Jump to content

Swegnson

Members
  • Posts

    7
  • Joined

  • Last visited

  1. Sorry. I was able to resolve the issue by blocking notifications on ALL Google accounts.
  2. I am running Windows 10 with Malwarebytes Premium (4.4.3), both current. I am getting multiple periodic pop-ups with the subject message even after blocking all notifications and pop-ups in Google Chrome. I have no McAfee software installed. I am not using any Peer to Peer software. Here is the Frst,txt data - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2021 Ran by hamre (administrator) on HP-PAVILION (HP HP Pavilion Desktop 590-p0xxx) (15-07-2021 17:24:21) Running from C:\Users\hamre\Downloads Loaded Profiles: hamre Platform: Windows 10 Home Version 2004 19041.1083 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointAnalyticsClientService.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointGpuInfo.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\AppHelperCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\BridgeCommunication.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\DiagsCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\NetworkCap.exe (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\SysInfoCap.exe (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHDCPSvc.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_5a1ab3b0567b3cdb\IntelCpHeciSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtAudioServ.exe (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe (WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-04-17] (Realtek Semiconductor Corp. -> Realtek) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [YouCam Service9] => C:\Program Files (x86)\CyberLink\YouCam9\YouCamService9.exe [404288 2020-07-27] (CyberLink Corp. -> CyberLink Corp.) HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe [528392 2020-09-05] (HP Inc. -> HP Inc.) HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34612864 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-335056227-1647677489-823375949-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31019504 2020-06-09] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) HKLM\...\Windows x64\Print Processors\Canon MG6200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAU.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6200 series: C:\WINDOWS\system32\CNMLMAU.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-01] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink) HKLM\Software\...\Authentication\Credential Provider Filters: [{7B4C4849-DFD6-4b88-B58D-9260BC55E2FB}] -> C:\Program Files (x86)\CyberLink\YouCam9\CLCredProv\x64\CLCredProv.dll [2020-07-27] (CyberLink Corp. -> CyberLink) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-05-09] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042EB5C8-8144-4CDB-86DE-9AACD14EFF7E} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice Task: {0B0826DC-CBA1-4DFA-8F8A-1C3F7CDB6F9B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {0D3BB49F-A3C4-488B-BB05-130A4C86DFDF} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.) Task: {0FE392D6-B793-42B9-A857-00941B213CBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-09] (Google LLC -> Google LLC) Task: {1A406509-039E-4011-B6D1-8D5D12947631} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-09] (Google LLC -> Google LLC) Task: {1B0D5D61-82D6-4EBC-B6C7-8BB93A1DAD21} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-06-09] (Garmin International, Inc. -> ) Task: {1D119BC7-076C-4590-9BBD-C7B21F3DFC09} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-09] (HP Inc. -> HP Inc.) Task: {1FD8A90A-47E9-4712-BD28-4127DA494D10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-07-08] (HP Inc. -> HP Inc.) Task: {23303FC9-6D65-46CA-B3FC-6972CA220AD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-08] (HP Inc. -> HP Inc.) Task: {30290928-1B23-4681-B9B3-E4776F574FB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1118896 2021-07-08] (HP Inc. -> HP Inc.) Task: {45B1D906-3889-4E89-B1D7-A83D0B773BAD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {4D9A77C1-BADB-4062-B26A-E0BF3B272C5A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-06] (Microsoft Corporation -> Microsoft Corporation) Task: {5100A477-348F-48CA-A0F9-BA0C7018AC24} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-335056227-1647677489-823375949-500 => C:\Users\hamre\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {5E40918D-E516-4435-ADDD-0D8BE7A92582} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11235928 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {B4FE6750-8D9B-47B6-A8F5-EBA3DBF43D4B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-335056227-1647677489-823375949-1003 => C:\Users\hamre\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {B97D079B-E824-484B-8631-FF75783E38BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [560816 2021-07-08] (HP Inc. -> HP Inc.) Task: {C00B8F5F-10B4-4638-8685-3E9197A804B1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-06] (Microsoft Corporation -> Microsoft Corporation) Task: {C24A9F69-90AD-4687-A56D-0EE9DCAD1644} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation) Task: {CA172CAC-542C-4DF3-BB49-87B01CB65372} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation) Task: {D6FFE3F4-C19B-4047-91BC-07FDBD3B2930} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644984 2018-07-18] (HP Inc. -> HP Inc.) Task: {E583AC74-5D1A-45C7-8A5E-8A816750F645} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform) Task: {F9BF530E-88BD-4C5D-93AD-443F4E971512} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-30] (Mozilla Corporation -> Mozilla Foundation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{3f35dac7-acf2-4530-8690-cfba24ffb473}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\hamre\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-15] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: gn826bg3.default FF ProfilePath: C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\gn826bg3.default [2020-05-12] FF ProfilePath: C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\ljh7u77t.default-release [2021-07-08] FF Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Roaming\Mozilla\Firefox\Profiles\ljh7u77t.