Jump to content

srrsue

Honorary Members
 View Profile  See their activity

  • Posts

    40

  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

2,316 profile views
  1. srrsue
    Hi Gringo..thanks for getting back to me..I was worried about you....I thank you for your concern for my well being and I appreciate all you have tried to do for me...I ran the HitmanPro as you directed, and NO THREATS were found...here is the log you asked me to forward to you: HitmanPro 3.7.6.201 www.hitmanpro.com Computer name . . . . : USER-PC Windows . . . . . . . : 6.0.2.6002.X86/1 User name . . . . . . : user-PC\Ed and Sue UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-06-04 14:45:53 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 19s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 1,612,688 Files scanned . . . . : 14,447 Remnants scanned . . : 257,441 files / 1,340,800 keys I guess that since you cannot determine any other tests or procedures to try on my PC...I will just have to remain vigilent from this point on. I got a pop up from NORTON INTERNET SECURITY AND NORTON UTILITIES telling me that there was a "conflict" with my having downloaded Malwarebytes Anti Malware to my PC and that it was interfering with my Norton programs....IS THIS TRUE ? Is there some way for me to go into Norton and indicate that I still want to keep MALEWAREBYTES Anti Malware as an exception so I don't keep getting this pop up warning...so please let me know what to do. I also wanted to advise you that YOU HAD ME REMOVE my Microsoft Silverlight...do I need this and should I download again ? I look forward to your next instruction advising me how to remove all the superfluous tests and logs and other stuff that is on my desktop now...and then I think I can safely close this case, and will remain vigilant for any other indications of a malware problem. thanks again for your help and let me know if you are done with all you can do for me and my PC. srrsue tuesday June 4, 2013 at 3:03 pm edst
  2. srrsue
    Hi Gringo: I did the two tests you told me to....above...and I hope the LOGS I sent to you got to you OK...please let me know what you want me to do next...thanks, srrsue monday June 3, 2013 at 11:25 am edst
  3. srrsue
    Hi Gringo..I did the two tests....and had a hard time finding the tds killer text...could not copy it for some reason...so I made it an attachment...hopefully I did it correctly....still getting the WERMGR.EXE pop up telling of incredibly large CPU percentage usage....still no IMPORTANT UPDATES...and three OPTIONAL...but it says UPDATES date of installation was: NEVER...I hope the last update worked...still showing 51 earlier this week and 62 updates last week..please let me know what you want me to do next and if I properly forwaded you the two logs...thanks, srrsue sat. 6/1/2013 at 3:28 pm edst
  4. srrsue
    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Ed and Sue [Admin rights] Mode : Scan -- Date : 06/01/2013 14:50:39 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x8249A7B3 -> HOOKED (Unknown @ 0x875BFB28) SSDT[14] : NtAlertThread @ 0x82413357 -> HOOKED (Unknown @ 0x87A69810) SSDT[18] : NtAllocateVirtualMemory @ 0x8244F6AD -> HOOKED (Unknown @ 0x87326748) SSDT[21] : NtAlpcConnectPort @ 0x823F18A1 -> HOOKED (Unknown @ 0x872276C0) SSDT[42] : NtAssignProcessToJobObject @ 0x823C4B32 -> HOOKED (Unknown @ 0x871FDC88) SSDT[67] : NtCreateMutant @ 0x824279A3 -> HOOKED (Unknown @ 0x875BF898) SSDT[77] : NtCreateSymbolicLinkObject @ 0x823C7349 -> HOOKED (Unknown @ 0x871FD9A8) SSDT[78] : NtCreateThread @ 0x82498DC8 -> HOOKED (Unknown @ 0x871EFCD0) SSDT[116] : NtDebugActiveProcess @ 0x8246BF04 -> HOOKED (Unknown @ 0x871FDD68) SSDT[129] : NtDuplicateObject @ 0x823FF581 -> HOOKED (Unknown @ 0x871FF958) SSDT[147] : NtFreeVirtualMemory @ 0x8228BF6D -> HOOKED (Unknown @ 0x8733C760) SSDT[156] : NtImpersonateAnonymousToken @ 0x823C1F3F -> HOOKED (Unknown @ 0x875BF988) SSDT[158] : NtImpersonateThread @ 0x823D7584 -> HOOKED (Unknown @ 0x875BFA68) SSDT[165] : NtLoadDriver @ 0x82372E12 -> HOOKED (Unknown @ 0x87227648) SSDT[177] : NtMapViewOfSection @ 0x8241799C -> HOOKED (Unknown @ 0x8733C680) SSDT[184] : NtOpenEvent @ 0x82400DFF -> HOOKED (Unknown @ 0x875BF7B8) SSDT[194] : NtOpenProcess @ 0x8242813F -> HOOKED (Unknown @ 0x871FFB18) SSDT[195] : NtOpenProcessToken @ 0x82408A60 -> HOOKED (Unknown @ 0x87326838) SSDT[197] : NtOpenSection @ 0x82418794 -> HOOKED (Unknown @ 0x871FDF90) SSDT[201] : NtOpenThread @ 0x8242363B -> HOOKED (Unknown @ 0x871FFA48) SSDT[210] : NtProtectVirtualMemory @ 0x824213F2 -> HOOKED (Unknown @ 0x871FDB98) SSDT[282] : NtResumeThread @ 0x82422C5A -> HOOKED (Unknown @ 0x87A698F0) SSDT[289] : NtSetContextThread @ 0x8249A25F -> HOOKED (Unknown @ 0x87A69B70) SSDT[305] : NtSetInformationProcess @ 0x8241B9EE -> HOOKED (Unknown @ 0x8733C4B0) SSDT[317] : NtSetSystemInformation @ 0x823EDF18 -> HOOKED (Unknown @ 0x871FDE48) SSDT[330] : NtSuspendProcess @ 0x8249A6EF -> HOOKED (Unknown @ 0x875BF6D8) SSDT[331] : NtSuspendThread @ 0x823A1945 -> HOOKED (Unknown @ 0x87A699D0) SSDT[334] : NtTerminateProcess @ 0x823F8173 -> HOOKED (Unknown @ 0x87892A88) SSDT[335] : unknown @ 0x82423670 -> HOOKED (Unknown @ 0x87A69AB0) SSDT[348] : NtUnmapViewOfSection @ 0x82417C5F -> HOOKED (Unknown @ 0x8733C5A0) SSDT[358] : NtWriteVirtualMemory @ 0x82414A2F -> HOOKED (Unknown @ 0x873265F0) SSDT[382] : NtCreateThreadEx @ 0x82423125 -> HOOKED (Unknown @ 0x871FDA98) S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x879963C8) S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87996178) S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x860CC008) S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87996238) S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x879962F8) S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x860CCD98) S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x860CCF38) S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x860CCE68) S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87996488) S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x860CD0B0) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHW2100BH SCSI Disk Device +++++ --- User --- [MBR] 24a368cb553d0ec665700378ea03d378 [bSP] b0a88c521aef1cc617df01bd07dad68d : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 89071 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 182418075 | Size: 6322 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_06012013_02d1450.txt >> RKreport[1]_S_06012013_02d1450.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Ed and Sue [Admin rights] Mode : Remove -- Date : 06/01/2013 14:52:08 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[13] : NtAlertResumeThread @ 0x8249A7B3 -> HOOKED (Unknown @ 0x875BFB28) SSDT[14] : NtAlertThread @ 0x82413357 -> HOOKED (Unknown @ 0x87A69810) SSDT[18] : NtAllocateVirtualMemory @ 0x8244F6AD -> HOOKED (Unknown @ 0x87326748) SSDT[21] : NtAlpcConnectPort @ 0x823F18A1 -> HOOKED (Unknown @ 0x872276C0) SSDT[42] : NtAssignProcessToJobObject @ 0x823C4B32 -> HOOKED (Unknown @ 0x871FDC88) SSDT[67] : NtCreateMutant @ 0x824279A3 -> HOOKED (Unknown @ 0x875BF898) SSDT[77] : NtCreateSymbolicLinkObject @ 0x823C7349 -> HOOKED (Unknown @ 0x871FD9A8) SSDT[78] : NtCreateThread @ 0x82498DC8 -> HOOKED (Unknown @ 0x871EFCD0) SSDT[116] : NtDebugActiveProcess @ 0x8246BF04 -> HOOKED (Unknown @ 0x871FDD68) SSDT[129] : NtDuplicateObject @ 0x823FF581 -> HOOKED (Unknown @ 0x871FF958) SSDT[147] : NtFreeVirtualMemory @ 0x8228BF6D -> HOOKED (Unknown @ 0x8733C760) SSDT[156] : NtImpersonateAnonymousToken @ 0x823C1F3F -> HOOKED (Unknown @ 0x875BF988) SSDT[158] : NtImpersonateThread @ 0x823D7584 -> HOOKED (Unknown @ 0x875BFA68) SSDT[165] : NtLoadDriver @ 0x82372E12 -> HOOKED (Unknown @ 0x87227648) SSDT[177] : NtMapViewOfSection @ 0x8241799C -> HOOKED (Unknown @ 0x8733C680) SSDT[184] : NtOpenEvent @ 0x82400DFF -> HOOKED (Unknown @ 0x875BF7B8) SSDT[194] : NtOpenProcess @ 0x8242813F -> HOOKED (Unknown @ 0x871FFB18) SSDT[195] : NtOpenProcessToken @ 0x82408A60 -> HOOKED (Unknown @ 0x87326838) SSDT[197] : NtOpenSection @ 0x82418794 -> HOOKED (Unknown @ 0x871FDF90) SSDT[201] : NtOpenThread @ 0x8242363B -> HOOKED (Unknown @ 0x871FFA48) SSDT[210] : NtProtectVirtualMemory @ 0x824213F2 -> HOOKED (Unknown @ 0x871FDB98) SSDT[282] : NtResumeThread @ 0x82422C5A -> HOOKED (Unknown @ 0x87A698F0) SSDT[289] : NtSetContextThread @ 0x8249A25F -> HOOKED (Unknown @ 0x87A69B70) SSDT[305] : NtSetInformationProcess @ 0x8241B9EE -> HOOKED (Unknown @ 0x8733C4B0) SSDT[317] : NtSetSystemInformation @ 0x823EDF18 -> HOOKED (Unknown @ 0x871FDE48) SSDT[330] : NtSuspendProcess @ 0x8249A6EF -> HOOKED (Unknown @ 0x875BF6D8) SSDT[331] : NtSuspendThread @ 0x823A1945 -> HOOKED (Unknown @ 0x87A699D0) SSDT[334] : NtTerminateProcess @ 0x823F8173 -> HOOKED (Unknown @ 0x87892A88) SSDT[335] : unknown @ 0x82423670 -> HOOKED (Unknown @ 0x87A69AB0) SSDT[348] : NtUnmapViewOfSection @ 0x82417C5F -> HOOKED (Unknown @ 0x8733C5A0) SSDT[358] : NtWriteVirtualMemory @ 0x82414A2F -> HOOKED (Unknown @ 0x873265F0) SSDT[382] : NtCreateThreadEx @ 0x82423125 -> HOOKED (Unknown @ 0x871FDA98) S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x879963C8) S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87996178) S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x860CC008) S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x87996238) S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x879962F8) S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x860CCD98) S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x860CCF38) S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x860CCE68) S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87996488) S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x860CD0B0) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: FUJITSU MHW2100BH SCSI Disk Device +++++ --- User --- [MBR] 24a368cb553d0ec665700378ea03d378 [bSP] b0a88c521aef1cc617df01bd07dad68d : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 89071 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 182418075 | Size: 6322 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_06012013_02d1452.txt >> RKreport[1]_S_06012013_02d1450.txt ; RKreport[2]_D_06012013_02d1452.txt TDSSKiller.2.8.16.0_01.06.2013_12.47.49_log.txt RKreport2_D_06012013_02d1452.txt RKreport1_S_06012013_02d1450.txt
