Jump to content

peauxrouge

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by peauxrouge

  1. OK, that went much quicker. Attached is the log file. Thanks! Fixlog.txt
  2. Thanks for the response! I did as you asked. The FRST seemed to run but explorer hung and after a few hours we had to just restart the computer but it does look like it created a log file. We ran the sophos tool as well and we are attaching them here. Since the reboot, we have not noticed the proxy turn back on yet. Thanks for your time! Fixlog.txt SophosScanAndClean_20240306_1119.log
  3. Hello, I appear to have something malicious running on our PC. The proxy settings keep enabling after about 5-10 minutes and I have tracked it down the a powershell process. If I close it down, I can disable the proxy and internet works OK. The process will come back, though. I've attached the FRST logs here. Thanks for all your time! Addition.txt FRST.txt
  4. The program starts but crashes shortly after starting up. I have attached a screen shot of the Dr. Watson error. I tried it in normal mode first and then in safe mode. Same crash each time.
  5. Here are the revised logs run from normal mode. Usually run most things from safe mode in this kind of situation. Apologies. Thanks. FRST.txt Addition.txt
  6. Hey there, I've run some tools to get rid of bugs on this laptop, but it appears that there is damage done from them, obviously. When I try and run most any program now, mbam included, I get error in the topic title, essentially a bad image. I do believe most of the malware is gone, but having a tough time getting by this one. Oh, and right-click context menus are not working, when you right click, it kills explorer.exe as does hitting Ctrl + C. Here are the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015 Ran by Administrator (administrator) on TRAINING10-M65 (29-07-2015 18:15:02) Running from E:\ Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2006-05-01] (Intel Corporation) HKLM\...\Run: [intelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2006-05-01] (Intel Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1228800 2007-07-20] (Dell Inc.) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [brStsWnd] => C:\Program Files\Brownie\BrstsWnd.exe [864256 2008-01-08] (brother) HKLM\...\Run: [iSUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation) HKU\S-1-5-21-3370010240-367182080-656701594-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-03] (Dropbox, Inc.) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-12] (Microsoft Corporation) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-03] ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-04-14] ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk [2010-06-30] ShortcutTarget: QuickBooks Delivery Agent.lnk -> C:\QBOOKSW\Components\QBAgent\QBDAgent.exe () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3370010240-367182080-656701594-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope value is missing BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-10] (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-10] (Sun Microsystems, Inc.) DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} http://images.fotki.com/activex/FotkiUploader.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5E1E5C1A-3101-4164-8284-4C1A234E8238}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{76378511-82F0-4DD7-99FA-29549BF9C022}: [DhcpNameServer] 192.168.0.1 205.171.3.25 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2008-10-04] () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2012-04-10] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) FF Plugin HKU\S-1-5-21-3370010240-367182080-656701594-500: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3370010240-367182080-656701594-500: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3370010240-367182080-656701594-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin HKU\S-1-5-21-3370010240-367182080-656701594-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009-01-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Administrator\Application Data\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-04-10] Chrome: ======= CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-04-10] (Sun Microsystems, Inc.