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-06-23] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-06-27] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default [2021-07-15] CHR Notifications: Default -> hxxps://calendar.google.com CHR HomePage: Default -> hxxp://nytimes.com/ CHR StartupUrls: Default -> "hxxps://www.nytimes.com/","hxxps://www.optimum.net/login?referer=%2FWebmail%2FSSOBroker%3Ftarget%3Dhttps%3A%2F%2Fwebtop.webmail.optimum.net%2F","hxxps://www.google.com/webhp?source=search_app" CHR DefaultSearchKeyword: Default -> google.com__ CHR Extension: (Slides) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-09] CHR Extension: (Entanglement Web App) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2020-05-09] CHR Extension: (Docs) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-09] CHR Extension: (Google Drive) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24] CHR Extension: (YouTube) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-09] CHR Extension: (hxxps://www.findagrave.com/) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppkaoipkphocjgefgcifolhmnedjpgi [2020-05-09] CHR Extension: (Sheets) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-09] CHR Extension: (hxxps://finance.yahoo.com/quote/IBM/) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikegddiibopocgjpodbgcbndjoogpoi [2020-05-09] CHR Extension: (Google Docs Offline) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-29] CHR Extension: (LastPass: Free Password Manager) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-07-08] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-08] CHR Extension: (Disconnect) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-10-24] CHR Extension: (Yahoo Finance New Tab) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkjlpjkmkmhjinldbbjmhpmikljflfc [2020-05-09] CHR Extension: (ZIP Extractor) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfcakoljjhncfphlflcedhgogfhpbcd [2020-05-09] CHR Extension: (Chrome Web Store Payments) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24] CHR Extension: (Chrome Media Router) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-30] CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-07-15] CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-07-15] CHR Notifications: Profile 1 -> hxxps://flashymass.com; hxxps://kokotrokot.com; hxxps://www.overstock.com CHR Extension: (Slides) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-12] CHR Extension: (Docs) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-12] CHR Extension: (Google Drive) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21] CHR Extension: (YouTube) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-12] CHR Extension: (Adobe Acrobat) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-11] CHR Extension: (Sheets) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-12] CHR Extension: (Google Docs Offline) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-24] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05] CHR Extension: (Gmail) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22] CHR Extension: (Chrome Media Router) - C:\Users\hamre\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26] CHR Profile: C:\Users\hamre\AppData\Local\Google\Chrome\User Data\System Profile [2021-07-08] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2020-06-27] (Macrovision Corporation -> Macrovision Europe Ltd.) [File not signed] R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\AppHelperCap.exe [734752 2021-05-24] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\DiagsCap.exe [733192 2021-05-24] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\NetworkCap.exe [733216 2021-05-24] (HP Inc. -> HP Inc.) R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-09] (HP Inc. -> HP Inc.) R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8e04d689d875112c\x64\SysInfoCap.exe [733720 2021-05-24] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_4950c0f0d48ae6e7\x64\TouchpointAnalyticsClientService.exe [489512 2021-05-14] (HP Inc. -> HP Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-15] (Malwarebytes Inc -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RtkBtAudioServ; C:\WINDOWS\RtkBtAudioServ.exe [313344 2019-04-08] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1637936 2021-07-13] (WildTangent Inc -> ) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-14] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R3 clwvd9; C:\WINDOWS\System32\drivers\clwvd9.sys [60984 2019-09-08] (CyberLink Corp. -> CyberLink Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-03-28] (Malwarebytes Inc -> Malwarebytes) R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [25024 2019-04-18] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-15] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-15] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-23] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-15] (Malwarebytes Inc -> Malwarebytes) S3 RtkAvrcp; C:\WINDOWS\System32\drivers\RtkAvrcp.sys [88376 2018-10-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-02-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-07-15 17:24 - 2021-07-15 17:24 - 000027521 _____ C:\Users\hamre\Downloads\FRST.txt 2021-07-15 17:23 - 2021-07-15 17:24 - 000000000 ____D C:\FRST 2021-07-15 17:23 - 2021-07-15 17:23 - 002300416 _____ (Farbar) C:\Users\hamre\Downloads\FRST64.exe 2021-07-15 16:25 - 2021-07-15 16:25 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-07-15 16:25 - 2021-07-15 16:25 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-07-15 16:25 - 2021-07-15 16:25 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-07-15 16:25 - 2021-07-15 16:25 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-07-08 20:55 - 2021-07-08 20:55 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-07-08 20:55 - 2021-07-08 20:55 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-07-08 20:55 - 2021-07-08 20:55 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-07-08 20:55 - 2021-07-08 20:55 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-07-08 20:55 - 2021-07-08 20:55 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-07-08 20:55 - 2021-07-08 20:55 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-07-08 20:55 - 2021-07-08 20:55 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-07-08 20:55 - 2021-07-08 20:55 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-07-08 20:55 - 2021-07-08 20:55 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-07-08 20:55 - 2021-07-08 20:55 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-07-08 20:55 - 2021-07-08 20:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-07-08 20:55 - 2021-07-08 20:55 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-07-08 15:16 - 2021-07-08 