  5. srrsue
    Hi Gringo - nothing has changed today from what I said above and still only 3 optional updates available......there are a lot of different "tools" on my desktop that you have had me use over the last few weeks. As I stated many days ago.....I need to know how to SAFELY remove all these tools, and which ones are safe to keep. I am STILL getting that microsoft safety pop up telling me my CPU usage is high by wemgr.exe....so I need to know YOUR decision on this annoying pop up and what yu want me to do to remove any of the TOOLS ...thanks, srrsue thursday may 30, 2013 at 8:25 pm edst
  6. srrsue
    Hi Gringo...I did what you said above. I rebooted and try to do a MS update. IT SEEMS TO HAVE WORKED. I got a message advising there were NO important updates and 3 Optional. I looked at the INSTALLED UPDATES and it said 51 were updated yesterday, 5/28/13 and 61 were updated LAST WEEK with the last of that bunch on 5/25/2013. A FEW TIMES today I keep getting a POP UP that says in MANY instances, 63 to 100% of my CPU's are being "used" by something called: wermgr.exe....and it seems my PC gets really SLOW even trying to go to my Yahoo home page, right after that pop up comes on. It seems to pop up every 30 to 45 minutes...in spite of what ever i am doing. Is this good, or is there something YOU can suggest to fix it or get rid of it ? Since it uses 63 to 100% of my CPU's...this I have seen in the last 7 pop ups....is this a good thing to be happening and is it the cause of my PC acting lethargic ?? I await your next instruction, and I am keeping my fingers crossed that this latest fix holds and my MS Updates work as well as they have today. Thanks for your help and reply what you want me to do next. srrsue wednesday may 29, 2013 at 3:18 pm edst
  7. srrsue
    Hi Gringo.....I ran CCleaner and Malewarebytes and rebooted and tried MS updates AGAIN..and it is now 6 1/2 hours later and still caught in a loop...so I await to hear what YOU suggest I do next....thanks, srrsue tuesday may 28, 2013 at 4:28 pm edst
  8. srrsue
    Hi Gringo...I did the REPAIR as instructed..and TRIED to run microsoft updates...but it is now over an hour and still it just keeps TRYING to even list the updates...but I am caught in that miserable loop. what do you suggest I do next ? thanks, srrsue tuesday may 28, 2013 at 10:19 am edst
  9. srrsue
    Hi Gringo...I ran the FARBAR RECOVERY SCAN TOOL....I saved it to my desktop...and THEN...when it first began to run...an ERROR note popped up: FILE NOT FOUND: c:\windows\ERTDNT.E_F. This filoe is part of the restoration program ERDNT. Without this fiter restoration of the registry can only be done manually, by using another OS to copy back the files....Then the tool ran, and here are the TWO resulting logs: lScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2013 Ran by Ed and Sue (administrator) on 27-05-2013 23:45:11 Running from C:\Users\Ed and Sue\Desktop Windows Vista Home Basic Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe ( ) C:\Windows\system32\lxcycoms.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (COMPANYVERS_NAME) C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe (Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe () C:\Program Files\Lexmark 3400 Series\lxcymon.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Symantec Corporation) C:\Program Files\Norton Utilities 14\nu.exe (Farbar) C:\Users\Ed and Sue\Desktop\FRST.exe (Farbar) C:\Users\Ed and Sue\Desktop\FRST.exe (Microsoft Corporation) C:\Windows\system32\cmd.exe () C:\Windows\ERUNT.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317152 2006-10-18] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [291496 2009-05-01] () HKLM\...\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 [106496 2006-11-21] (Lexmark International Inc.) HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Winlogon: [system] HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-01-02] (Google Inc.) HKCU\...\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [221184 2005-02-16] (InstallShield Software Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com SearchScopes: HKLM - {80E42FB6-6F40-4D66-856B-3C94ADAE2FB5} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {80E42FB6-6F40-4D66-856B-3C94ADAE2FB5} URL = BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU -Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) PDF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab PDF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab PDF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 ========================== Services (Whitelisted) ================= S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.) S4 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard) S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537520 2006-11-29] ( ) R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation) S4 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software) R2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-05-08] (COMPANYVERS_NAME) S3 