58:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/11/2014 01:03:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\MY DOCUMENTS\MY PICTURES\$$$$$$$$.$$$> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (07/02/2014 08:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/02/2014 08:29:03 AM) (Source: SCardSvr) (EventID: 602) (User: ) Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (07/01/2014 08:38:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/01/2014 08:36:11 AM) (Source: SCardSvr) (EventID: 602) (User: ) Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 04:53:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: atapi IntelIde PCIIde Pcmcia Error: (06/26/2014 04:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (06/26/2014 04:52:12 PM) (Source: SCardSvr) (EventID: 602) (User: ) Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 00:38:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Description with the following error: %%5 Microsoft Office Sessions: ========================= Error: (05/15/2014 11:06:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 434 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 87% Total physical RAM: 1976.19 MB Available physical RAM: 249.83 MB Total Pagefile: 3868.28 MB Available Pagefile: 2444.66 MB Total Virtual: 2047.88 MB Available Virtual: 1938.01 MB ==================== Drives ================================ Drive c: (OSdisk) (Fixed) (Total:134.04 GB) (Free:95.61 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2BD2C32A) Partition 1: (Not Active) - (Size=15 GB) - (Type=17) Partition 2: (Active) - (Size=134 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014 Ran by A7AS (administrator) on AFLACA7AS on 02-07-2014 08:50:09 Running from C:\Documents and Settings\A7AS\My Documents\Downloads Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe ( ) C:\WINDOWS\system32\lxdqcoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe () C:\WINDOWS\system32\mswnetchk.exe (Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Agere Systems) C:\WINDOWS\AGRSMMSG.exe (AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe (Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe () C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe () C:\WINDOWS\system32\MsChkPrompt.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\WINDOWS\Dll32Agent.Exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe (Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-04-13] (Agere Systems) HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.) HKLM\...\Run: [WSPPurge] => C:\Program Files\Aflac\Common\WSPPurge.exe [20480 2007-12-26] (AFLAC) HKLM\...\Run: [Aflac_Do_Not_Remove] => C:\Aflac2000\WSPInfo.exe [45056 2006-09-12] (AFLAC) HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.) HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation) HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-16] (Analog Devices, Inc.) HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [200848 2009-03-04] (InterVideo Inc.) HKLM\...\Run: [CMGCredUI] => C:\WINDOWS\system32\CredUI.exe [204878 2007-05-08] (Credant Technologies, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [179712 2011-06-16] (Sybase, Inc.) HKLM\...\Run: [Afaria Client Event Monitor] => C:\Program Files\AClient\Bin\XCMonitor.exe [819712 2010-09-02] (Sybase, Inc.) HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-15] (Intuit Inc. All rights reserved.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-04-14] (RealNetworks, Inc.) HKLM\...\Run: [lxdqmon.exe] => C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] () HKLM\...\Run: [lxdqamon] => C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe [16040 2010-02-04] () HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [!SysInit] => c:\windows\system32\mschkprompt.exe [28672 2008-11-07] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google) HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.aflac.com/?ReturnURL=https://my.aflac.com/portal/sso/SSOLogin.aspx SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253118906560 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com/" CHR StartupUrls: "hxxp://www.google.com" CHR DefaultSearchKeyword: trovi.search CHR DefaultSearchProvider: Trovi search CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No File CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Google Update) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll No File CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Extension: (Angry Birds) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-01] CHR Extension: (YouTube) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01] CHR Extension: (Google Search) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01] CHR Extension: (saVE net) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk [2014-05-05] CHR Extension: (DiscountExttensi) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gehhgpjdfdephlpmkjddgogkadbgmjom [2014-05-13] CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-13] CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj [2014-05-05] CHR Extension: (HTML Saver) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-05] CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-10-01] CHR Extension: (Gmail) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed] R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation) R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed] R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks) R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation) R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.) R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed] R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed] R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S3 ReflectService; C:\Program Files\NCH Software\Reflect\reflect.exe [1039364 2012-11-17] (NCH Software) [File not signed] S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec) S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation) R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation) R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed] ==================== Drivers (Whitelisted) ==================== R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed] S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.) R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed] S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.) R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.) R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation) S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP) S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed] R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed] S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-26] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-02] (Malwarebytes Corporation) S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola) R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation) R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed] R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation) R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation) R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC) R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation) R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation) R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation) S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed] S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation) R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed] R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell) S3 asdids; system32\DRIVERS\asdids.sys [X] S3 asdidsmp; system32\DRIVERS\asdids.