15:16 - 000070510 _____ C:\Users\hamre\Downloads\Country-Examples-Refugee-Numbers.xlsx 2021-07-06 22:21 - 2021-07-06 22:21 - 001299943 _____ C:\Users\hamre\Downloads\AccidentEstimate.pdf 2021-07-04 10:34 - 2021-07-04 10:34 - 000031922 _____ C:\Users\hamre\Downloads\Atrium Timeline, draft 6.29.21 (1).pdf 2021-07-04 10:22 - 2021-07-04 10:22 - 008814817 _____ C:\Users\hamre\Downloads\SmithsonianUSATInspirationNationSpring2021reduced.pdf 2021-07-04 10:22 - 2021-07-04 10:22 - 005041862 _____ C:\Users\hamre\Downloads\Picture Our Journey_Learning Center_Fall 2021_description_6_29_21.pdf 2021-07-04 10:21 - 2021-07-04 10:21 - 001068408 _____ C:\Users\hamre\Downloads\immigration_pack_for_kids.pdf 2021-07-04 10:21 - 2021-07-04 10:21 - 001033539 _____ C:\Users\hamre\Downloads\Political_Cartoon_Analysis_Sample_Lesson_Plan_for_English_Learners_Index_Page_Numbers.pdf 2021-07-04 10:19 - 2021-07-04 10:19 - 000362103 _____ C:\Users\hamre\Downloads\#ImmigrationSyllabus.pdf 2021-07-03 15:17 - 2021-07-03 15:17 - 000617859 _____ C:\Users\hamre\Downloads\GrandCanyonPix (2).zip 2021-07-03 13:13 - 2021-07-03 13:13 - 000315884 _____ C:\Users\hamre\Downloads\Curatorial essay, Heather Ewing.pdf 2021-07-03 13:12 - 2021-07-03 13:12 - 000200470 _____ C:\Users\hamre\Downloads\Atrium timeline cartoons_interventions.pdf 2021-07-03 13:12 - 2021-07-03 13:12 - 000031922 _____ C:\Users\hamre\Downloads\Atrium Timeline, draft 6.29.21.pdf 2021-07-03 13:11 - 2021-07-03 13:11 - 000190554 _____ C:\Users\hamre\Downloads\ARRIVALS_RighterElevations.pdf 2021-07-03 13:10 - 2021-07-03 13:10 - 162728615 _____ C:\Users\hamre\Downloads\Arrivals_Images_210401.pptx 2021-07-03 13:09 - 2021-07-03 13:09 - 000152650 _____ C:\Users\hamre\Downloads\ARRIVALS_Beitzel Elevations_Alternate.pdf 2021-07-03 13:08 - 2021-07-03 13:08 - 000485223 _____ C:\Users\hamre\Downloads\Today non-full doc.pdf 2021-07-03 13:07 - 2021-07-03 13:07 - 000592457 _____ C:\Users\hamre\Downloads\Ellis_Angel Island - not full doc - NH.pdf 2021-07-03 13:07 - 2021-07-03 13:07 - 000339851 _____ C:\Users\hamre\Downloads\1965 full docent training notes - EW.pdf 2021-07-03 13:06 - 2021-07-03 13:06 - 000498863 _____ C:\Users\hamre\Downloads\Slavery_Middle Passage - not full doc - NH.pdf 2021-07-03 13:04 - 2021-07-03 13:04 - 000588012 _____ C:\Users\hamre\Downloads\Mayflower full docent training notes - EW.pdf 2021-07-02 13:04 - 2021-07-02 13:04 - 006406651 _____ C:\Users\hamre\Downloads\Hamren Proposal.pdf 2021-06-23 15:08 - 2021-06-23 15:08 - 000000000 ____D C:\Users\hamre\AppData\Local\GoToAssist Corporate 2021-06-16 15:16 - 2021-06-16 15:16 - 000002491 _____ C:\Users\hamre\Downloads\Cladogram resources.zip 2021-06-15 10:33 - 2021-06-15 10:33 - 007043489 _____ C:\Users\hamre\Downloads\MaryJane.zip ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-07-15 17:03 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-07-15 17:00 - 2020-05-09 17:38 - 000000000 ____D C:\Program Files (x86)\Google 2021-07-15 16:25 - 2020-05-10 11:47 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-07-15 16:25 - 2020-05-10 11:47 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-07-15 16:22 - 2020-05-09 17:09 - 000000000 __SHD C:\Users\hamre\IntelGraphicsProfiles 2021-07-15 16:19 - 2021-03-07 02:11 - 000934906 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-07-15 16:19 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2021-07-15 16:15 - 2020-05-10 11:14 - 000000000 ____D C:\Program Files\CCleaner 2021-07-15 16:13 - 2021-03-07 02:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-07-15 16:13 - 2021-03-07 02:02 - 000008192 ___SH C:\DumpStack.log.tmp 2021-07-15 16:13 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-07-15 16:08 - 2021-03-07 02:08 - 000004156 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{26FB9C09-3C01-41DA-BCE2-5B69C645769A} 2021-07-15 16:05 - 2021-03-07 02:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-07-15 09:00 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-07-15 09:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-07-15 08:51 - 2020-05-09 18:12 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-07-14 20:54 - 2021-03-07 02:08 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-07-14 20:54 - 2021-03-07 02:08 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-07-10 20:15 - 2020-05-09 17:43 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-07-08 22:00 - 2021-03-07 02:02 - 000468384 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-07-08 22:00 - 2020-01-09 07:00 - 000000000 ____D C:\Program Files\Microsoft Office 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-07-08 21:59 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-07-08 20:57 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-07-08 15:17 - 2020-05-09 17:05 - 000000000 ____D C:\Users\hamre\AppData\Local\Packages 2021-07-05 12:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-07-05 12:09 - 2021-03-07 02:08 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-07-01 20:59 - 2020-05-09 17:38 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-07-01 20:58 - 2021-04-26 09:40 - 000003384 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71318ce14a59 2021-07-01 20:58 - 2021-03-07 02:08 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-06-29 13:13 - 2020-11-10 14:47 - 000000000 ____D C:\Users\hamre\AppData\Local\CrashDumps 2021-06-24 12:26 - 2020-05-12 07:37 - 000000000 ____D C:\Users\hamre\AppData\LocalLow\Mozilla 2021-06-24 12:26 - 2020-05-12 07:37 - 000000000 ____D C:\ProgramData\Mozilla 2021-06-23 18:21 - 2021-02-05 13:51 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-23 15:16 - 2020-05-12 07:37 - 000000000 ____D C:\Program Files\Mozilla Firefox ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== FRST.txt Addition.txt
  3. Let us close out this thread. About the time I posted to this forum I also made a plea to Malwarebytes Customer Support. I should have closed this thread then but thought perhaps folk here might be able to add something. To make a long story short, over 6 days I believe we tried everything in the Malwarebytes Customer Support toolkit. At that point I threw up my hands and took the machine in to a local Staples. They were able to uncover 2 items malware that had not been removed to this point - hijacked.browseui, and a trojan, js/redirector.nbx. I struggle to understand how they have better malware removal tools but there it is. It also turns out that the hard drive on this system is apparently beginning to fail which no doubt added to the slowness issues.