MSIServer; %systemroot%\system32\msiexec /V [x] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130515.001\BHDrvx86.sys [1000024 2013-04-12] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation) R1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-02-28] (Symantec Corporation) S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130527.001\IDSvix86.sys [386720 2012-10-16] (Symantec Corporation) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130527.020\NAVENG.SYS [93272 2013-05-21] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130527.020\NAVEX15.SYS [1611992 2013-05-21] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NIS\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NIS\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2012-10-17] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NIS\1403010.016\Ironx86.SYS [175264 2012-11-15] (Symantec Corporation) R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1403010.016\SYMTDIV.SYS [350368 2013-01-30] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-08-10] (TuneUp Software) S3 Afc; system32\drivers\Afc.sys [x] S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-27 23:44 - 2013-05-27 23:44 - 00000000 ____D C:\FRST 2013-05-27 23:42 - 2013-05-27 23:42 - 01355295 ____A (Farbar) C:\Users\Ed and Sue\Desktop\FRST.exe 2013-05-25 11:04 - 2013-05-25 11:04 - 00393216 ____A C:\Windows\System32\config\default.rrr 2013-05-24 11:12 - 2013-05-24 11:13 - 00458094 ____A C:\Users\Ed and Sue\Desktop\CIntRep-1321322.zip 2013-05-23 14:59 - 2013-05-23 14:59 - 00000518 ____A C:\Users\Ed and Sue\Documents\cc_20130523_145907.reg 2013-05-23 10:44 - 2013-05-23 10:44 - 00015294 ____A C:\Users\Ed and Sue\Documents\bookmark.htm 2013-05-22 11:37 - 2013-05-22 11:37 - 00009487 ____A C:\Users\Ed and Sue\Documents\gringo wednesday may 22 2013 response to him by srrsue.txt 2013-05-22 10:02 - 2013-05-22 10:02 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-05-22 10:01 - 2013-05-24 18:19 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-22 10:01 - 2013-05-22 10:01 - 00000000 ____D C:\Program Files\Adobe 2013-05-21 16:05 - 2013-05-21 16:05 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-05-21 15:18 - 2013-05-21 15:18 - 22459352 ____A C:\Users\Ed and Sue\Desktop\MATION - CROWN COURT CONDOMINIUIM - APARTMENT RENTAL - DESCRIPTION - DANBURY, CT 06811 - AVAILABLE JULY 15, 2013 - KATHERINE - CRAIGSLIST - PICTURES.zip 2013-05-21 14:23 - 2013-05-21 14:24 - 00004608 ____A C:\Users\Ed and Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-21 12:10 - 2013-05-21 12:08 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-05-21 12:10 - 2007-01-20 05:55 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe 2013-05-21 12:10 - 2007-01-20 05:55 - 00135168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe 2013-05-21 10:06 - 2013-05-21 10:06 - 00022166 ____A C:\Users\Ed and Sue\Documents\cc_20130521_100634.reg 2013-05-20 21:44 - 2012-02-29 11:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll 2013-05-20 21:44 - 2012-02-29 11:09 - 00157696 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2013-05-20 21:44 - 2012-02-29 09:32 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys 2013-05-20 08:56 - 2013-05-20 08:57 - 00000308 ____A C:\Windows\setupact.log 2013-05-20 08:56 - 2013-05-20 08:56 - 00000000 ____D C:\Program Files\Synaptics 2013-05-20 08:56 - 2013-05-20 08:56 - 00000000 ____A C:\Windows\setuperr.log 2013-05-20 08:49 - 2012-07-25 23:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2013-05-20 08:49 - 2012-07-25 23:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2013-05-20 08:49 - 2012-07-25 23:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2013-05-20 08:49 - 2012-07-25 23:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2013-05-20 08:49 - 2012-07-25 23:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2013-05-20 08:49 - 2012-07-25 23:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2013-05-20 08:49 - 2012-07-25 23:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2013-05-20 08:49 - 2012-07-25 22:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2013-05-20 08:49 - 2012-07-25 22:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2013-05-20 08:49 - 2012-07-25 22:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2013-05-20 08:49 - 2012-06-02 10:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2013-05-20 08:49 - 2012-06-02 10:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2013-05-20 08:49 - 2009-07-14 08:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll 2013-05-20 08:48 - 2012-11-21 23:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll 2013-05-20 03:24 - 2013-05-20 03:27 - 00002804 ____A C:\Windows\IE9_main.log 2013-05-20 03:01 - 2012-12-16 09:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll 2013-05-20 03:01 - 2012-12-16 06:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll 2013-05-20 01:51 - 2013-04-15 10:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-20 01:51 - 2013-04-13 06:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-20 01:51 - 2013-04-04 06:10 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-20 