Jump to content

LenD

Members
  • Posts

    14
  • Joined

  • Last visited

Everything posted by LenD

  1. Jurgen, I uninstalled Adobe Reader X and installed version XI. However, I had to disable Avira and Malwarebytes and install it very carefully to avoid installing several extra programs they wanted to add. I thought Adobe was trustworthy, but I'm not so sure after having to go through all that. I may look for an alternative PDF program when it needs to be updated. Activated Avira and Malwarebytes again, but I only have a couple of more days on my Malwarbytes trial edition. Thank you very much for your help. I'm very pleased. I plan making a donation to you, but it will have to wait until the end of the week when I have more funds. I will review the article you recommended. Thanks again! Sincerely, Len
  2. Will follow through with final instructions tomorrow (Saturday) night. Thanks.
  3. Wow! Shopop is gone. The only think I had noticed that I didn't like was that ads for items I had researched to purchase kept showing up on the sides of the screen when I went to websites. That's not a big problem, but it's annoying. I saw Shopop in the programs and looked it up, finding out it was malware. It would not let me delete it. I'm puzzled about how it was deleted since you instructed me not to set the scans to delete, but I'm very pleased. I haven't surfed enough to know if I still have the problem with ads, but I can let you know when I have time to use this computer more. What's odd is that neither Malwarebytes nor Avira even acknowleged there was a problem, let alone delete it. Anyway, I'm very grateful to you for helping me take care of this problem. THANK YOU!
  4. I think these are all the logs you asked for. If something is missing, let me know and I'll copy them again. I think I still have them all. Did not delete ESET Online Scanner. Thanks, Len # AdwCleaner v3.302 - Report created 31/07/2014 at 12:26:36 # Updated 30/07/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Len - LEN-PC # Running from : C:\Users\Len\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Users\Len\AppData\LocalLow\Smartbar Folder Deleted : C:\Users\Len\AppData\Roaming\Activeris Folder Deleted : C:\Users\Len\AppData\Roaming\Systweak Folder Deleted : C:\Users\Len\Documents\PC Health Kit File Deleted : C:\END File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Windows\System32\sasnative64.exe ***** [ Scheduled Tasks ] ***** Task Deleted : Advanced System Protector Task Deleted : Advanced System Protector_startup Task Deleted : RegClean Pro ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\systweak Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\systweak Key Deleted : [x64] HKLM\SOFTWARE\Conduit Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default\prefs.js ] ************************* AdwCleaner[R0].txt - [4008 octets] - [31/07/2014 12:24:49] AdwCleaner[s0].txt - [3899 octets] - [31/07/2014 12:26:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3959 octets] ########## =============================================================== C:\$Recycle.Bin\S-1-5-21-3474045823-2046608066-1645132966-1000\$R207XJ0.exe a variant of Win32/SpeedingUpMyPC.F application C:\$Recycle.Bin\S-1-5-21-3474045823-2046608066-1645132966-1000\$RD5ZKBW.exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application C:\$Recycle.Bin\S-1-5-21-3474045823-2046608066-1645132966-1000\$RKEWJ9V.exe Win32/MyPCBackup.A potentially unwanted application C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B1KJE2Z\Cloud_Backup_Setup805b[1].exe Win32/MyPCBackup.A potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B1KJE2Z\DesktopWeatherAlertsSetup[2].exe a variant of MSIL/Adware.StrongVault.A application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2B1KJE2Z\statisticsstub[1].exe Win32/Toolbar.Conduit potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\637P6K4O\AntiMalware-Installer[1].exe a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\637P6K4O\RegClean2[1].exe a variant of Win32/Reporter.A potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BTAVA1GC\checktbexist[1].exe Win32/Toolbar.Conduit.AF potentially unwanted application C:\Users\Len\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWDH5I5M\PCHealthKitUS1213c[1].exe a variant of Win32/SpeedingUpMyPC.F application ============================================================================== Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 Ran by Len (administrator) on LEN-PC on 31-07-2014 13:55:47 Running from C:\Users\Len\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3474045823-2046608066-1645132966-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3474045823-2046608066-1645132966-1000\...\Run: [Google Update] => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-06] (Google Inc.) Startup: C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36A1E7DFD501CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File SearchScopes: HKCU - {8DC4BC8A-F8A8-431E-AC67-09E572DC5309} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {D64FB57F-7D87-4B3A-B221-007902460FD3} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=sb&itbv=12.7.0.15&apn_uid=4CDCD027-AA6D-49C7-AE81-4559A0118CC4&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_8.0.7601.17514&doi=2013-12-26&trgb=IE&q={searchTerms}&psv= BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Len\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Len\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Len\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Len\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Facebook Phishing Protector - C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-01-14] FF Extension: YouTube High Definition - C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-25] (Avira Operations GmbH & Co. KG) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2010-12-16] (Broadcom Corporation) S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2010-12-10] (Broadcom Corporation) S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation) S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation) S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-09-12] (Intel® Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [77584 2011-09-12] (Intel® Corporation) S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed] S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 13:55 - 2014-07-31 13:56 - 00012292 _____ () C:\Users\Len\Desktop\FRST.txt 2014-07-31 12:39 - 2014-07-31 12:39 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-31 12:37 - 2014-07-31 12:37 - 02347384 _____ (ESET) C:\Users\Len\Desktop\esetsmartinstaller_enu.exe 2014-07-31 12:24 - 2014-07-31 12:26 - 00000000 ____D () C:\AdwCleaner 2014-07-31 12:22 - 2014-07-31 12:22 - 01361309 _____ () C:\Users\Len\Desktop\AdwCleaner.exe 2014-07-31 11:06 - 2014-07-31 11:06 - 00001275 _____ () C:\Users\Len\Desktop\Revo Uninstaller.lnk 2014-07-31 11:06 - 2014-07-31 11:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-07-31 11:04 - 2014-07-31 11:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Len\Downloads\revosetup.exe 2014-07-31 11:03 - 2014-07-31 13:55 - 00015606 _____ () C:\Users\Len\Documents\INSTRUCTIONS FOR REMOVING SHOPOP.odt 2014-07-30 23:25 - 2014-07-30 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-30 22:50 - 2014-07-30 22:50 - 00011148 _____ () C:\Users\Len\Documents\Signs of the Times Worksheet.odt 2014-07-30 22:14 - 2014-07-31 13:55 - 00000000 ____D () C:\FRST 2014-07-30 22:13 - 2014-07-30 22:13 - 02094080 _____ (Farbar) C:\Users\Len\Desktop\FRST64.exe 2014-07-22 07:06 - 2014-07-31 13:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-22 07:05 - 2014-07-22 07:05 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-22 07:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-22 07:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-22 07:04 - 2014-07-22 07:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Len\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Canneverbe Limited 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-21 22:15 - 2014-07-21 22:15 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-21 22:15 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 22:15 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 22:15 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 22:15 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 21:53 - 2014-07-21 21:53 - 00002473 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X7.lnk 2014-07-21 21:53 - 2014-07-21 21:53 - 00002097 _____ () C:\Users\Public\Desktop\Serif