  4. FSS report, run in Safe Mode ==> Farbar Service Scanner Version: 26-07-2013 Ran by Dad and Mom (administrator) on 26-07-2013 at 16:14:42 Running from "C:\Documents and Settings\Dad and Mom\Desktop" Microsoft Windows XP Home Edition Service Pack 3 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll". EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs". The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll". Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(10) Tcpip(3) 0x0A000000040000000100000002000000030000000A0000000800000005000000060000000700000009000000 IpSec Tag value is correct. **** End of log ****
  5. The problem system is so excruciatingly slow that I can really only run it in Safe Mode. I ran FRST in Safe Mode and here are the results: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013 Ran by Administrator (administrator) on 24-07-2013 19:43:01 Running from C:\Documents and Settings\Administrator\My Documents Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation) HKLM\...\runonceex: [] - [x] HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-12] (Adobe Systems Incorporated) HKU\Guest\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2013-02-22] (Google Inc.) HKU\Guest\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime [ 2012-10-25] (Apple Inc.) HKU\Jenny\...\Run: [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation) HKU\Jenny\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ 2013-02-22] (Google Inc.) HKU\Jenny\...\Run: [Aim] - "C:\Program Files\AIM\aim.exe" /d locale=en-US [ 2011-01-05] (AOL Inc.) HKU\Jenny\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [ 2010-04-02] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02133^us&si=COLm0_T0rrICFUhN4AodAVkALQ&ptb=887B2874-5C58-4F3B-9B11-6C4DD6BC031F&psa=&ind=2012091121&st=sb&n=77ee12f1&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ========================== Services (Whitelisted) ================= S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated) S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 N360; C:\Program Files\Norton 360\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation) S2 ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [181312 2003-02-04] () S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.) S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x] S4 WUSB54Gv42SVC; "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" [x] ==================== Drivers (Whitelisted) ==================== S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [20747 2007-12-27] (Meetinghouse Data Communications) S1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] () S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-06-18] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-07-18] (Symantec Corporation) R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [987904 2007-06-20] (Conexant Systems, Inc.) S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130723.001\IDSxpx86.sys [373728 2012-10-19] (Symantec Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130723.024\NAVENG.SYS [93272 2013-07-18] (Symantec Corporation) S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130723.024\NAVEX15.SYS [1611992 2013-07-18] (Symantec Corporation) S1 SRTSP; C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation) S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142496 2013-06-10] (Symantec Corporation) S3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [44064 2013-03-04] (Symantec Corporation) R3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [44064 2013-03-04] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation) S1 SYMTDI; C:\Windows\System32\Drivers\N360\1404000.028\SYMTDI.SYS [396760 2013-04-24] (Symantec Corporation) S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.) R3 WUSB54GPV4SRV; C:\Windows\System32\DRIVERS\rt2500usb.sys [245376 2005-10-17] (Ralink Technology Inc.) S0 Lbd; system32\DRIVERS\Lbd.sys [x] S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308030.006\SYMFW.SYS [x] S3 SYMIDS; \SystemRoot\System32\Drivers\N360\0308030.006\SYMIDS.SYS [x] S3 SYMNDIS; \SystemRoot\System32\Drivers\N360\0308030.006\SYMNDIS.SYS [x] U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-24 19:42 - 2013-07-24 19:42 - 00000000 ____D C:\FRST 2013-07-24 19:34 - 2013-07-24 19:36 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine 2013-07-24 19:33 - 2013-07-24 18:48 - 01220306 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe 2013-07-24 19:33 - 2013-07-24 18:26 - 00915968 _____ C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe 2013-07-24 18:08 - 2013-07-24 18:05 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\My Documents\TFC.exe 2013-07-24 16:47 - 2013-07-24 17:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-24 16:45 - 2013-07-24 16:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\mbar 2013-07-24 16:44 - 2013-07-24 16:32 - 13399154 _____ C:\Documents and Settings\Administrator\My Documents\mbar-1.06.0.1004.zip 2013-07-24 14:34 - 2013-07-24 14:34 - 00022530 _____ C:\Documents and Settings\Administrator\My Documents\attach.txt 2013-07-24 14:34 - 2013-07-24 14:34 - 00011418 _____ C:\Documents and Settings\Administrator\My Documents\dds.txt 2013-07-24 14:33 - 2013-07-24 14:33 - 00022530 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt 2013-07-24 14:33 - 2013-07-24 14:33 - 00011418 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt 2013-07-24 14:32 - 2013-07-24 14:32 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\My Documents\dds.com 2013-07-24 08:40 - 2013-07-24 09:11 - 00046640 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe 2013-07-24 08:28 - 2013-07-24 08:28 - 00006928 _____ C:\{3805D55E-7B97-4D4A-AE9D-DE9BBAB343FD} 2013-07-23 22:22 - 2013-07-24 08:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SMR322 2013-07-23 22:17 - 2013-07-24 08:40 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\NPE 2013-07-23 22:11 - 2013-07-23 22:11 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Dad and Mom\Desktop\NPE.exe 2013-07-13 04:01 - 2013-07-13 04:05 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-11 04:34 - 2013-07-11 04:34 - 00021806 _____ C:\WINDOWS\KB2834904.log 2013-07-11 04:34 - 2013-07-11 04:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-11 04:33 - 2013-07-11 04:33 - 00021841 _____ C:\WINDOWS\KB2834886.log 2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-11 04:32 - 2013-07-11 04:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-11 04:19 - 2013-07-11 04:34 - 00030794 _____ C:\WINDOWS\FaxSetup.