01:51 - 2013-04-04 06:10 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-20 01:51 - 2013-04-04 06:10 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-20 01:51 - 2013-04-04 06:08 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-20 01:51 - 2013-04-04 06:06 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll 2013-05-20 01:51 - 2013-04-04 06:05 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-20 01:51 - 2013-04-04 06:05 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-20 01:51 - 2013-04-04 06:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-20 01:51 - 2013-04-04 06:04 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-20 01:51 - 2013-04-04 06:04 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-20 01:51 - 2013-04-04 04:23 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-20 01:51 - 2013-04-04 02:43 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-20 01:51 - 2013-04-04 02:42 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-20 01:51 - 2013-04-04 02:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-20 01:51 - 2013-03-11 09:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-05-20 01:51 - 2013-03-11 09:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-05-20 01:51 - 2013-03-08 23:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-05-20 01:51 - 2013-03-08 21:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-05-20 01:51 - 2012-11-02 06:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2013-05-20 01:51 - 2012-11-02 04:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe 2013-05-20 01:51 - 2012-09-25 12:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2013-05-20 01:51 - 2012-08-21 07:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys 2013-05-20 01:51 - 2012-06-29 12:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2013-05-20 01:51 - 2012-06-08 13:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-20 01:51 - 2012-05-11 11:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2013-05-20 01:51 - 2012-03-20 19:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2013-05-20 01:50 - 2013-05-06 01:24 - 06013440 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-20 01:50 - 2013-05-05 15:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-20 01:50 - 2013-03-03 15:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-05-20 01:50 - 2012-11-20 00:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-05-20 01:50 - 2012-11-12 21:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2013-05-20 01:50 - 2012-11-07 23:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll 2013-05-20 01:50 - 2012-09-28 12:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-05-20 01:50 - 2012-08-24 11:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2013-05-20 01:50 - 2012-06-01 20:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-05-20 01:50 - 2012-06-01 20:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-05-20 01:50 - 2012-06-01 20:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-05-20 01:50 - 2012-03-01 10:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-05-20 01:50 - 2012-03-01 10:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-05-20 01:50 - 2012-02-29 10:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-05-20 01:50 - 2012-02-29 09:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-05-20 01:50 - 2012-02-29 09:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-05-20 01:50 - 2011-12-14 12:17 - 00680448 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll 2013-05-20 01:49 - 2013-04-08 21:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-20 01:49 - 2013-03-07 23:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-05-20 01:49 - 2013-03-07 23:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll 2013-05-20 01:49 - 2013-02-11 21:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-05-20 01:49 - 2013-01-04 07:28 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-05-20 01:49 - 2012-11-02 06:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2013-05-20 01:49 - 2012-06-05 12:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2013-05-20 01:49 - 2012-06-04 11:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2013-05-20 01:49 - 2012-06-01 20:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2013-05-20 01:49 - 2012-05-01 10:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2013-05-20 01:36 - 2012-01-09 11:54 - 00613376 ____A (Microsoft Corporation) C:\Windows\System32\rdpencom.dll 2013-05-20 01:10 - 2012-06-02 18:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2013-05-20 01:10 - 2012-06-02 18:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2013-05-20 01:09 - 2012-06-02 18:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2013-05-20 01:09 - 2012-06-02 18:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2013-05-20 01:09 - 2012-06-02 18:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2013-05-20 01:09 - 2012-06-02 18:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2013-05-20 01:09 - 2012-06-02 18:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2013-05-20 01:09 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2013-05-20 