PagePlus X7.lnk 2014-07-21 21:51 - 2014-07-21 21:51 - 00000000 ____D () C:\Program Files\Serif 2014-07-08 15:42 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-08 15:42 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-08 15:42 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-08 15:42 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-08 15:42 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-08 15:42 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-08 15:42 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-08 15:42 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-08 15:42 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-08 15:42 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-08 15:42 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-08 15:42 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-08 15:42 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-08 15:42 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-08 15:42 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-08 15:42 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-08 15:42 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-08 15:42 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-08 15:42 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-08 15:42 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-08 15:42 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-08 15:42 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-08 15:42 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-08 15:42 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-08 15:42 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-08 15:42 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-08 15:42 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-08 15:42 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-08 15:42 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-08 15:42 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-08 15:42 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-08 15:42 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-08 15:42 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-08 15:42 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-08 15:42 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-08 15:42 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-08 15:42 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-08 15:42 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-08 15:42 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-08 15:42 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-08 15:41 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-08 15:41 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-08 15:41 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-08 15:41 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-08 15:41 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-08 15:41 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-08 15:41 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-08 15:41 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-08 15:41 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-08 15:41 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-08 15:41 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-08 15:41 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-08 15:41 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-08 15:41 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-08 15:41 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-08 15:41 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-08 15:41 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-08 15:41 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-08 15:41 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-08 15:41 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-08 15:41 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-08 15:41 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-08 15:41 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-08 15:41 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-08 15:41 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-08 15:41 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-08 15:41 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 13:11 - 2014-07-08 13:11 - 00013266 _____ () C:\Users\Len\Documents\I am not worthyWORDS.odt 2014-07-05 08:15 - 2014-07-05 08:15 - 00033706 _____ () C:\Users\Len\Documents\Hvnly Fthrs Cmpsnte Care.odt 2014-07-03 10:31 - 2014-07-03 10:31 - 01285312 _____ () C:\Windows\Minidump\070314-15568-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-31 13:56 - 2014-07-31 13:55 - 00012292 _____ () C:\Users\Len\Desktop\FRST.txt 2014-07-31 13:55 - 2014-07-31 11:03 - 00015606 _____ () C:\Users\Len\Documents\INSTRUCTIONS FOR REMOVING SHOPOP.odt 2014-07-31 13:55 - 2014-07-30 22:14 - 00000000 ____D () C:\FRST 2014-07-31 13:51 - 2013-12-25 11:57 - 01927342 _____ () C:\Windows\WindowsUpdate.log 2014-07-31 13:17 - 2014-07-22 07:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 13:11 - 2014-01-06 14:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA.job 2014-07-31 13:03 - 2014-01-22 23:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-31 13:00 - 2013-12-30 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-31 12:39 - 2014-07-31 12:39 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-31 12:37 - 2014-07-31 12:37 - 02347384 _____ (ESET) C:\Users\Len\Desktop\esetsmartinstaller_enu.exe 2014-07-31 12:36 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-31 12:36 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-31 12:33 - 2009-07-14 00:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-31 12:28 - 2014-01-22 23:34 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-31 12:28 - 2014-01-12 23:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-31 12:28 - 2010-11-20 22:47 - 00545320 _____ () C:\Windows\PFRO.log 2014-07-31 12:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-31 12:28 - 2009-07-13 23:51 - 00084241 _____ () C:\Windows\setupact.log 2014-07-31 12:26 - 2014-07-31 12:24 - 00000000 ____D () C:\AdwCleaner 2014-07-31 12:22 - 2014-07-31 12:22 - 01361309 _____ () C:\Users\Len\Desktop\AdwCleaner.exe 2014-07-31 12:16 - 2013-12-25 20:04 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Skype 2014-07-31 11:06 - 2014-07-31 11:06 - 00001275 _____ () C:\Users\Len\Desktop\Revo Uninstaller.lnk 2014-07-31 11:06 - 2014-07-31 11:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-07-31 11:04 - 2014-07-31 11:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Len\Downloads\revosetup.exe 2014-07-30 23:25 - 2014-07-30 23:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-30 22:50 - 2014-07-30 22:50 - 00011148 _____ () C:\Users\Len\Documents\Signs of the Times Worksheet.odt 2014-07-30 22:13 - 2014-07-30 22:13 - 02094080 _____ (Farbar) C:\Users\Len\Desktop\FRST64.exe 2014-07-30 18:43 - 2014-01-06 14:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core.job 2014-07-25 10:35 - 2013-12-25 19:55 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-22 07:05 - 2014-07-22 07:05 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-01-12 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-22 07:04 - 2014-07-22 07:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Len\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Canneverbe Limited 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-21 22:16 - 2013-12-25 20:14 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-21 22:15 - 2014-07-21 22:15 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-21 22:15 - 2013-12-25 20:14 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-21 22:01 - 2014-01-14 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications 2014-07-21 21:53 - 2014-07-21 21:53 - 00002473 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X7.lnk 2014-07-21 21:53 - 2014-07-21 21:53 - 00002097 _____ () C:\Users\Public\Desktop\Serif PagePlus X7.lnk 2014-07-21 21:51 - 2014-07-21 21:51 - 00000000 ____D () C:\Program Files\Serif 2014-07-11 03:02 - 2014-07-21 22:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-21 22:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-21 22:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-21 22:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-09 21:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-07-09 10:42 - 2009-07-13 23:45 - 00380736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 10:39 - 2014-05-07 10:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 10:39 - 2011-04-12 03:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 10:36 - 2014-01-05 12:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 10:35 - 2014-01-05 12:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 14:00 - 2013-12-30 10:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 14:00 - 2013-12-30 10:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 14:00 - 2012-08-06 21:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 13:11 - 2014-07-08 13:11 - 00013266 _____ () C:\Users\Len\Documents\I am not worthyWORDS.odt 2014-07-05 08:15 - 2014-07-05 08:15 - 00033706 _____ () C:\Users\Len\Documents\Hvnly Fthrs Cmpsnte Care.odt 2014-07-03 10:31 - 2014-07-03 10:31 - 01285312 _____ () C:\Windows\Minidump\070314-15568-01.dmp 2014-07-03 10:31 - 2014-01-26 01:05 - 400463186 _____ () C:\Windows\MEMORY.DMP 2014-07-03 10:31 - 2014-01-26 01:05 - 00000000 ____D () C:\Windows\Minidump 2014-07-03 10:14 - 2013-12-25 19:45 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-01 11:20 - 2014-06-07 07:43 - 00020638 _____ () C:\Users\Len\Documents\Psalm 91.odt Some content of TEMP: ==================== C:\Users\Len\AppData\Local\Temp\avgnt.exe C:\Users\Len\AppData\Local\Temp\ESDPK-PLX6-PagePlusStarterEdition_Setup.exe C:\Users\Len\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\PagePlus-X7-en-US_17.0.3.28_64-Bit_Patch-Setup.exe C:\Users\Len\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-30 18:31 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01 Ran by Len at 2014-07-31 13:56:18 Running from C:\Users\Len\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - ) Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.1.2101 - CDBurnerXP) DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare) Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Online Bible 12.30 (HKCU\...\OnlineBible) (Version: - ) Online Bible 12.30 (HKLM-x32\...\OnlineBible) (Version: - ) OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) PagePlusX7ContentDeclaration (x32 Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Serif PagePlus X7 (HKLM\...\{CB487BBA-A1AC-4B2B-80AC-DED349C897C5}) (Version: 17.0.3.28 - Serif (Europe) Ltd) Serif PagePlus: Business Card Template Pack 1 (HKLM-x32\...\{1A4C3669-BDFE-4EF0-9108-EAF07182F36B}) (Version: 1.0.1.042 - Serif (Europe) Ltd) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) TSP_CODEC (HKLM-x32\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe) Windows Driver Package - Intel (e1kexpress) Net (07/18/2013 12.10.13.0) (HKLM\...\52B10B9C4A14DB0B79EE3A99D479588E156E6B91) (Version: 07/18/2013 12.10.13.0 - Intel) Windows Driver Package - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\4E8444D3C5371AE0340E5EB738F0523B45ED574A) (Version: 10/05/2012 9.1.9.1002 - Intel) Windows Driver Package - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\5E9040CBF06133134873F64C0D152BEBA5F98677) (Version: 10/05/2012 9.1.9.1002 - Intel) Windows Driver Package - Intel USB (10/05/2012 9.1.9.1002) (HKLM\...\9CC78907F2F42CD5E7461BFD5BFB767F6C3FD4E1) (Version: 10/05/2012 9.1.9.1002 - Intel) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 16-07-2014 22:41:29 Scheduled Checkpoint 22-07-2014 02:50:56 Installed Serif PagePlus X7 22-07-2014 02:59:33 Removed Serif PagePlus X6 22-07-2014 03:15:03 Installed Java 7 Update 65 30-07-2014 23:59:59 Scheduled Checkpoint 31-07-2014 16:07:48 Revo Uninstaller's restore point - Shopop 31-07-2014 16:15:24 Revo Uninstaller's restore point - Shopop ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0FE332B4-956C-4678-8224-10AFE1ED737E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {35C485F7-0A8C-4071-920F-2AF9C13F6DA7} - System32\Tasks\{4C9F2F6A-99BB-4DF2-A994-4CEDA55C3128} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {40345B5C-ABC1-4F9E-AC68-E99672F705A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {5BE48E32-356F-43FF-B80C-AFB7C78D8380} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {6DFE5E15-01E7-4AC9-99EF-4C412E7D232C} - System32\Tasks\{A9E08B85-4713-48EA-A9FE-F98ED1BE238A} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {9626B02B-9AAC-4CD0-B5E0-75BD624CF065} - System32\Tasks\{320E405B-7F83-4598-819A-3D495526B1AD} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {B89605FF-5B8A-43A5-B46D-78CBFF652E38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: {F5D38836-637E-498B-AF64-5689BDF175D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core.job => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA.job => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2012-08-06 21:06 - 2010-03-05 01:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 2010-05-04 17:36 - 2010-05-04 17:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2010-03-24 23:51 - 2012-08-06 21:06 - 00166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2014-07-30 23:25 - 2014-07-30 23:25 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/31/2014 00:41:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:41:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:41:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:39:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:39:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:39:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:38:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:38:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/31/2014 00:29:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 00:28:34 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/30/2014 09:01:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (07/30/2014 06:31:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service. Error: (07/27/2014 02:22:37 PM) (Source: volsnap) (EventID: 67) (User: ) Description: The shadow copy of volume C: being created failed to install. Error: (07/26/2014 10:43:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (07/26/2014 10:43:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (07/25/2014 05:40:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (07/24/2014 04:25:56 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:22:39 PM on ‎7/‎23/‎2014 was unexpected. Error: (07/23/2014 06:54:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (07/22/2014 04:49:44 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:47:54 PM on ‎7/‎21/‎2014 was unexpected. Error: (07/20/2014 10:56:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (07/31/2014 00:41:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:41:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:41:57 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:39:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:39:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:39:02 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:38:45 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Desktop\esetsmartinstaller_enu.exe Error: (07/31/2014 00:38:31 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Len\Downloads\esetsmartinstaller_enu.exe Error: (07/31/2014 00:29:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 00:28:34 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 3991.21 MB Available physical RAM: 2261.74 MB Total Pagefile: 7980.61 MB Available Pagefile: 6032.69 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:232.69 GB) (Free:193.43 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2CBC5A4C) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  5. When attempting to uninstall Shopop with this program I get the same message I received when trying to use Windows uninstall option: "The feature you are trying to use is on a network resource that is unavailable." "Click OK to try again, or enter an alternate path to a folder containing the installation package "Installer.msi" in the box below." Box below: "Use Source:\users\Len\AppData\local\temp\" Clicking on OK results in a window with a similar message as those above. I clicked 'Next" and went through the rest of the process, as instructed. There were 4 files that were deleted. I'm including the Malwarebytes report, but it did not find anything. Neither did it find anything when I ran it prior to contacting you. Here is the report: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/31/2014 Scan Time: 11:18:28 AM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.31.05 Rootkit Database: v2014.07.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Len Scan Type: Threat Scan Result: Completed Objects Scanned: 284046 Time Elapsed: 7 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  6. I sent results of the scan. Did you receive it? I'm not seeing it here now, for some reason.