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00014780 _____ C:\WINDOWS\ocgen.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00011795 _____ C:\WINDOWS\tsoc.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00010267 _____ C:\WINDOWS\comsetup.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00006222 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00004884 _____ C:\WINDOWS\iis6.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00001710 _____ C:\WINDOWS\ocmsn.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00001545 _____ C:\WINDOWS\msgsocm.log 2013-07-11 04:19 - 2013-07-11 04:34 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-11 04:19 - 2013-07-11 04:33 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-11 04:19 - 2013-07-11 04:19 - 00002763 _____ C:\WINDOWS\updspapi.log 2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setupact.log 2013-07-11 04:16 - 2013-07-11 04:19 - 00024535 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-11 01:43 - 2013-07-11 04:33 - 00039963 _____ C:\WINDOWS\KB2850851.log 2013-07-11 01:43 - 2013-07-11 04:32 - 00039828 _____ C:\WINDOWS\KB2845187.log 2013-07-01 12:52 - 2013-07-01 12:52 - 00000000 ____D C:\Program Files\Dropbox 2013-06-25 21:12 - 2013-07-24 16:42 - 00012129 _____ C:\WINDOWS\setupapi.log ==================== One Month Modified Files and Folders ======= 2013-07-24 19:42 - 2013-07-24 19:42 - 00000000 ____D C:\FRST 2013-07-24 19:36 - 2013-07-24 19:34 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\RK_Quarantine 2013-07-24 19:34 - 2012-04-25 21:32 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop 2013-07-24 19:31 - 2012-03-15 17:23 - 01222402 _____ C:\WINDOWS\WindowsUpdate.log 2013-07-24 19:31 - 2012-02-09 15:06 - 00000616 ____H C:\WINDOWS\Tasks\ConfigExec.job 2013-07-24 19:31 - 2004-08-10 15:08 - 00032514 _____ C:\WINDOWS\SchedLgU.Txt 2013-07-24 19:31 - 2004-08-10 15:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-07-24 19:04 - 2012-08-18 08:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-07-24 19:04 - 2007-12-31 16:56 - 00000272 _____ C:\WINDOWS\wiadebug.log 2013-07-24 19:00 - 2007-12-26 14:35 - 00000178 ___SH C:\Documents and Settings\Dad and Mom\ntuser.ini 2013-07-24 18:59 - 2011-08-06 18:27 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006UA.job 2013-07-24 18:51 - 2009-12-25 11:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-24 18:48 - 2013-07-24 19:33 - 01220306 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe 2013-07-24 18:26 - 2013-07-24 19:33 - 00915968 _____ C:\Documents and Settings\Administrator\My Documents\RogueKiller.exe 2013-07-24 18:22 - 2004-08-10 14:51 - 00000639 _____ C:\WINDOWS\win.ini 2013-07-24 18:22 - 2004-08-10 14:51 - 00000211 __RSH C:\boot.ini 2013-07-24 18:21 - 2004-08-10 14:51 - 00000227 _____ C:\WINDOWS\system.ini 2013-07-24 18:19 - 2007-12-31 16:56 - 00000049 _____ C:\WINDOWS\wiaservc.log 2013-07-24 18:17 - 2012-04-25 21:32 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-24 18:05 - 2013-07-24 18:08 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\My Documents\TFC.exe 2013-07-24 17:49 - 2013-07-24 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-07-24 16:45 - 2013-07-24 16:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\mbar 2013-07-24 16:42 - 2013-06-25 21:12 - 00012129 _____ C:\WINDOWS\setupapi.log 2013-07-24 16:32 - 2013-07-24 16:44 - 13399154 _____ C:\Documents and Settings\Administrator\My Documents\mbar-1.06.0.1004.zip 2013-07-24 16:24 - 2007-12-26 14:35 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Desktop 2013-07-24 14:34 - 2013-07-24 14:34 - 00022530 _____ C:\Documents and Settings\Administrator\My Documents\attach.txt 2013-07-24 14:34 - 2013-07-24 14:34 - 00011418 _____ C:\Documents and Settings\Administrator\My Documents\dds.txt 2013-07-24 14:33 - 2013-07-24 14:33 - 00022530 _____ C:\Documents and Settings\Administrator\Desktop\attach.txt 2013-07-24 14:33 - 2013-07-24 14:33 - 00011418 _____ C:\Documents and Settings\Administrator\Desktop\dds.txt 2013-07-24 14:32 - 2013-07-24 14:32 - 00688992 ____R (Swearware) C:\Documents and Settings\Administrator\My Documents\dds.com 2013-07-24 14:06 - 2012-02-09 15:06 - 00000580 ____H C:\WINDOWS\Tasks\DataUpload.job 2013-07-24 09:11 - 2013-07-24 08:40 - 00046640 _____ (Symantec Corporation) C:\WINDOWS\system32\msln.exe 2013-07-24 08:45 - 2013-07-23 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SMR322 2013-07-24 08:40 - 2013-07-23 22:17 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\NPE 2013-07-24 08:28 - 2013-07-24 08:28 - 00006928 _____ C:\{3805D55E-7B97-4D4A-AE9D-DE9BBAB343FD} 2013-07-24 02:53 - 2011-08-06 18:27 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006Core.job 2013-07-23 22:23 - 2007-12-27 16:51 - 00000000 ____D C:\Program Files\WCG BOINC 2013-07-23 22:23 - 2007-12-26 14:35 - 00000000 ____D C:\Documents and Settings\Dad and Mom 2013-07-23 22:18 - 2009-04-18 13:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2013-07-23 22:11 - 2013-07-23 22:11 - 02986440 _____ (Symantec Corporation) C:\Documents and Settings\Dad and Mom\Desktop\NPE.exe 2013-07-23 20:22 - 2009-03-30 19:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-23 16:45 - 2009-12-25 11:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-22 11:12 - 2012-08-27 14:54 - 00000000 ___RD C:\Documents and Settings\Dad and Mom\My Documents\Dropbox 2013-07-22 11:12 - 2012-08-27 14:48 - 00000000 ____D C:\Documents and