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation) S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) S4 RemoteAccess; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2006-05-01] (Intel Corporation ) S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-12-31] (SolidWorks) S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217 2006-05-01] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 a320raid; C:\WINDOWS\System32\DRIVERS\a320raid.sys [251194 2004-08-12] (Adaptec, Inc.) S4 aac; C:\WINDOWS\System32\DRIVERS\aac.sys [48140 2004-08-12] (Adaptec, Inc.) R0 aarich; C:\WINDOWS\System32\DRIVERS\aarich.sys [241815 2004-08-12] (Adaptec, Inc.) S2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21275 2008-12-30] (Meetinghouse Data Communications) S1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] () S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [121856 2003-07-11] (Intel Corporation) S4 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [140544 2003-04-28] (Promise Technology, Inc.) S3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] () S3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2015-07-29] (Malwarebytes Corporation) S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) R1 NvtSp50; C:\WINDOWS\System32\DRIVERS\NvtSp50.sys [22016 2008-06-10] (Printing Novatel Wireless Inc.) S3 NWDellModem; C:\WINDOWS\System32\DRIVERS\nwdelmdm.sys [166144 2007-11-02] (Novatel Wireless Inc.) S3 NWDellPort; C:\WINDOWS\System32\DRIVERS\nwdelser.sys [166144 2007-11-02] (Novatel Wireless Inc.) S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13568 2006-05-01] (Intel Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] () S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S4 Symmpi; C:\WINDOWS\System32\DRIVERS\symmpi.sys [93568 2006-05-11] (LSI Logic) S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2015-07-24] (BitDefender S.R.L.) S4 vmscsi; C:\WINDOWS\System32\drivers\vmscsi.sys [11029 2003-02-24] (VMware, Inc.) R3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1429632 2006-04-27] (Intel® Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 18:14 - 2015-07-29 18:15 - 00000000 ____D C:\FRST 2015-07-29 17:56 - 2015-07-29 17:56 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-07-29 17:56 - 2015-07-29 17:56 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-07-29 17:55 - 2015-07-29 17:56 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-07-29 17:55 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-07-29 17:55 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-07-28 14:02 - 2015-07-29 17:54 - 00000000 ____D C:\WINDOWS\LastGood 2015-07-25 16:52 - 2015-07-25 16:52 - 00002115 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt 2015-07-25 16:47 - 2015-07-16 13:35 - 01798288 _____ (Malwarebytes Corporation) C:\Documents and Settings\Administrator\Desktop\JRT.exe 2015-07-24 13:15 - 2015-07-24 13:15 - 00000458 _____ C:\WINDOWS\UPDLL.LOG 2015-07-24 13:06 - 2015-07-24 13:17 - 00000276 _____ C:\WINDOWS\general.log 2015-07-24 13:06 - 2015-07-24 13:06 - 00001302 _____ C:\WINDOWS\ESCAN.LOG 2015-07-24 13:05 - 2015-07-24 13:05 - 00343456 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys 2015-07-24 13:05 - 2015-07-24 13:05 - 00000799 _____ C:\Documents and Settings\Administrator\Desktop\MWAVSCAN.lnk 2015-07-24 13:05 - 2008-04-13 18:12 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\REGEDIT.COM 2015-07-24 13:05 - 2008-04-13 18:12 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\TASKMGR.COM 2015-07-24 12:13 - 2015-07-24 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2015-07-24 11:48 - 2015-07-24 12:52 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\mbar 2015-07-23 08:29 - 2015-07-24 04:59 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2015-07-22 11:44 - 2015-07-22 11:44 - 00024907 _____ C:\ComboFix.txt 2015-07-22 11:44 - 2015-07-22 11:44 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\temp 2015-07-22 11:36 - 2015-07-29 18:15 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp 2015-07-22 11:35 - 2015-07-22 11:36 - 00000234 _____ C:\Documents and Settings\Administrator\Desktop\catchme.log 2015-07-22 11:27 - 2015-07-22 11:44 - 00000000 ____D C:\Qoobox 2015-07-22 11:27 - 2015-07-22 11:44 - 00000000 ____D C:\ComboFix 2015-07-22 11:27 - 2015-07-22 11:27 - 00002272 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2015-07-22 10:52 - 2015-07-29 08:21 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2015-07-03 00:53 - 2015-07-03 00:53 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Dropbox 2015-07-03 00:50 - 2015-07-06 21:55 - 00001020 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500UA.job 2015-07-03 00:50 - 2015-07-04 00:55 - 00000968 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500Core.job 2015-07-03 00:50 - 2015-07-03 00:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox 2015-07-03 00:50 - 2015-07-03 00:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 