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 Ran by Len (administrator) on LEN-PC on 30-07-2014 22:20:48 Running from C:\Users\Len\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3474045823-2046608066-1645132966-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3474045823-2046608066-1645132966-1000\...\Run: [Google Update] => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-06] (Google Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found Startup: C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x36A1E7DFD501CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - {8DC4BC8A-F8A8-431E-AC67-09E572DC5309} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {D64FB57F-7D87-4B3A-B221-007902460FD3} URL = http://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=sb&itbv=12.7.0.15&apn_uid=4CDCD027-AA6D-49C7-AE81-4559A0118CC4&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_8.0.7601.17514&doi=2013-12-26&trgb=IE&q={searchTerms}&psv= BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Toolbar: HKLM-x32 - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No File Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Len\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Len\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Len\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Len\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: Facebook Phishing Protector - C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2014-01-14] FF Extension: YouTube High Definition - C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\msvnkxzm.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-03] (Avira Operations GmbH & Co. KG) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-25] (Avira Operations GmbH & Co. KG) S3 b06diag; C:\Windows\system32\drivers\bxdiaga.sys [88104 2010-12-16] (Broadcom Corporation) S3 BXOIS; C:\Windows\system32\drivers\bxois.sys [533544 2010-12-10] (Broadcom Corporation) S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2007-04-11] (Intel Corporation) S3 IAMTXPE; C:\Windows\system32\drivers\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation) S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [388368 2011-09-12] (Intel® Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [77584 2011-09-12] (Intel® Corporation) S3 ioatdma2; C:\Windows\System32\Drivers\qd260x64.sys [41168 2009-11-16] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed] S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-30 22:20 - 2014-07-30 22:21 - 00012800 _____ () C:\Users\Len\Desktop\FRST.txt 2014-07-30 22:14 - 2014-07-30 22:20 - 00000000 ____D () C:\FRST 2014-07-30 22:13 - 2014-07-30 22:13 - 02094080 _____ (Farbar) C:\Users\Len\Desktop\FRST64.exe 2014-07-22 07:06 - 2014-07-30 18:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-22 07:05 - 2014-07-22 07:05 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-22 07:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-22 07:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-22 07:04 - 2014-07-22 07:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Len\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Canneverbe Limited 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-21 22:15 - 2014-07-21 22:15 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-21 22:15 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-21 22:15 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-21 22:15 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-21 22:15 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-21 21:53 - 2014-07-21 21:53 - 00002473 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X7.lnk 2014-07-21 21:53 - 2014-07-21 21:53 - 00002097 _____ () C:\Users\Public\Desktop\Serif PagePlus X7.lnk 2014-07-21 21:51 - 2014-07-21 21:51 - 00000000 ____D () C:\Program Files\Serif 2014-07-08 15:42 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-08 15:42 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-08 15:42 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-08 15:42 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-08 15:42 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-08 15:42 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-08 15:42 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-08 15:42 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-08 15:42 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-08 15:42 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-08 15:42 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-08 15:42 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-08 15:42 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-08 15:42 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-08 15:42 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-08 15:42 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-08 15:42 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-08 15:42 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-08 15:42 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-08 15:42 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-08 15:42 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-08 15:42 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-08 15:42 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-08 15:42 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-08 15:42 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-08 15:42 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-08 15:42 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-08 15:42 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-08 15:42 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-08 15:42 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-08 15:42 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-08 15:42 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-08 15:42 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-08 15:42 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-08 15:42 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-08 15:42 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-08 15:42 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-08 15:42 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-08 15:42 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-08 15:42 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-08 15:42 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-08 15:42 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-08 15:41 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-08 15:41 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-08 15:41 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-08 15:41 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-08 15:41 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-08 15:41 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-08 15:41 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-08 15:41 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-08 15:41 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-08 15:41 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-08 15:41 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-08 15:41 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-08 15:41 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-08 15:41 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-08 15:41 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-08 15:41 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-08 15:41 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-08 15:41 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-08 15:41 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-08 15:41 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-08 15:41 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-08 15:41 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-08 15:41 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-08 15:41 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-08 15:41 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-08 15:41 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-08 15:41 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 13:11 - 2014-07-08 13:11 - 00013266 _____ () C:\Users\Len\Documents\I am not worthyWORDS.odt 2014-07-05 08:15 - 2014-07-05 08:15 - 00033706 _____ () C:\Users\Len\Documents\Hvnly Fthrs Cmpsnte Care.odt 2014-07-03 10:31 - 2014-07-03 10:31 - 01285312 _____ () C:\Windows\Minidump\070314-15568-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-30 22:21 - 2014-07-30 22:20 - 00012800 _____ () C:\Users\Len\Desktop\FRST.txt 2014-07-30 22:20 - 2014-07-30 22:14 - 00000000 ____D () C:\FRST 2014-07-30 22:13 - 2014-07-30 22:13 - 02094080 _____ (Farbar) C:\Users\Len\Desktop\FRST64.exe 2014-07-30 22:11 - 2014-01-06 14:28 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA.job 2014-07-30 22:04 - 2013-12-25 20:04 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Skype 2014-07-30 22:03 - 2014-01-22 23:34 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-30 22:00 - 2013-12-30 10:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-30 21:57 - 2013-12-25 11:57 - 01916592 _____ () C:\Windows\WindowsUpdate.log 2014-07-30 21:01 - 2009-07-13 23:51 - 00083849 _____ () C:\Windows\setupact.log 2014-07-30 18:46 - 2014-01-22 23:34 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-30 18:43 - 2014-01-06 14:28 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core.job 2014-07-30 18:31 - 2014-07-22 07:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-27 14:38 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-27 14:38 - 2009-07-13 23:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-25 10:35 - 2013-12-25 19:55 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-24 04:30 - 2009-07-14 00:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-24 04:26 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-24 04:25 - 2010-11-20 22:47 - 00545008 _____ () C:\Windows\PFRO.log 2014-07-22 07:19 - 2014-01-12 23:02 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Systweak 2014-07-22 07:05 - 2014-07-22 07:05 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-07-22 07:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-22 07:05 - 2014-01-12 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-22 07:04 - 2014-07-22 07:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Len\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\Users\Len\AppData\Roaming\Canneverbe Limited 2014-07-22 06:40 - 2014-07-22 06:40 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-21 22:16 - 2013-12-25 20:14 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-21 22:15 - 2014-07-21 22:15 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-21 22:15 - 2014-07-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-21 22:15 - 2013-12-25 20:14 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-21 22:01 - 2014-01-14 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif Applications 2014-07-21 21:53 - 2014-07-21 21:53 - 00002473 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serif