Settings\Dad and Mom\Application Data\Dropbox 2013-07-22 08:30 - 2008-06-15 12:42 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-07-20 13:22 - 2007-12-31 17:10 - 01106186 _____ C:\WINDOWS\system32\TEST.log 2013-07-13 04:05 - 2013-07-13 04:01 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-07-13 02:56 - 2011-08-06 18:28 - 00002368 _____ C:\Documents and Settings\Dad and Mom\Desktop\Google Chrome.lnk 2013-07-11 04:58 - 2004-08-10 14:57 - 00198552 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-07-11 04:43 - 2004-08-10 15:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-07-11 04:37 - 2004-08-10 14:57 - 00603956 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-07-11 04:34 - 2013-07-11 04:34 - 00021806 _____ C:\WINDOWS\KB2834904.log 2013-07-11 04:34 - 2013-07-11 04:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$ 2013-07-11 04:34 - 2013-07-11 04:19 - 00030794 _____ C:\WINDOWS\FaxSetup.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00014780 _____ C:\WINDOWS\ocgen.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00011795 _____ C:\WINDOWS\tsoc.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00010267 _____ C:\WINDOWS\comsetup.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00006222 _____ C:\WINDOWS\ntdtcsetup.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00004884 _____ C:\WINDOWS\iis6.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00001710 _____ C:\WINDOWS\ocmsn.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00001545 _____ C:\WINDOWS\msgsocm.log 2013-07-11 04:34 - 2013-07-11 04:19 - 00001374 _____ C:\WINDOWS\imsins.log 2013-07-11 04:33 - 2013-07-11 04:33 - 00021841 _____ C:\WINDOWS\KB2834886.log 2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$ 2013-07-11 04:33 - 2013-07-11 04:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-07-11 04:33 - 2013-07-11 04:19 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-07-11 04:33 - 2013-07-11 01:43 - 00039963 _____ C:\WINDOWS\KB2850851.log 2013-07-11 04:32 - 2013-07-11 04:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-07-11 04:32 - 2013-07-11 01:43 - 00039828 _____ C:\WINDOWS\KB2845187.log 2013-07-11 04:20 - 2007-11-27 02:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-07-11 04:19 - 2013-07-11 04:19 - 00002763 _____ C:\WINDOWS\updspapi.log 2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-07-11 04:19 - 2013-07-11 04:19 - 00000000 _____ C:\WINDOWS\setupact.log 2013-07-11 04:19 - 2013-07-11 04:16 - 00024535 _____ C:\WINDOWS\KB2846071-IE8.log 2013-07-11 04:19 - 2009-09-19 10:47 - 00000000 ____D C:\WINDOWS\ie8updates 2013-07-11 04:01 - 2007-12-27 10:46 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-07-01 12:52 - 2013-07-01 12:52 - 00000000 ____D C:\Program Files\Dropbox 2013-07-01 12:52 - 2012-08-27 14:54 - 00001080 _____ C:\Documents and Settings\Dad and Mom\Desktop\Dropbox.lnk 2013-06-28 23:06 - 2007-12-30 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-06-28 12:51 - 2008-04-14 21:53 - 00042496 _____ C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-24 00:37 - 2007-12-27 01:11 - 75733144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ and Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-07-2013 Ran by Administrator at 2013-07-24 19:43:41 Running from C:\Documents and Settings\Administrator\My Documents Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Installed Programs ======================= 32 Bit HP CIO Components Installer (Version: 2.1.5) 7-zip v9.20 (Version: v9.20) Acrobat.com (Version: 0.0.0) Acrobat.com (Version: 1.1.377) Adobe AIR (Version: 3.1.0.4880) Adobe Digital Editions Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Photoshop Elements 7.0 (Version: 7.0) Adobe Photoshop Elements 7.0 (Version: 7.0.0.3) Adobe Photoshop.com Inspiration Browser (Version: 2.61) Adobe Reader XI (11.0.03) (Version: 11.0.03) Adobe Shockwave Player 11.5 (Version: 11.5.8.612) AIM 7 AIO_Scan (Version: 90.0.189.000) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) aspi (Version: 3.00.0008.0000) Bonjour (Version: 3.0.0.10) Books That Work 3DLAND2 version 2.0.1 Browser Address Error Redirector (Version: 1.00.0000) BufferChm (Version: 90.0.146.000) C7200 (Version: 90.0.189.000) C7200_doccd (Version: 90.0.189.000) c7200_Help (Version: 90.0.189.000) Canon MG6200 series On-screen Manual CCHelp (Version: 3.00.0010.0000) CCleaner (Version: 4.01) CCScore (Version: 3.00.0020.0001) Coastal Explorer Express Conexant D850 PCI V.92 Modem Copy (Version: 90.0.146.000) Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder (Version: 1.00.0000) DB2000V3 (Version: 7.00.0004) DB2000V3 (Version: 9.05.007) Dell DataSafe Online (Version: 1.0.15) Dell Driver Reset Tool (Version: 1.02.0000) Dell Support Center (Support Software) (Version: 2.2.09085) Dell System Restore (Version: 2.00.0000) Destination Component (Version: 090.000.091.086) DeviceDiscovery (Version: 110.0.180.000) DeviceManagementQFolder (Version: 1.00.0000) Digital Line Detect (Version: 1.21) DivX Web Player (Version: 1.4.2) DocProc (Version: 9.0.0.0) DocProcQFolder (Version: 1.00.0000) Documentation & Support Launcher (Version: 1.00.0000) Download Updater (AOL LLC) ESSAdpt (Version: 3.00.0011.0000) ESSANUP (Version: 3.00.0004.0000) ESSCAM (Version: 3.00.0010.0000) ESSCDBK (Version: 3.00.0012.0000) ESScore (Version: 3.00.0019.0000) ESSgui (Version: 3.00.0017.0000) ESShelp (Version: 3.00.0011.0000) ESSini (Version: 3.00.0017.0001) ESSPCD (Version: 3.00.0020.0001) ESSvpaht (Version: 3.00.0017.0000) ESSvpot (Version: 3.00.0017.0002) eSupportQFolder (Version: 1.00.0000) Fax (Version: 120.0.194.000) Games, Music, & Photos Launcher (Version: 1.00.0000) Garmin Communicator Plugin (Version: 3.0.1) Garmin USB Drivers (Version: 2.3.0.0) Garmin WebUpdater (Version: 2.5.2) Google Earth (Version: 7.0.3.8542) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4209.2358) Google Update Helper (Version: 1.3.21.153) Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) High Definition Audio Driver Package - KB835221 (Version: 20040219.000000) HP Customer Participation Program 9.0 (Version: 9.0) HP Imaging Device Functions 9.0 (Version: 9.0) HP OCR Software 9.0 (Version: 9.0) HP Photosmart All-In-One Software 9.0 (Version: 9.0) HP Photosmart Essential 2.01 (Version: 2.01) HP Photosmart Essential2.01 (Version: 1.01.0000) HP Product Assistant (Version: 100.000.001.000) HP Product Detection (Version: 11.14.0001) HP Smart Web Printing 4.60 (Version: 4.60) HP Solution Center 9.0 (Version: 9.0) HP Update (Version: 5.003.001.001) HPDiagnosticAlert (Version: 1.00.0000) HPProductAssistant (Version: 90.0.146.000) HPSSupply (Version: 2.2.0.0000) IBM MQSeries Client V5.2.1 Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000) Intel® PRO Network Connections 12.1.12.0 (Version: ) Internet Service Offers Launcher (Version: 1.00.0000) iTunes (Version: 11.0.2.26) J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java 6 Update 24 (Version: 6.0.240) JavaFX 2.1.1 (Version: 2.1.1) Kodak EasyShare software KSU (Version: 612.7.0008.0000) LeadTool (Version: 3.00.0001.0000) LG United Mobile Drivers (Version: 3.3.0.0) Linksys Wireless-G USB Network Adapter Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MarketResearch (Version: 90.0.146.000) Merriam-Webster's Reference Library Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Automated Troubleshooting Services Shim Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Fix it Center (Version: 1.0.0100) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514) Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries (Version: 1.0.0) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MobileMe Control Panel (Version: 2.6.0.29) Modem Diagnostic Tool (Version: 1.0.17.2) Mouse Suite for Desktop Computers (Version: 2.50.025) Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1) Mozilla Maintenance Service (Version: 15.0.1) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0) Musicmatch for Windows Media Player (Version: 0.00.000) Musicnotes Player V1.23.2 (Version: 1.23.2) NetAssistant (Version: 3.8.3) NetWaiting (Version: 2.5.44) Norton 360 (Version: 20.4.0.40) Notifier (Version: 3.00.0006.0000) OneClickdigital Media Manager (Version: 61.0.0.0) OTtBP (Version: 3.00.0007.0000) OverDrive Media Console (Version: 3.2.20) Pando Media Booster (Version: 2.3.3.6) PanoStandAlone (Version: 90.0.146.000) PCDADDIN (Version: 3.00.0001.0008) PCDHELP (Version: 3.00.0001.0000) PCDLNCH (Version: 3.00.0001.0002) PCDrdsho (Version: 3.00.0001.0001) PhotoshopdotcomInspirationBrowser (Version: 0.0.0) PowerDVD (Version: 7.0) PrimoPDF -- brought to you by Nitro PDF Software (Version: 5) PS_AIO_02_ProductContext (Version: 90.0.189.000) PS_AIO_02_Software (Version: 90.0.189.000) PS_AIO_02_Software_min (Version: 90.0.189.000) PSSWCORE (Version: 2.01.0000) QuickTime (Version: 7.73.80.64) Realtek High Definition Audio Driver (Version: 5.10.0.5548) Roxio Creator Audio (Version: 3.3.0) Roxio Creator BDAV Plugin (Version: 3.3.0) Roxio Creator Copy (Version: 3.3.0) Roxio Creator Data (Version: 3.3.0) Roxio Creator DE (Version: 3.3.0) Roxio Creator Tools (Version: 3.3.0) Roxio Drag-to-Disc (Version: 9.0) Roxio Express Labeler (Version: 2.1.0) Roxio MyDVD DE (Version: 9.0.116) Roxio Update Manager (Version: 3.0.0) Scan (Version: 9.0.0.0) SearchAssist SFR (Version: 3.01.0002.0001) SFR2 (Version: 3.00.0004.0000) SmartWebPrinting (Version: 140.0.186.000) SolutionCenter (Version: 90.0.146.000) Sonic Activation Module (Version: 1.0) Status (Version: 110.0.180.000) System Requirements Lab for Intel (Version: 4.4.22.0) Toolbox (Version: 90.0.146.000) TrayApp (Version: 110.0.180.000) UnloadSupport (Version: 9.0.0) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB957244) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB957242) Update for Microsoft Office PowerPoint 2007 Help (KB957247) Update for Microsoft Office Word 2007 Help (KB957252) Update for Windows Internet Explorer 8 (KB976749) (Version: 1) Update for Windows XP (KB2141007) (Version: 1) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB973687) (Version: 1) USB MassStorage CardReader VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0) Verizon V CAST Media Manager VideoToolkit01 (Version: 90.0.146.000) Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01) WebFldrs XP (Version: 9.50.7523) WebReg (Version: 90.0.146.000) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0) Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2) Windows Imaging Component (Version: 3.0.0.0) Windows Internet Explorer 7 (Version: 20070813.185237) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Media Format 11 runtime Windows Media Player 10 (Version: 9.00.3636) Windows Presentation Foundation (Version: 3.0.6920.0) Windows XP Service Pack 3 (Version: 20080414.031525) World Community Grid - BOINC Agent (Version: 5.10.30) XML Paper Specification Shared Components Pack 1.0 Zeus Zoo Tycoon 2 (Version: 1.0) Zoo Tycoon Expanded ==================== Restore Points ========================= 26-04-2013 20:42:49 System Checkpoint 30-04-2013 13:57:18 System Checkpoint 01-05-2013 14:19:50 System Checkpoint 02-05-2013 14:29:59 System Checkpoint 03-05-2013 15:05:58 System Checkpoint 11-05-2013 03:30:00 System Checkpoint 13-05-2013 01:53:20 System Checkpoint 14-05-2013 17:00:48 System Checkpoint 15-05-2013 08:00:22 Software Distribution Service 3.0 16-05-2013 08:42:24 System Checkpoint 17-05-2013 09:42:24 System Checkpoint 17-05-2013 15:39:13 Norton 360 Registry Clean 21-05-2013 22:08:46 System Checkpoint 22-05-2013 22:59:20 System Checkpoint 25-05-2013 10:37:25 System Checkpoint 29-05-2013 00:54:48 System Checkpoint 30-05-2013 00:57:00 System Checkpoint 04-06-2013 00:34:32 System Checkpoint 05-06-2013 01:06:14 System Checkpoint 06-06-2013 02:05:03 System Checkpoint 08-06-2013 07:50:49 System Checkpoint 11-06-2013 17:41:20 System Checkpoint 12-06-2013 13:13:37 Installed OneClickdigital Media Manager. 