01:09 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2013-05-19 19:55 - 2013-05-24 11:29 - 00000000 ____D C:\Windows\System32\catroot2old 2013-05-19 19:47 - 2013-05-22 17:57 - 00001118 ____A C:\Windows\PFRO.log 2013-05-19 18:31 - 2013-05-19 18:31 - 00000207 ____A C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat 2013-05-19 18:30 - 2013-05-19 18:30 - 00000000 ____D C:\RegBackup 2013-05-19 18:20 - 2013-05-19 19:45 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-05-19 18:01 - 2013-05-19 18:01 - 00000000 ____D C:\Users\Ed and Sue\Desktop\tweaking.com_windows_repair_aio 2013-05-19 12:24 - 2013-05-25 11:06 - 01712128 ____A C:\Users\user\s-1-5-21-936523094-2541983458-908479171-1000.rrr 2013-05-18 18:15 - 2013-05-18 18:15 - 00001708 ____A C:\Users\Ed and Sue\Documents\cc_20130518_181509.reg 2013-05-18 18:07 - 2013-05-18 18:07 - 00080554 ____A C:\ProgramData\nvModes.dat 2013-05-17 16:42 - 2013-05-17 16:42 - 00000233 ____A C:\Users\Ed and Sue\Desktop\REPAIR.BAT 2013-05-16 10:21 - 2013-05-16 10:21 - 00000000 ____D C:\Users\Ed and Sue\Desktop\backups 2013-05-16 10:05 - 2013-05-19 19:23 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-05-16 01:13 - 2013-05-16 01:13 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ed and Sue\Desktop\HijackThis.exe 2013-05-15 23:36 - 2013-05-17 10:21 - 00001057 ____A C:\Users\Ed and Sue\Desktop\Revo Uninstaller.lnk 2013-05-15 23:36 - 2013-05-17 10:21 - 00000000 ____D C:\Program Files\VS Revo Group 2013-05-15 23:35 - 2013-05-15 23:35 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Ed and Sue\Desktop\revosetup.exe 2013-05-15 18:30 - 2013-05-27 10:39 - 00000000 ____D C:\Windows\erdnt 2013-05-15 09:21 - 2013-05-15 09:21 - 00002853 ____A C:\Users\Ed and Sue\Desktop\JRT.txt 2013-05-15 09:11 - 2013-05-15 09:11 - 00000000 ____D C:\Windows\ERUNT 2013-05-15 09:11 - 2013-05-15 09:11 - 00000000 ____D C:\JRT 2013-05-15 01:13 - 2013-05-15 01:14 - 00004054 ____A C:\AdwCleaner[s1].txt 2013-05-15 01:06 - 2013-05-15 01:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Ed and Sue\Desktop\JRT.exe 2013-05-15 01:04 - 2013-05-15 01:04 - 00628743 ____A C:\Users\Ed and Sue\Desktop\AdwCleaner.exe 2013-05-09 13:56 - 2013-05-09 13:56 - 00001012 ____A C:\Users\Administrator\Documents\cc_20130509_135606.reg 2013-05-09 13:25 - 2013-05-09 13:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-05-09 13:16 - 2013-05-19 12:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Norton Utilities 14 2013-05-09 13:16 - 2013-05-09 13:16 - 00000949 ____A C:\Users\Administrator\Desktop\Internet Explorer.lnk 2013-05-09 12:55 - 2013-05-09 12:55 - 00094144 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\UtilityChest_49 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\IAC 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2013-05-08 20:55 - 2013-05-08 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software 2013-05-08 20:50 - 2013-05-26 08:17 - 00000000 ____D C:\users\Administrator 2013-05-08 20:50 - 2013-05-08 20:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-05-08 20:50 - 2011-03-02 09:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2013-05-08 20:50 - 2010-03-06 11:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help 2013-05-08 19:38 - 2013-05-08 19:38 - 00000000 ____D C:\Program Files\UtilityChest_49 2013-05-08 18:36 - 2013-05-08 19:25 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\NPE 2013-05-08 17:29 - 2013-05-08 17:29 - 00002008 ____A C:\Users\Ed and Sue\Documents\cc_20130508_172922.reg 2013-05-08 12:14 - 2013-05-08 12:14 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Malwarebytes 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-08 12:14 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-05-05 22:03 - 2013-05-05 22:03 - 00000229 ____A C:\Users\Ed and Sue\Desktop\Restaurant.com Dining Certificate.url 2013-05-04 21:26 - 2013-05-04 21:26 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-05-04 21:26 - 2013-05-04 21:26 - 00000000 ____D C:\Program Files\CCleaner ==================== One Month Modified Files and Folders ======== 2013-05-27 23:45 - 2010-01-07 04:40 - 01971180 ____A C:\Windows\WindowsUpdate.log 2013-05-27 23:44 - 2013-05-27 23:44 - 00000000 ____D C:\FRST 2013-05-27 23:43 - 2012-09-18 22:45 - 00001356 ____A C:\Users\Ed and Sue\AppData\Local\d3d9caps.dat 2013-05-27 23:42 - 2013-05-27 23:42 - 01355295 ____A (Farbar) C:\Users\Ed and Sue\Desktop\FRST.exe 2013-05-27 23:33 - 2010-03-12 17:52 - 00000000 ____D C:\Program Files\Norton Utilities 14 2013-05-27 23:33 - 2006-11-02 08:45 - 00003296 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-27 23:33 - 2006-11-02 08:45 - 00003296 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-27 20:29 - 2011-03-13 21:46 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-27 19:34 - 2012-11-30 01:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-27 12:44 - 2012-06-09 15:32 - 00094144 ____A C:\Users\Ed and Sue\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-27 12:28 - 2011-03-13 21:46 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-27 11:38 - 2006-11-02 06:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-27 