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST 2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-06-26 09:47 - 2014-06-26 09:51 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk 2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013 2014-06-26 09:44 - 2014-07-02 08:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-26 09:44 - 2014-06-26 10:45 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll 2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll 2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll 2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll 2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll 2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll 2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software 2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk 2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk 2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus 2014-06-10 12:36 - 2014-06-11 12:23 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV 2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx 2014-06-04 10:35 - 2014-06-04 10:55 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log 2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series 2014-06-02 09:14 - 2014-06-11 14:59 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY ==================== One Month Modified Files and Folders ======= 2014-07-02 08:51 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp 2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST 2014-07-02 08:42 - 2012-11-02 07:27 - 00424488 _____ () C:\WinTab.log 2014-07-02 08:40 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox 2014-07-02 08:39 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox 2014-07-02 08:39 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster 2014-07-02 08:37 - 2014-06-26 09:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 08:37 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job 2014-07-02 08:37 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 08:37 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-07-02 08:37 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp 2014-07-02 08:37 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb 2014-07-02 08:31 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus 2014-07-02 08:30 - 2009-09-16 11:16 - 01662659 ____N () C:\WINDOWS\WindowsUpdate.log 2014-07-02 08:29 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-02 08:29 - 2009-09-16 07:10 - 00000159 ____N () C:\WINDOWS\wiadebug.log 2014-07-02 08:29 - 2009-09-16 07:10 - 00000048 ____N () C:\WINDOWS\wiaservc.log 2014-07-01 15:01 - 2009-09-16 11:23 - 00032552 ____N () C:\WINDOWS\SchedLgU.Txt 2014-07-01 15:01 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini 2014-07-01 15:01 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS 2014-07-01 14:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-01 14:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-01 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job 2014-07-01 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job 2014-07-01 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job 2014-07-01 10:50 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats 2014-07-01 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job 2014-07-01 08:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google 2014-07-01 08:37 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-06-30 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-06-30 09:23 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google 2014-06-29 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job 2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$ 2014-06-26 16:30 - 2014-05-05 11:17 - 00000000 ____D () C:\Program Files\save nett 2014-06-26 10:45 - 2014-06-26 09:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$ 2014-06-26 09:51 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013 2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk 2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013 2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss 2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini 2014-06-26 09:36 - 2006-02-28 06:00 - 00000921 _____ () C:\WINDOWS\win.ini 2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf 2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$ 2014-06-26 08:43 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC 2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp 2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625 2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625 2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software 2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software 2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software 2014-06-23 08:04 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk 2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk 2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv 2014-06-16 08:01 - 2013-11-07 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus 2014-06-16 07:36 - 2013-02-02 15:54 - 00001781 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk 2014-06-16 07:36 - 2012-11-02 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan 2014-06-12 09:36 - 2014-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\AFLAC logos 2014-06-11 14:59 - 2014-06-02 09:14 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY 2014-06-11 12:23 - 2014-06-10 12:36 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV 2014-06-11 12:23 - 2008-01-21 12:57 - 00000000 ____S () C:\WINDOWS\8JVFLKZC.DDP 2014-06-10 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job 2014-06-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job 2014-06-05 13:57 - 2009-09-16 07:07 - 00634624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx 2014-06-04 10:55 - 2014-06-04 10:35 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log 2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series 2014-06-02 09:10 - 2009-09-17 12:04 - 00000000 ____D () C:\Program Files\WorksitePro Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  12. I keep getting this error and I have tried a multitude of options to clear it up. I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards. I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did. I copied the logs per the instructions but it won't let me reply back to that post so here is another one. I have the logs but didn't want to post them yet. I ran the one for my system, (32 bit) so now I am at a stumbling block. Please help! Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues. Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user. Below is the pic of the error. Ideas?? Runtime Error pic.bmp
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.