17:55 - 2011-11-26 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-07-29 17:54 - 2013-11-25 17:21 - 01864900 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-29 17:54 - 2013-11-25 16:07 - 01429879 _____ C:\WINDOWS\setupapi.log 2015-07-29 17:50 - 2004-08-12 07:34 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-29 17:11 - 2006-07-28 11:17 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-07-29 16:25 - 2008-12-30 18:04 - 00124679 _____ C:\WINDOWS\system32\nvModes.001 2015-07-28 13:16 - 2012-03-26 20:06 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox 2015-07-28 13:16 - 2012-03-26 20:03 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox 2015-07-28 13:15 - 2010-06-30 13:48 - 00000358 _____ C:\WINDOWS\Brownie.ini 2015-07-24 13:17 - 2012-06-06 10:54 - 00000056 _____ C:\WINDOWS\Lic.xxx 2015-07-24 13:06 - 2004-08-12 07:33 - 00000996 _____ C:\WINDOWS\win.ini 2015-07-24 13:05 - 2012-06-06 10:54 - 00156392 _____ (MicroWorld Technologies Inc.) C:\WINDOWS\system32\eEmpty.exe 2015-07-22 11:39 - 2012-06-06 09:24 - 00000000 ____D C:\WINDOWS\ERDNT 2015-07-22 11:39 - 2004-08-12 07:30 - 00000243 _____ C:\WINDOWS\system.ini 2015-07-22 10:19 - 2008-12-30 18:04 - 00124679 _____ C:\WINDOWS\system32\nvModes.dat 2015-07-06 21:55 - 2013-11-27 11:04 - 00000438 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{4EECB58B-F8DB-43D6-A7A4-D997742066D4}.job 2015-07-06 21:51 - 2012-09-13 14:49 - 00001010 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500UA.job 2015-07-06 21:49 - 2014-05-09 08:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 21:20 - 2012-04-16 09:37 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat 2015-07-05 04:11 - 2010-07-27 17:12 - 00246952 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-07-04 03:02 - 2012-06-06 12:28 - 00032362 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-04 01:00 - 2013-11-27 11:00 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp 2015-07-03 23:51 - 2015-04-24 20:30 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2015-07-03 17:51 - 2012-09-13 14:49 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500Core.job 2015-07-03 07:49 - 2014-05-09 08:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-03 00:49 - 2006-07-28 04:04 - 00575366 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-03 00:44 - 2014-04-10 03:56 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-07-03 00:44 - 2006-07-28 11:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT ==================== Files in the root of some directories ======= 2013-11-25 08:45 - 2013-11-25 08:45 - 0000076 _____ () C:\Documents and Settings\Administrator\Application Data\mbam.context.scan 2012-06-06 12:08 - 2012-06-06 12:08 - 0000340 _____ () C:\Documents and Settings\Administrator\Application Data\SMRResults250.dat 2010-07-08 11:03 - 2015-04-04 23:38 - 0047034 _____ () C:\Documents and Settings\Administrator\Application Data\wklnhst.dat 2014-02-24 12:35 - 2014-02-24 12:35 - 0000895 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\temp\avcuf32.dll C:\Documents and Settings\Administrator\Local Settings\temp\avcuf64.dll C:\Documents and Settings\Administrator\Local Settings\temp\avxdisk.dll C:\Documents and Settings\Administrator\Local Settings\temp\bdc.exe C:\Documents and Settings\Administrator\Local Settings\temp\bdcore.dll C:\Documents and Settings\Administrator\Local Settings\temp\bdfltlib2k.dll C:\Documents and Settings\Administrator\Local Settings\temp\bdnimbus32.dll C:\Documents and Settings\Administrator\Local Settings\temp\bdnimbus64.dll C:\Documents and Settings\Administrator\Local Settings\temp\bdupdateservice.dll C:\Documents and Settings\Administrator\Local Settings\temp\DEVCON.EXE C:\Documents and Settings\Administrator\Local Settings\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr3uddt.dll C:\Documents and Settings\Administrator\Local Settings\temp\eEmpty.exe C:\Documents and Settings\Administrator\Local Settings\temp\encdec.dll C:\Documents and Settings\Administrator\Local Settings\temp\esupdate.exe C:\Documents and Settings\Administrator\Local Settings\temp\FSSync.dll C:\Documents and Settings\Administrator\Local Settings\temp\Getvlist.exe C:\Documents and Settings\Administrator\Local Settings\temp\ikave.dll C:\Documents and Settings\Administrator\Local Settings\temp\ipc.dll C:\Documents and Settings\Administrator\Local Settings\temp\kave.dll C:\Documents and Settings\Administrator\Local Settings\temp\kavvlg.dll C:\Documents and Settings\Administrator\Local Settings\temp\msvclnt.dll C:\Documents and Settings\Administrator\Local Settings\temp\msvl64.dll