PagePlus X7.lnk 2014-07-21 21:53 - 2014-07-21 21:53 - 00002097 _____ () C:\Users\Public\Desktop\Serif PagePlus X7.lnk 2014-07-21 21:51 - 2014-07-21 21:51 - 00000000 ____D () C:\Program Files\Serif 2014-07-11 03:02 - 2014-07-21 22:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-21 22:15 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-21 22:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-21 22:15 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-09 21:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-07-09 10:42 - 2009-07-13 23:45 - 00380736 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 10:39 - 2014-05-07 10:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 10:39 - 2011-04-12 03:28 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 10:36 - 2014-01-05 12:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 10:35 - 2014-01-05 12:06 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 14:00 - 2013-12-30 10:10 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 14:00 - 2013-12-30 10:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 14:00 - 2012-08-06 21:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 13:11 - 2014-07-08 13:11 - 00013266 _____ () C:\Users\Len\Documents\I am not worthyWORDS.odt 2014-07-05 08:15 - 2014-07-05 08:15 - 00033706 _____ () C:\Users\Len\Documents\Hvnly Fthrs Cmpsnte Care.odt 2014-07-03 10:31 - 2014-07-03 10:31 - 01285312 _____ () C:\Windows\Minidump\070314-15568-01.dmp 2014-07-03 10:31 - 2014-01-26 01:05 - 400463186 _____ () C:\Windows\MEMORY.DMP 2014-07-03 10:31 - 2014-01-26 01:05 - 00000000 ____D () C:\Windows\Minidump 2014-07-03 10:14 - 2013-12-25 19:45 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-01 11:20 - 2014-06-07 07:43 - 00020638 _____ () C:\Users\Len\Documents\Psalm 91.odt Some content of TEMP: ==================== C:\Users\Len\AppData\Local\Temp\avgnt.exe C:\Users\Len\AppData\Local\Temp\ESDPK-PLX6-PagePlusStarterEdition_Setup.exe C:\Users\Len\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Len\AppData\Local\Temp\PagePlus-X7-en-US_17.0.3.28_64-Bit_Patch-Setup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-30 18:31 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01 Ran by Len at 2014-07-30 22:21:18 Running from C:\Users\Len\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.) Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.) Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - ) Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - ) Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.1.2101 - CDBurnerXP) DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare) Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Online Bible 12.30 (HKCU\...\OnlineBible) (Version: - ) Online Bible 12.30 (HKLM-x32\...\OnlineBible) (Version: - ) OpenOffice.org 3.2 (HKLM-x32\...\{5A13987D-55F4-4271-A40E-76AC9B1B38FD}) (Version: 3.2.9502 - OpenOffice.org) PagePlusX7ContentDeclaration (x32 Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden Serif PagePlus X7 (HKLM\...\{CB487BBA-A1AC-4B2B-80AC-DED349C897C5}) (Version: 17.0.3.28 - Serif (Europe) Ltd) Serif PagePlus: Business Card Template Pack 1 (HKLM-x32\...\{1A4C3669-BDFE-4EF0-9108-EAF07182F36B}) (Version: 1.0.1.042 - Serif (Europe) Ltd) Shopop (HKLM-x32\...\{3DF474D5-1D41-43B5-BEA7-7E320542FD61}) (Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) TSP_CODEC (HKLM-x32\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe) Windows Driver Package - Intel (e1kexpress) Net (07/18/2013 12.10.13.0) (HKLM\...\52B10B9C4A14DB0B79EE3A99D479588E156E6B91) (Version: 07/18/2013 12.10.13.0 - Intel) Windows Driver Package - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\4E8444D3C5371AE0340E5EB738F0523B45ED574A) (Version: 10/05/2012 9.1.9.1002 - Intel) Windows Driver Package - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\5E9040CBF06133134873F64C0D152BEBA5F98677) (Version: 10/05/2012 9.1.9.1002 - Intel) Windows Driver Package - Intel USB (10/05/2012 9.1.9.1002) (HKLM\...\9CC78907F2F42CD5E7461BFD5BFB767F6C3FD4E1) (Version: 10/05/2012 9.1.9.1002 - Intel) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3474045823-2046608066-1645132966-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Len\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 16-07-2014 22:41:29 Scheduled Checkpoint 22-07-2014 02:50:56 Installed Serif PagePlus X7 22-07-2014 02:59:33 Removed Serif PagePlus X6 22-07-2014 03:15:03 Installed Java 7 Update 65 30-07-2014 23:59:59 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {073B8958-2FC8-481F-AADD-A2E503669390} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe <==== ATTENTION Task: {0FE332B4-956C-4678-8224-10AFE1ED737E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {35C485F7-0A8C-4071-920F-2AF9C13F6DA7} - System32\Tasks\{4C9F2F6A-99BB-4DF2-A994-4CEDA55C3128} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {40345B5C-ABC1-4F9E-AC68-E99672F705A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {406850E3-A4B7-469A-850D-DA8A421EEF07} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION Task: {5BE48E32-356F-43FF-B80C-AFB7C78D8380} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-22] (Google Inc.) Task: {6DFE5E15-01E7-4AC9-99EF-4C412E7D232C} - System32\Tasks\{A9E08B85-4713-48EA-A9FE-F98ED1BE238A} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {9626B02B-9AAC-4CD0-B5E0-75BD624CF065} - System32\Tasks\{320E405B-7F83-4598-819A-3D495526B1AD} => C:\Program Files (x86)\Bible\Olb.Exe [2013-12-19] (Online Bible) Task: {B89605FF-5B8A-43A5-B46D-78CBFF652E38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: {D63E5305-6D72-4050-885C-0C7576A56D52} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION Task: {F5D38836-637E-498B-AF64-5689BDF175D7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000Core.job => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474045823-2046608066-1645132966-1000UA.job => C:\Users\Len\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 21:06 - 2010-03-05 01:38 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll 2010-05-04 17:36 - 2010-05-04 17:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2010-03-24 23:51 - 2012-08-06 21:06 - 00166400 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2014-06-18 11:49 - 2014-06-18 11:49 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/27/2014 02:22:42 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{56dabeea-6dbf-11e3-9ed4-806e6f6e6963} - 0000000000000124,0x0053c008,00000000004FEBF0,0,0000000000377FD0,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired. . Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (07/24/2014 09:23:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/24/2014 09:23:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/24/2014 09:23:20 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 30.0.0.5269 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a2c Start Time: 01cfa74a5b437eef Termination Time: 16146 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: de619b07-133d-11e4-afba-00232405e9d0 Error: (07/24/2014 04:27:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2014 04:26:16 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/24/2014 04:26:16 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/23/2014 07:21:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/23/2014 07:21:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/22/2014 07:24:53 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (07/30/2014 09:01:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (07/30/2014 06:31:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UMVPFSrv service. Error: (07/27/2014 02:22:37 PM) (Source: volsnap) (EventID: 67) (User: ) Description: The shadow copy of volume C: being created failed to install. Error: (07/26/2014 10:43:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (07/26/2014 10:43:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (07/25/2014 05:40:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (07/24/2014 04:25:56 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:22:39 PM on ‎7/‎23/‎2014 was unexpected. Error: (07/23/2014 06:54:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. Error: (07/22/2014 04:49:44 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:47:54 PM on ‎7/‎21/‎2014 was unexpected. Error: (07/20/2014 10:56:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (07/27/2014 02:22:42 PM) (Source: VSS) (EventID: 12289) (User: ) Description: DeviceIoControl(\\?\Volume{56dabeea-6dbf-11e3-9ed4-806e6f6e6963} - 0000000000000124,0x0053c008,00000000004FEBF0,0,0000000000377FD0,4096,[0])0x80070079, The semaphore timeout period has expired. Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (07/24/2014 09:23:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/24/2014 09:23:39 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/24/2014 09:23:20 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe30.0.0.5269a2c01cfa74a5b437eef16146C:\Program Files (x86)\Mozilla Firefox\firefox.exede619b07-133d-11e4-afba-00232405e9d0 Error: (07/24/2014 04:27:30 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/24/2014 04:26:16 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/24/2014 04:26:16 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/23/2014 07:21:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/23/2014 07:21:14 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL Error: (07/22/2014 07:24:53 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 3991.21 MB Available physical RAM: 2168.95 MB Total Pagefile: 7980.61 MB Available Pagefile: 5501.66 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:232.69 GB) (Free:193.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 2CBC5A4C) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. Please help me remove shopop and associated files from my computer. Neither Avira nor Malwarebytes has helped me remove it, and it won't let me remove it from the Uninstall program.
  9. I restarted the pc. The first browser I tried to open just showed a blank browser w/o going anywhere. I had to use task manager to get it to close. The second browser attempt gave me the choice to restore previous session or open home page. When I had clicked on the restore session link before, it had opened up as many as 39 pages with the one click. Needless to say, I had to shut down the computer and start over when that happened. This time clicking on the restore button opened up the home page. I had set the system restore to off while following yours and Tom's instructions, but I just checked and it is turned back on. Perhaps that's as a result of the file you had me run to uninstall ComboFix. Do you think we took care of the problem? If so, can you tell me what the name of the virus was. I've seen a lot of Trojan's removed, but I'm not very knowledgeable about this stuff. Since I can't get McAfee to load anymore, can you please suggest what program(s) to use that will provide me some protection and keep this from happening again? Is AVG a good one? I am very appreciative for all of your help.