11:33 - 2010-01-13 15:54 - 00080554 ____A C:\ProgramData\nvModes.001 2013-05-27 11:32 - 2006-11-02 08:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-27 11:30 - 2006-11-02 08:58 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-27 10:45 - 2006-11-02 08:44 - 00355280 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-27 10:39 - 2013-05-15 18:30 - 00000000 ____D C:\Windows\erdnt 2013-05-26 08:17 - 2013-05-08 20:50 - 00000000 ____D C:\users\Administrator 2013-05-25 11:28 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\rescache 2013-05-25 11:14 - 2012-06-09 15:26 - 00000000 ____D C:\users\Ed and Sue 2013-05-25 11:08 - 2006-11-02 06:22 - 50855936 ____A C:\Windows\System32\config\software.rmbak 2013-05-25 11:08 - 2006-11-02 06:22 - 38010880 ____A C:\Windows\System32\config\components.rmbak 2013-05-25 11:06 - 2013-05-19 12:24 - 01712128 ____A C:\Users\user\s-1-5-21-936523094-2541983458-908479171-1000.rrr 2013-05-25 11:04 - 2013-05-25 11:04 - 00393216 ____A C:\Windows\System32\config\default.rrr 2013-05-25 01:21 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-05-25 00:48 - 2006-11-02 08:35 - 00000000 ____D C:\Windows\System32\XPSViewer 2013-05-24 18:19 - 2013-05-22 10:01 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-05-24 18:18 - 2007-01-20 05:27 - 00000000 ____D C:\ProgramData\Adobe 2013-05-24 18:16 - 2012-06-09 15:29 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Adobe 2013-05-24 11:29 - 2013-05-19 19:55 - 00000000 ____D C:\Windows\System32\catroot2old 2013-05-24 11:13 - 2013-05-24 11:12 - 00458094 ____A C:\Users\Ed and Sue\Desktop\CIntRep-1321322.zip 2013-05-23 14:59 - 2013-05-23 14:59 - 00000518 ____A C:\Users\Ed and Sue\Documents\cc_20130523_145907.reg 2013-05-23 10:44 - 2013-05-23 10:44 - 00015294 ____A C:\Users\Ed and Sue\Documents\bookmark.htm 2013-05-22 17:57 - 2013-05-19 19:47 - 00001118 ____A C:\Windows\PFRO.log 2013-05-22 11:37 - 2013-05-22 11:37 - 00009487 ____A C:\Users\Ed and Sue\Documents\gringo wednesday may 22 2013 response to him by srrsue.txt 2013-05-22 10:02 - 2013-05-22 10:02 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk 2013-05-22 10:01 - 2013-05-22 10:01 - 00000000 ____D C:\Program Files\Adobe 2013-05-22 09:46 - 2007-01-20 05:55 - 00000000 ____D C:\Program Files\Java 2013-05-22 09:43 - 2007-01-20 05:55 - 00000000 ____D C:\Program Files\Common Files\Java 2013-05-21 16:09 - 2007-01-20 05:20 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-21 16:05 - 2013-05-21 16:05 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2013-05-21 16:05 - 2006-11-02 07:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-05-21 15:18 - 2013-05-21 15:18 - 22459352 ____A C:\Users\Ed and Sue\Desktop\MATION - CROWN COURT CONDOMINIUIM - APARTMENT RENTAL - DESCRIPTION - DANBURY, CT 06811 - AVAILABLE JULY 15, 2013 - KATHERINE - CRAIGSLIST - PICTURES.zip 2013-05-21 14:24 - 2013-05-21 14:23 - 00004608 ____A C:\Users\Ed and Sue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-05-21 12:08 - 2013-05-21 12:10 - 00263584 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-05-21 12:08 - 2012-06-09 15:50 - 00866720 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-05-21 12:08 - 2010-06-22 00:54 - 00788896 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-05-21 10:06 - 2013-05-21 10:06 - 00022166 ____A C:\Users\Ed and Sue\Documents\cc_20130521_100634.reg 2013-05-20 08:57 - 2013-05-20 08:56 - 00000308 ____A C:\Windows\setupact.log 2013-05-20 08:56 - 2013-05-20 08:56 - 00000000 ____D C:\Program Files\Synaptics 2013-05-20 08:56 - 2013-05-20 08:56 - 00000000 ____A C:\Windows\setuperr.log 2013-05-20 03:27 - 2013-05-20 03:24 - 00002804 ____A C:\Windows\IE9_main.log 2013-05-19 19:45 - 2013-05-19 18:20 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE 2013-05-19 19:33 - 2006-11-02 06:23 - 00000855 ____A C:\Windows\System32\Drivers\etc\hosts.bak 2013-05-19 19:23 - 2013-05-16 10:05 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-05-19 18:31 - 2013-05-19 18:31 - 00000207 ____A C:\Windows\tweaking.com-regbackup-USER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat 2013-05-19 18:30 - 2013-05-19 18:30 - 00000000 ____D C:\RegBackup 2013-05-19 18:01 - 2013-05-19 18:01 - 00000000 ____D C:\Users\Ed and Sue\Desktop\tweaking.com_windows_repair_aio 2013-05-19 12:15 - 2013-05-09 13:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Norton Utilities 14 2013-05-18 18:15 - 2013-05-18 18:15 - 00001708 ____A C:\Users\Ed and Sue\Documents\cc_20130518_181509.reg 2013-05-18 18:07 - 2013-05-18 18:07 - 00080554 ____A C:\ProgramData\nvModes.dat 2013-05-17 16:42 - 2013-05-17 16:42 - 00000233 ____A C:\Users\Ed and Sue\Desktop\REPAIR.BAT 2013-05-17 10:21 - 2013-05-15 23:36 - 00001057 ____A C:\Users\Ed and Sue\Desktop\Revo Uninstaller.lnk 2013-05-17 10:21 - 2013-05-15 23:36 - 00000000 ____D C:\Program Files\VS Revo Group 2013-05-16 10:21 - 2013-05-16 10:21 - 00000000 ____D C:\Users\Ed and Sue\Desktop\backups 2013-05-16 10:05 - 2011-02-26 18:34 - 00000245 ____A C:\ProgramData\hpqp.ini 2013-05-16 01:13 - 2013-05-16 01:13 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ed and