13-06-2013 08:00:16 Software Distribution Service 3.0 14-06-2013 08:39:05 System Checkpoint 15-06-2013 08:41:34 System Checkpoint 16-06-2013 08:52:35 System Checkpoint 20-06-2013 02:37:00 Installed Java 7 Update 25 21-06-2013 02:45:29 System Checkpoint 25-06-2013 13:28:20 System Checkpoint 26-06-2013 13:42:18 System Checkpoint 27-06-2013 14:41:13 System Checkpoint 30-06-2013 02:38:07 System Checkpoint 01-07-2013 03:22:52 System Checkpoint 02-07-2013 03:45:53 System Checkpoint 06-07-2013 09:08:49 System Checkpoint 07-07-2013 09:20:29 System Checkpoint 08-07-2013 20:15:10 System Checkpoint 09-07-2013 20:45:40 System Checkpoint 10-07-2013 21:15:01 System Checkpoint 11-07-2013 08:00:34 Software Distribution Service 3.0 12-07-2013 08:02:59 System Checkpoint 13-07-2013 08:00:19 Software Distribution Service 3.0 14-07-2013 08:14:18 System Checkpoint 15-07-2013 16:03:38 System Checkpoint 16-07-2013 23:48:48 System Checkpoint 18-07-2013 00:13:15 System Checkpoint 19-07-2013 12:39:59 System Checkpoint 20-07-2013 17:40:00 System Checkpoint 21-07-2013 18:27:09 System Checkpoint 22-07-2013 19:21:03 System Checkpoint 23-07-2013 20:14:58 System Checkpoint 24-07-2013 12:08:40 Norton_Power_Eraser_20130724075820406 ==================== Hosts content: ========================== 2004-08-10 14:51 - 2012-04-26 15:19 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => ? Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\WINDOWS\system32\rundll32.exe Task: C:\WINDOWS\Tasks\DataUpload.job => C:\WINDOWS\system32\rundll32.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006Core.job => C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3031762364-297865588-2949959706-1006UA.job => C:\Documents and Settings\Dad and Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 11:22:02 AM) (Source: Application Hang) (User: ) Description: Fault bucket 734562961. Error: (07/24/2013 11:14:59 AM) (Source: Application Hang) (User: ) Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (07/24/2013 10:21:48 AM) (Source: ESENT) (User: ) Description: wuaueng.dll (2168) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (07/24/2013 10:21:48 AM) (Source: ESENT) (User: ) Description: wuauclt (2168) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (07/24/2013 10:21:38 AM) (Source: ESENT) (User: ) Description: wuaueng.dll (2168) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (07/24/2013 10:21:38 AM) (Source: ESENT) (User: ) Description: wuauclt (2168) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (07/22/2013 06:21:00 PM) (Source: ESENT) (User: ) Description: wuaueng.dll (992) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (07/22/2013 06:21:00 PM) (Source: ESENT) (User: ) Description: wuauclt (992) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (07/22/2013 06:20:50 PM) (Source: ESENT) (User: ) Description: wuaueng.dll (992) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error: (07/22/2013 06:20:50 PM) (Source: ESENT) (User: ) Description: wuauclt (992) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). System errors: ============= Error: (07/24/2013 07:36:25 PM) (Source: DCOM) (User: FAMILYROOM) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/24/2013 07:34:10 PM) (Source: DCOM) (User: FAMILYROOM) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/24/2013 07:33:48 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_N360 eeCtrl Fips intelppm Lbd SRTSP SRTSPX SymIRON SYMTDI Error: (07/24/2013 07:33:06 PM) (Source: DCOM) (User: FAMILYROOM) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (07/24/2013 07:32:38 PM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (07/24/2013 07:04:16 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Microsoft Office Sessions: ========================= Error: (02/21/2010 00:09:01 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25145 seconds with 9480 seconds of active time. This session ended with a crash. Error: (10/25/2009 06:17:15 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15085 seconds with 3660 seconds of active time. This session ended with a crash. Error: (09/28/2009 06:35:16 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 28772 seconds with 480 seconds of active time. This session ended with a crash. Error: (06/26/2008 06:32:42 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 192024 seconds with 4020 seconds of active time. This session ended with a crash. Error: (06/07/2008 09:44:15 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (04/13/2008 09:37:26 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3061.1 MB Available physical RAM: 2623.56 MB Total Pagefile: 4427.82 MB Available Pagefile: 4194.17 MB Total Virtual: 2047.88 MB Available Virtual: 1956.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:294.71 GB) (Free:202.64 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive j: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:451.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: D0F4738C) Partition 1: (Not Active) - (Size=47 MB) - (Type=DE) Partition 2: (Active) - (Size=295 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=3 GB) - (Type=DB) ======================================================== Disk: 6 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 357DB846) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. I have a desktop running Windows XP. The last time performance degraded so completely I ended up taking the machine to Staples. They found and removed a virus and charged me big time. Immediately following I installed MBPro. I'm now running version 1.75.0.1300, db version 2013-07-24-06. Unfortunately it is finding no threats. Eventually I was able to reboot in safe mode where the system is reasonably responsive. Attached are the DDS and Attach results. Any and all help will be greatly appreciated. attach.txt dds.txt
  7. I have the same problem, except no viruses found when running MBAM. I was able to restore the system (Windows 7 Home Premium) with a restore point but now don't have MBAM.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.