  10. OK, here's the CF log. ComboFix 09-04-13.A2 - Compaq_Administrator 2009-04-13 8:52.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.481 [GMT -5:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\Comix.exe Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . L:\autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_HNJFRTBU -------\Service_hnjfrtbu ((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))))) . 2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w c:\program files\Trend Micro 2009-04-12 21:35 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-12 21:35 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 01:21 . 2009-04-10 01:24 -------- d-----w C:\ComboFix 2009-04-08 23:17 . 2009-04-08 23:17 -------- d-----w c:\program files\Gadwin Systems 2009-04-02 21:13 . 2009-03-17 18:26 65320 ----a-w c:\windows\system32\sbbd.exe 2009-04-02 21:13 . 2008-10-22 22:08 92464 ----a-w c:\windows\system32\drivers\SBREDrv.sys 2009-04-02 21:12 . 2009-04-02 21:16 -------- d-----w C:\VIPRERESCUE 2009-04-02 16:01 . 2009-04-02 17:12 -------- d-----w c:\documents and settings\Compaq_Administrator\DoctorWeb 2009-04-01 02:26 . 2009-04-01 02:26 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes 2009-03-29 05:08 . 2009-03-29 05:10 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner 2009-03-29 05:08 . 2009-03-29 05:08 -------- d-----w c:\program files\Uniblue 2009-03-29 04:46 . 2009-03-29 04:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-29 04:46 . 2009-04-12 21:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-28 16:39 . 2009-03-28 16:39 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{8A4CC7C6-575E-4F23-9F1C-53E767FCCC3D} 2009-03-26 19:33 . 2009-03-26 19:33 25012 ----a-w c:\windows\system32\AAWService_2009_03_26_14_33_37.dmp 2009-03-26 17:00 . 2009-03-26 17:00 -------- d-sh--w c:\documents and settings\Compaq_Administrator\IECompatCache 2009-03-26 16:23 . 2009-03-26 16:23 -------- d-----w c:\program files\GetData 2009-03-26 16:13 . 2009-03-29 05:08 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Uniblue 2009-03-24 05:06 . 2009-04-13 06:19 -------- d--h--w C:\$AVG8.VAULT$ 2009-03-24 05:01 . 2009-03-24 05:01 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-24 05:01 . 2009-03-28 15:11 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-24 05:01 . 2009-03-24 05:01 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-24 05:01 . 2009-04-11 14:36 -------- d-----w c:\windows\system32\drivers\Avg 2009-03-24 05:01 . 2009-03-24 05:04 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\AVGTOOLBAR 2009-03-24 05:01 . 2009-03-30 16:21 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-24 05:01 . 2009-03-24 05:01 -------- d-----w c:\program files\AVG 2009-03-24 01:03 . 2009-03-24 01:03 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\bxokewmw 2009-03-24 01:03 . 2009-03-24 01:03 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\bxokewmw . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-13 13:58 . 2008-12-15 04:37 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\mjusbsp 2009-04-13 13:57 . 2009-01-30 16:44 14985 ----a-w C:\aaw7boot.log 2009-04-10 00:14 . 2008-03-28 10:52 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-09 03:14 . 2006-09-28 21:09 -------- d-----w c:\program files\SpywareBlaster 2009-04-08 03:17 . 2008-03-06 03:31 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups 2009-04-02 22:10 . 2006-10-01 16:00 -------- d-----w c:\program files\Bible 2009-04-02 20:37 . 2008-11-07 15:49 -------- d-----w c:\program files\Common Files\Motive 2009-03-29 04:16 . 2005-11-11 21:06 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-28 03:15 . 2005-11-11 21:16 -------- d-----w c:\program files\Common Files\Real 2009-03-26 13:05 . 2008-08-25 05:12 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\W Photo Studio 2009-03-10 02:55 . 2009-03-10 02:55 -------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer 2009-03-10 02:55 . 2009-03-10 02:55 -------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-03-09 17:31 . 2009-01-19 18:02 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-09 17:26 . 2009-01-19 18:16 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-02-22 04:27 . 2008-09-24 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-22 04:27 . 2008-09-24 15:09 -------- d-----w c:\program files\NOS 2009-02-16 22:30 . 2009-02-16 22:20 4480 ----a-w C:\stub.log 2009-02-16 22:00 . 2009-02-16 21:44 0 ----a-w C:\Log.txt 2009-02-16 21:44 . 2005-11-11 21:22 -------- d-----w c:\program files\Hewlett-Packard 2009-01-28 22:18 . 2008-12-15 03:56 70008 ----a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-23 00:38 . 2005-11-11 21:15 70008 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-15 08:17 . 2004-08-10 12:00 636264 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-01-15 08:17 . 2004-08-10 12:00 392040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-01-15 08:13 . 2004-08-10 12:00 5888512 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-15 08:06 . 2004-08-10 12:00 1182720 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-01-15 08:06 . 2004-08-10 12:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-01-15 08:06 . 2004-08-10 12:00 105984 ----a-w c:\windows\system32\dllcache\url.dll 2009-01-15 08:05 . 2004-08-10 12:00 911872 ----a-w c:\windows\system32\wininet.dll 2009-01-15 08:05 . 2004-08-10 12:00 911872 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-01-15 08:05 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-01-15 08:05 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-01-15 08:05 . 2004-08-10 12:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-01-15 08:05 . 2004-08-10 12:00 109056 ----a-w c:\windows\system32\dllcache\occache.dll 2009-01-15 08:04 . 2004-08-10 12:00 755200 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-01-15 08:04 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll 2009-01-15 08:04 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-01-15 08:04 . 2004-08-10 12:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-01-15 08:02 . 2004-08-10 12:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-01-15 08:01 . 2004-08-10 12:00 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll 2009-01-15 08:01 . 2004-08-10 12:00 34304 ----a-w c:\windows\system32\imgutil.dll 2009-01-15 08:01 . 2004-08-10 12:00 34304 ----a-w c:\windows\system32\dllcache\imgutil.dll 2009-01-15 08:01 . 2004-08-10 12:00 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll 2009-01-15 08:01 . 2004-08-10 12:00 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll 2009-01-15 08:01 . 2004-08-10 12:00 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll 2009-01-15 08:01 . 2004-08-10 12:00 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll 2009-01-15 08:00 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-15 08:00 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\dllcache\mshtmler.dll 2009-01-15 08:00 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-01-15 08:00 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\dllcache\mshta.exe 2009-01-15 07:53 . 2004-08-10 12:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-01-15 07:50 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-01-15 07:50 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll 2008-12-16 03:21 . 2008-12-16 03:21 61224 ----a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe 2008-12-01 08:59 . 2008-12-01 05:56 470 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat 2008-10-03 18:09 . 2008-09-14 16:33 159 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat 2008-06-27 11:41 . 2008-06-27 11:41 47360 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\pcouffin.sys 2008-03-06 16:06 . 2007-04-14 12:07 80376 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT 2006-11-15 02:04 . 2006-11-15 02:04 0 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat 2006-09-28 21:42 . 2008-12-15 03:56 143 ----a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat 2005-11-11 21:31 . 2008-09-14 16:33 45584 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2005-11-11 20:51 . 2005-11-11 20:51 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-12_ 9.54.44.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-12 21:35 . 2009-04-06 20:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys - 2009-03-29 04:46 . 2009-04-06 20:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys + 2009-04-12 21:35 . 2009-04-06 20:32 15504 c:\windows\system32\drivers\mbam.sys - 2009-03-29 04:46 . 