C:\Documents and Settings\Administrator\Local Settings\temp\msvlclnt.dll C:\Documents and Settings\Administrator\Local Settings\temp\mwavdwnl.exe C:\Documents and Settings\Administrator\Local Settings\temp\MWAVL.exe C:\Documents and Settings\Administrator\Local Settings\temp\mwavscan.exe C:\Documents and Settings\Administrator\Local Settings\temp\mwunzip.dll C:\Documents and Settings\Administrator\Local Settings\temp\prLoader.dll C:\Documents and Settings\Administrator\Local Settings\temp\red32.dll C:\Documents and Settings\Administrator\Local Settings\temp\Reload.exe C:\Documents and Settings\Administrator\Local Settings\temp\scan.dll C:\Documents and Settings\Administrator\Local Settings\temp\ScanningProcess.exe C:\Documents and Settings\Administrator\Local Settings\temp\setpriv.exe C:\Documents and Settings\Administrator\Local Settings\temp\test2.exe C:\Documents and Settings\Administrator\Local Settings\temp\trufos.dll C:\Documents and Settings\Administrator\Local Settings\temp\unregx.exe C:\Documents and Settings\Administrator\Local Settings\temp\UPDLL10.DLL C:\Documents and Settings\Administrator\Local Settings\temp\viewtcp.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-1063ece6.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-21051678.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-213217bf.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-2c7311ec.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-2d5d01dd.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-352de2a7.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-35e51bbb.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-41f0aa34.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-48974638.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-490a4b44.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4944b551.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4d51529d.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-54f8ee3d.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-599886cc.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-59af24ff.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-5a2dc789.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-64b69b94.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-697b79e7.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-6bde0b23.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-7a702c12.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-923218a.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-9a1d7419.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-a248d029.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-a2ee7486.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-b2ab8e5b.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-cd4df4d5.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-cd4e4f0d.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-d38c4e4b.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-da82c868.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-efad1175.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-f38698ab.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-f39a71e0.exe C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-f4205232.exe Some zero byte size files/folders: ========================== C:\Windows\logo_1.exe C:\Windows\RUNDL132.EXE C:\Windows\VDLL.DLL C:\Windows\System32\runouce.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2004-08-12 07:19] - [2008-04-13 18:12] - 1033728 ____A (Microsoft Corporation) 0x31323839363832336662393562666233646339623436626361656463393932332000200000 C:\WINDOWS\system32\winlogon.exe [2004-08-12 07:33] - [2008-04-13 18:12] - 0507904 ____A (Microsoft Corporation) 0x65643065663061313336646563383364663639663034313138383730303033652000200000 C:\WINDOWS\system32\svchost.exe [2004-08-12 07:30] - [2008-04-13 18:12] - 0014336 ____A (Microsoft Corporation) 0x32376336643033626364623863666562393662373136663364386265336531382000200000 C:\WINDOWS\system32\services.exe [2004-08-12 07:28] - [2009-02-06 05:11] - 0110592 ____A (Microsoft Corporation) 0x36356466353266356238623665396262643138333530353232356333373331352000200000 C:\WINDOWS\system32\User32.dll [2004-08-12 07:31] - [2008-04-13 18:12] - 0578560 ____A (Microsoft Corporation) 0x62323662313335666631623966363063393338386234613764313666363030622000200000 C:\WINDOWS\system32\userinit.exe [2004-08-12 07:31] - [2008-04-13 18:12] - 0026112 ____A (Microsoft Corporation) 0x61393361656531393238613964376365336531366432346563373338306638392000200000 C:\WINDOWS\system32\rpcss.dll [2004-08-12 07:27] - [2009-02-09 06:10] - 0401408 ____A (Microsoft Corporation) 0x36623237613563303364666239346234323435373339303635343331333232632000200000 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINDOWS\system32\Drivers\volsnap.sys [2004-08-12 07:32] - [2008-04-13 12:41] - 0052352 ____A (Microsoft Corporation) 0x34633866636235636335336161623731366438313037343066653539643032352000200000 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-07-2015 Ran by Administrator (2015-07-29 18:15:44) Running from E:\ Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3370010240-367182080-656701594-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-3370010240-367182080-656701594-1004 - Limited - Enabled) Guest (S-1-5-21-3370010240-367182080-656701594-501 - Limited - Enabled) HelpAssistant (S-1-5-21-3370010240-367182080-656701594-1003 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-3370010240-367182080-656701594-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3Dconnexion 3DxSoftware (HKLM\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: - ) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-3370010240-367182080-656701594-500\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface Service (HKLM\...\Akamai) (Version: - ) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ) Audacity 1.3.12 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Broadcom Gigabit Integrated Controller (HKLM\...\{B7F54262-AB66-44B3-88BF-9FC69941B643}) (Version: 8.22.11 - Broadcom Corporation) Brother HL-2170W (HKLM\...\{3E9DA286-A1CE-429D-BB4B-AD478751BEF9}) (Version: 1.00 - Brother) CCleaner (HKLM\...\CCleaner) (Version: 2.29 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Copyright Forms (HKLM\...\Copyright Forms) (Version: - ) CorelDRAW Graphics Suite X3 (HKLM\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation) Dell Mobile Broadband Card Utility (HKLM\...\{0EF62E36-F4DB-416E-A4B0-3980E08B0C50}) (Version: 2.09.01.024 - Novatel Wireless) Dell Resource CD (HKLM\...\{2764CA82-DFB9-4498-AF85-719340BF5305}) (Version: 1.00.0000 - Dell Inc.) Dell System Detect (HKU\S-1-5-21-3370010240-367182080-656701594-500\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell) dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-3370010240-367182080-656701594-500\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.) EN (Version: 13.0 - Corel Corporation) Hidden GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden HP Deskjet Printer Driver Software 9.0 (HKLM\...\{E0C18BB0-32CA-4679-B422-9B9FA825378F}) (Version: 9.0 - HP) Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - ) Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 10.1.1.4 - Intel Corporation) Intuit SiteBuilder (HKLM\...\Intuit SiteBuilder) (Version: - Intuit) Java 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - ) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) mCore (Version: 5.74.0000 - Intel Corporation) Hidden mDriver (Version: 5.74.0000 - Intel) Hidden mDrWiFi (Version: 5.74.0000 - Intel Corporation) Hidden mHlpDell (Version: 5.74.0000 - Intel) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) mIWA (Version: 5.74.0000 - Intel Corporation) Hidden mLogView (Version: 5.74.0000 - Intel Corporation) Hidden mMHouse (Version: 5.74.0000 - Intel Corporation) Hidden mPfMgr (Version: 5.74.0000 - Intel Corporation) Hidden mPfWiz (Version: 5.74.0000 - Intel Corporation) Hidden mProSafe (Version: 9.00.0000 - Intel) Hidden mSSO (Version: 5.74.0000 - Intel Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation) mWlsSafe (Version: 9.00.0000 - Intel) Hidden mWMI (Version: 5.74.0000 - Intel Corporation) Hidden mXML (Version: 5.74.0000 - Intel Corporation) Hidden mZConfig (Version: 5.74.0000 - Intel Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org) OZ776 SCR CardBus Windows Driver (HKLM\...\InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}) (Version: 0.0.0.1 - O2Micro International LTD.) OZ776 SCR CardBus Windows Driver (Version: 0.0.0.1 - O2Micro International LTD.) Hidden OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}) (Version: 1.1.4.202 - O2Micro) OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden Pdf995 (HKLM\...\Pdf995) (Version: - ) QuickBooks Pro 2000 (HKLM\...\QuickBooks 2000) (Version: - ) QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.11 - Dell Computer Corporation) RawShooter essentials 2005 (HKLM\...\RawShooter essentials 2005) (Version: 1.1.3 - Pixmantec) SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden TouchChip USB Driver 2.6 (Version: 2.6.0.0097 - UPEK Inc.) Hidden Update Manager (Version: 4.60 - Corel Corporation) Hidden WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.5\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.145\psu (the data entry has 15 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\psus (the data entry has 14 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.3\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.165\psu (the data entry has 15 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.26.9\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.25.11\psus (the data entry has 14 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.22.5\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.7\psuse (the data entry has 13 more characters). CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3370010240-367182080-656701594-500_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation) ==================== Restore Points ========================= Could not list restore points Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2004-08-12 07:19 - 2015-07-22 11:39 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3370010240-367182080-656701594-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x01050100A42C88BD4F0B5949AE61A05E4B3DC44746004E0100000000F0000100200000000014730F000000000013040050028021DF07070005000300170033001B00F4010000380063003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D000000140050006500720069006F0064006900630020007300630061006E0020007400610073006B002E000000000008000000000000000000010030000000DF07070003000000000000001700330000000000000000000000000002000000010020000000000000000000 Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{4EECB58B-F8DB-43D6-A7A4-D997742066D4}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\23720235.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\23720235.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR250 => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3370010240-367182080-656701594-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp DNS Servers: 192.168.1.1 - 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004 DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005 DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001 DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002 StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004 StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005 StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001 StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002 ==================== Faulty Device Manager Devices ============= Could not list Devices. Check "winmgmt" service or repair WMI. ==================== Event log errors: ========================= Application errors: ================== Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 05:54:28 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator. DETAIL - Access is denied. System errors: ============= Microsoft Office: ========================= Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 06:14:58 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 05:54:28 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. Error: (07/29/2015 05:54:26 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY) Description: Access is denied. ==================== Memory info =========================== Processor: Intel® Core2 CPU T7600 @ 2.33GHz Percentage of memory in use: 8% Total physical RAM: 3326.05 MB Available physical RAM: 3051.79 MB Total Virtual: 5214.41 MB Available Virtual: 5151.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:59.89 GB) NTFS ==>[drive with boot components (Windows XP)] Drive e: (MULTIBOOT) (Removable) (Total:59.58 GB) (Free:43.24 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3572F257) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 59.6 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=59.6 GB) - (Type=0C) ==================== End of log ============================
  7. Sure, I was just asking because I was scanning a PC where a bug was blocking malwarebytes from autoupdating.
  8. Well, sort of, yes. That file gives you database version 1893, which is pretty well out of date. I believe the latest database is something like 1979 or something like that. Basically the most recent manual update I can find thus far is too old. Anyone else know if there is a more recent manual update file?
  9. Any place to get the absolute newest manual definition update? I can't auto update and the manual update from this link is a bit out of date. On the flipside, if you do auto update is there a way to take the definitions from the updated PC to a non-updated machine?> Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.