2009-04-06 20:32 15504 c:\windows\system32\drivers\mbam.sys + 2009-04-13 13:56 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE - 2009-03-30 21:04 . 2005-10-21 01:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2008-10-01 02:40 192960 --------- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "cdloader"="c:\documents and settings\Compaq_Administrator\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "rfagent"="c:\program files\RFA\rfagent.exe" [2007-12-04 916800] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-24 1932568] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe] c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-11 36903] Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-01-20 339968] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-11-19 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-24 00:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= R2 0276491232348368mcinstcleanup;McAfee Application Installer Cleanup (0276491232348368); [x] R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-22 92464] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-24 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-28 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:21] 2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] 2009-03-15 c:\windows\Tasks\HPCeeSchedule.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 22:22] 2009-03-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2004-08-10 07:00] 2009-04-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = hxxp://weather.yahoo.com/forecast/USAR0066_f.html uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: trymedia.com . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-13 08:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(600) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(752) c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\AVG\AVG8\avgtray.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\windows\ehome\mcrdsvc.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\dllhost.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\wscntfy.exe c:\program files\DISC\DiscStreamHub.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe . ************************************************************************** . Completion time: 2009-04-13 9:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-13 14:05 ComboFix2.txt 2009-04-13 13:14 ComboFix3.txt 2009-04-12 14:55 ComboFix4.txt 2009-04-10 01:32 ComboFix5.txt 2009-04-13 13:52 Pre-Run: 151,403,728,896 bytes free Post-Run: 151,372,943,360 bytes free 263 --- E O F --- 2009-03-03 09:08
  11. ComboFix 09-04-13.A2 - Compaq_Administrator 2009-04-13 8:07.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.366 [GMT -5:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\Comix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . L:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 ))))))))))))))))))))))))))))))) . 2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w c:\program files\Trend Micro 2009-04-12 21:35 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-12 21:35 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-10 01:21 . 2009-04-10 01:24 -------- d-----w C:\ComboFix 2009-04-08 23:17 . 2009-04-08 23:17 -------- d-----w c:\program files\Gadwin Systems 2009-04-02 21:13 . 2009-03-17 18:26 65320 ----a-w c:\windows\system32\sbbd.exe 2009-04-02 21:13 . 2008-10-22 22:08 92464 ----a-w c:\windows\system32\drivers\SBREDrv.sys 2009-04-02 21:12 . 2009-04-02 21:16 -------- d-----w C:\VIPRERESCUE 2009-04-02 16:01 . 2009-04-02 17:12 -------- d-----w c:\documents and settings\Compaq_Administrator\DoctorWeb 2009-04-01 02:26 . 2009-04-01 02:26 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes 2009-03-29 05:08 . 2009-03-29 05:10 -------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner 2009-03-29 05:08 . 2009-03-29 05:08 -------- d-----w c:\program files\Uniblue 2009-03-29 04:46 . 2009-03-29 04:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-29 04:46 . 2009-04-12 21:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-28 16:39 . 2009-03-28 16:39 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{8A4CC7C6-575E-4F23-9F1C-53E767FCCC3D} 2009-03-26 19:33 . 2009-03-26 19:33 25012 ----a-w c:\windows\system32\AAWService_2009_03_26_14_33_37.dmp 2009-03-26 17:00 . 2009-03-26 17:00 -------- d-sh--w c:\documents and settings\Compaq_Administrator\IECompatCache 2009-03-26 16:23 . 2009-03-26 16:23 -------- d-----w c:\program files\GetData 2009-03-26 16:13 . 2009-03-29 05:08 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Uniblue 2009-03-24 05:06 . 2009-04-13 06:19 -------- d--h--w C:\$AVG8.VAULT$ 2009-03-24 05:01 . 2009-03-24 05:01 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-03-24 05:01 . 2009-03-28 15:11 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-24 05:01 . 2009-03-24 05:01 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-03-24 05:01 . 2009-04-11 14:36 -------- d-----w c:\windows\system32\drivers\Avg 2009-03-24 05:01 . 2009-03-24 05:04 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\AVGTOOLBAR 2009-03-24 05:01 . 2009-03-30 16:21 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-24 05:01 . 2009-03-24 05:01 -------- d-----w c:\program files\AVG 2009-03-24 01:03 . 2009-03-24 01:03 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\bxokewmw 2009-03-24 01:03 . 2009-03-24 01:03 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\bxokewmw . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-12 15:16 . 2008-12-15 04:37 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\mjusbsp 2009-04-10 00:14 . 2008-03-28 10:52 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-09 05:02 . 2009-01-30 16:44 14761 ----a-w C:\aaw7boot.log 2009-04-09 03:14 . 2006-09-28 21:09 -------- d-----w c:\program files\SpywareBlaster 2009-04-08 03:17 . 2008-03-06 03:31 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups 2009-04-02 22:10 . 2006-10-01 16:00 -------- d-----w c:\program files\Bible 2009-04-02 20:37 . 2008-11-07 15:49 -------- d-----w c:\program files\Common Files\Motive 2009-03-29 04:16 . 2005-11-11 21:06 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-28 03:15 . 2005-11-11 21:16 -------- d-----w c:\program files\Common Files\Real 2009-03-26 13:05 . 2008-08-25 05:12 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\W Photo Studio 2009-03-10 02:55 . 2009-03-10 02:55 -------- d-----w c:\program files\Yontoo Layers Client for Internet Explorer 2009-03-10 02:55 . 2009-03-10 02:55 -------- d-----w c:\documents and settings\All Users\Application Data\Tarma Installer 2009-03-09 17:31 . 2009-01-19 18:02 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-03-09 17:26 . 2009-01-19 18:16 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-02-22 04:27 . 2008-09-24 15:09 -------- d-----w c:\documents and settings\All Users\Application Data\NOS 2009-02-22 04:27 . 2008-09-24 15:09 -------- d-----w c:\program files\NOS 2009-02-16 22:30 . 2009-02-16 22:20 4480 ----a-w C:\stub.log 2009-02-16 22:00 . 2009-02-16 21:44 0 ----a-w C:\Log.txt 2009-02-16 21:44 . 2005-11-11 21:22 -------- d-----w c:\program files\Hewlett-Packard 2009-01-28 22:18 . 2008-12-15 03:56 70008 ----a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-23 00:38 . 2005-11-11 21:15 70008 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-01-15 08:17 . 2004-08-10 12:00 636264 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-01-15 08:17 . 2004-08-10 12:00 392040 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-01-15 08:13 . 2004-08-10 12:00 5888512 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-01-15 08:06 . 2004-08-10 12:00 1182720 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-01-15 08:06 . 2004-08-10 12:00 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-01-15 08:06 . 2004-08-10 12:00 105984 ----a-w c:\windows\system32\dllcache\url.dll 2009-01-15 08:05 . 2004-08-10 12:00 911872 ----a-w c:\windows\system32\wininet.dll 2009-01-15 08:05 . 2004-08-10 12:00 911872 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-01-15 08:05 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-01-15 08:05 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-01-15 08:05 . 2004-08-10 12:00 193536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-01-15 08:05 . 2004-08-10 12:00 109056 ----a-w c:\windows\system32\dllcache\occache.dll 2009-01-15 08:04 . 2004-08-10 12:00 755200 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-01-15 08:04 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\dllcache\corpol.dll 2009-01-15 08:04 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-01-15 08:04 . 2004-08-10 12:00 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-01-15 08:02 . 2004-08-10 12:00 611840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-01-15 08:01 . 2004-08-10 12:00 183808 ----a-w c:\windows\system32\dllcache\iepeers.dll 2009-01-15 08:01 . 2004-08-10 12:00 34304 ----a-w c:\windows\system32\imgutil.dll 2009-01-15 08:01 . 2004-08-10 12:00 34304 ----a-w c:\windows\system32\dllcache\imgutil.dll 2009-01-15 08:01 . 2004-08-10 12:00 348160 ----a-w c:\windows\system32\dllcache\dxtmsft.dll 2009-01-15 08:01 . 2004-08-10 12:00 46592 ----a-w c:\windows\system32\dllcache\pngfilt.dll 2009-01-15 08:01 . 2004-08-10 12:00 216064 ----a-w c:\windows\system32\dllcache\dxtrans.dll 2009-01-15 08:01 . 2004-08-10 12:00 66560 ----a-w c:\windows\system32\dllcache\mshtmled.dll 2009-01-15 08:00 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-15 08:00 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\dllcache\mshtmler.dll 2009-01-15 08:00 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-01-15 08:00 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\dllcache\mshta.exe 2009-01-15 07:53 . 2004-08-10 12:00 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-01-15 07:50 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-01-15 07:50 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll 2008-12-16 03:21 . 2008-12-16 03:21 61224 ----a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe 2008-12-01 08:59 . 2008-12-01 05:56 470 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat 2008-10-03 18:09 . 2008-09-14 16:33 159 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat 2008-06-27 11:41 . 2008-06-27 11:41 47360 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\pcouffin.sys 2008-03-06 16:06 . 2007-04-14 12:07 80376 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT 2006-11-15 02:04 . 2006-11-15 02:04 0 ----a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat 2006-09-28 21:42 . 2008-12-15 03:56 143 ----a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat 2005-11-11 21:31 . 2008-09-14 16:33 45584 ----a-w c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2005-11-11 20:51 . 2005-11-11 20:51 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-12_ 9.54.44.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-04-12 21:35 . 2009-04-06 20:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys - 2009-03-29 04:46 . 2009-04-06 20:32 38496 c:\windows\system32\drivers\mbamswissarmy.sys + 2009-04-12 21:35 . 2009-04-06 20:32 15504 c:\windows\system32\drivers\mbam.sys - 2009-03-29 04:46 . 2009-04-06 20:32 15504 c:\windows\system32\drivers\mbam.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2008-10-01 02:40 192960 --------- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "cdloader"="c:\documents and settings\Compaq_Administrator\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864] "DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "rfagent"="c:\program files\RFA\rfagent.exe" [2007-12-04 916800] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-24 1932568] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe] c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\documents and settings\Compaq_Administrator.YOUR-55E5F9E3D2\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-11 36903] Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-01-20 339968] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-11-19 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-24 00:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Yahoo! Games\\Puzzle Express\\PuzzleExpress.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\mjusbsp\\magicJack.exe"= R2 0276491232348368mcinstcleanup;McAfee Application Installer Cleanup (0276491232348368); [x] R2 hnjfrtbu;Remote Access Auto Connection Monitor;c:\windows\System32\svchost.exe [2004-08-10 14336] R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-22 92464] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-24 325640] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-28 108552] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs hnjfrtbu [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:21] 2009-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-04-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] 2009-03-15 c:\windows\Tasks\HPCeeSchedule.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 22:22] 2009-03-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2004-08-10 07:00] 2009-04-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm uStart Page = hxxp://weather.yahoo.com/forecast/USAR0066_f.html uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: trymedia.com . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-13 08:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(616) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-13 8:14 ComboFix-quarantined-files.txt 2009-04-13 13:13 ComboFix2.txt 2009-04-12 14:55 ComboFix3.txt 2009-04-10 01:32 ComboFix4.txt 2009-03-30 21:12 ComboFix5.txt 2009-04-13 13:06 Pre-Run: 151,394,680,832 bytes free Post-Run: 151,455,719,424 bytes free 232 --- E O F --- 2009-03-03 09:08
  12. Here are the logs you requested. MBAM didn't find anything this time, but I can tell it's still there. mbam_log_2009_04_12__16_39_55_.txt hijackthis4.12.09.txt mbam_log_2009_04_12__16_39_55_.txt hijackthis4.12.09.txt
  13. Tom sent this message by email: Tom Mercado, Apr 10 00:57: I can see more malware files in the CF log. Lets try and clean them up so at least the machine won't get any worse. Please open Notepad then copy & paste all the following text below that is between the dashed lines, but excluding those lines: -------------------------- File:: c:\windows\unonamanewohisiq.dll c:\windows\exogevusukase.dll c:\windows\ahimelum.dll c:\windows\Iyezisunog.dat -------------------------- Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe, on the desktop Drag the .txt file that is located on your desktop into the combofix icon on your desktop as displayed in the link below: http://www.malwarebytes.org/forums/index.p...ost&p=41516 This will start ComboFix again. After reboot, (in case it asks to reboot), **attach** the contents of Combofix.txt in your next reply No reboot requested. The file is attached. I'll wait for further instructions about what to do next. CFlog4.12.09.txt CFlog4.12.09.txt
  14. I've been working with Tom Mercado on trying to clean my computer. He has the history in an email chain, if you need to see it. I've always used McAfee to protect my computers, but I've had to run the recover mode on this desktop a few times. After the last time, Norton Antivirus tried to run. It had been installed prior to my purchasing the computer. I tried to delete that program and used the Add/Remove Programs to do it instead of running the Uninstall program that was probably with it. Since then, McAfee won't load. I've tried running all the uninstall files that seem appropriate on the Norton site, but they don't do any good. I should have continued searching for another antivirus program, but didn't. So now I have a very persistent malware infection that has nearly disabled my computer at times. Tom has patiently guided me through the use of several programs to try to clean things up. Nearly all have found and removed various Trojan viruses, but none have removed them for good. The browser is very slow to start, and sometimes I have to close the first or second browser using task manager, before I get one that will respond right. I usually have to click on the home page link to get it to start right. Most recently, I had a new problem with pop up pages. Tom suggested I run ComboFix and send him the log along with snapshots of the 2 reg3dit files. Running ComboFix stopped the pop-up problem. When I tried to send the log and the snapshots to Tom by email a few days ago, they wouldn't load. The snapshots are too big to send here, but I am sending the ComboFix log. I have not followed the instructions from the "I'm infected - What do I do now?, Please follow these instructions to clean your system" file, yet, but I will do that when I finish here. It may take a while since the virus program sometimes takes a few hours, but I'll get back with you ASAP. I would appreciate help eradicating the virus' from my pc. BTW, I do have Spyware Blaster, and I use AdAware. I have also installed AVG free, but they have all been disabled except for Spyware Blaster. I had that one disabled, but seemed to be getting new infections, so I enabled it again. Thanks, Len combofixlog4.9.09.txt combofixlog4.9.09.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.