Sue\Desktop\HijackThis.exe 2013-05-16 00:54 - 2012-06-10 22:49 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\CrashDumps 2013-05-16 00:45 - 2012-04-01 14:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-05-16 00:45 - 2011-05-16 09:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-05-15 23:40 - 2012-06-10 22:56 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\Adobe 2013-05-15 23:35 - 2013-05-15 23:35 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Ed and Sue\Desktop\revosetup.exe 2013-05-15 22:21 - 2006-11-02 06:23 - 00000215 ____A C:\Windows\system.ini 2013-05-15 18:56 - 2006-11-02 07:18 - 00000000 ___RD C:\users\Public 2013-05-15 18:56 - 2006-11-02 07:18 - 00000000 ___RD C:\users\Default 2013-05-15 18:52 - 2006-11-02 06:23 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_143 2013-05-15 09:21 - 2013-05-15 09:21 - 00002853 ____A C:\Users\Ed and Sue\Desktop\JRT.txt 2013-05-15 09:11 - 2013-05-15 09:11 - 00000000 ____D C:\Windows\ERUNT 2013-05-15 09:11 - 2013-05-15 09:11 - 00000000 ____D C:\JRT 2013-05-15 01:14 - 2013-05-15 01:13 - 00004054 ____A C:\AdwCleaner[s1].txt 2013-05-15 01:06 - 2013-05-15 01:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Ed and Sue\Desktop\JRT.exe 2013-05-15 01:04 - 2013-05-15 01:04 - 00628743 ____A C:\Users\Ed and Sue\Desktop\AdwCleaner.exe 2013-05-09 13:56 - 2013-05-09 13:56 - 00001012 ____A C:\Users\Administrator\Documents\cc_20130509_135606.reg 2013-05-09 13:25 - 2013-05-09 13:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-05-09 13:16 - 2013-05-09 13:16 - 00000949 ____A C:\Users\Administrator\Desktop\Internet Explorer.lnk 2013-05-09 12:55 - 2013-05-09 12:55 - 00094144 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\UtilityChest_49 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\IAC 2013-05-09 12:54 - 2013-05-09 12:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google 2013-05-08 20:55 - 2013-05-08 20:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software 2013-05-08 20:52 - 2011-09-07 19:32 - 00000000 ____D C:\Program Files\lx_cats 2013-05-08 20:50 - 2013-05-08 20:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-05-08 19:38 - 2013-05-08 19:38 - 00000000 ____D C:\Program Files\UtilityChest_49 2013-05-08 19:25 - 2013-05-08 18:36 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\NPE 2013-05-08 17:29 - 2013-05-08 17:29 - 00002008 ____A C:\Users\Ed and Sue\Documents\cc_20130508_172922.reg 2013-05-08 12:14 - 2013-05-08 12:14 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Malwarebytes 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-05-08 12:14 - 2013-05-08 12:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-06 01:24 - 2013-05-20 01:50 - 06013440 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-05 22:03 - 2013-05-05 22:03 - 00000229 ____A C:\Users\Ed and Sue\Desktop\Restaurant.com Dining Certificate.url 2013-05-05 15:58 - 2013-05-20 01:50 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-04 21:26 - 2013-05-04 21:26 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2013-05-04 21:26 - 2013-05-04 21:26 - 00000000 ____D C:\Program Files\CCleaner 2013-05-04 21:26 - 2007-01-20 04:32 - 00000000 ____D C:\Windows\panther 2013-05-03 15:57 - 2006-11-02 06:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe Other Malware: =========== C:\ProgramData\nvModes.dat ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Last Boot: 2013-05-27 23:41 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2013 Ran by Ed and Sue at 2013-05-27 23:49:00 Run: Running from C:\Users\Ed and Sue\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Active@ ISO Burner (Version: 2.1.0) ActiveCheck component for HP Active Support Library (Version: 3.0.0.2) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Reader X (10.1.7) (Version: 10.1.7) Amazon Games & Software Downloader (Version: 2.0.2.0) ArcSoft PhotoImpression 5 ASL_HS_Installer32 (Version: 1.0.9) Bing Bar (Version: 7.0.614.0) Bing Rewards Client Installer (Version: 16.0.345.0) CCleaner (Version: 4.01) Compaq Connections (remove only) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Conexant HD Audio D3DX10 (Version: 15.4.2368.0902) DivX (Version: 5.2.1) EPSON Printer Software Google Earth (Version: 7.0.3.8542) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.4.3607.2246) Google Update Helper (Version: 1.3.21.145) Granny In Paradise HDAUDIO Soft Data Fax Modem with SmartCP Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000) HP Active Support Library (Version: 1.0.21) HP Customer Experience Enhancements (Version: 1.00.0000) HP DVD Play 3.7 (Version: 3.7.0.6310) HP Easy Setup - Core (Version: 1.00.0000) HP Easy Setup - Frontend (Version: 5.00.0000) HP Help and Support (Version: 1.0.0) HP Product Detection (Version: 11.14.0001) HP Quick Launch Buttons 6.10 B9 (Version: 6.10 B9) HP Total Care Advisor (Version: 1.0.94) HP Update (Version: 5.003.001.001) HP User Guide 0041 (Version: 1.00.0008) HP Wireless Assistant (Version: 3.00 C2) HPAsset component for HP Active Support Library (Version: 3.0.1.0) HPNetworkAssistant (Version: 1.1.70) Junk Mail filter update (Version: 15.4.3502.0922) Lexmark 3400 Series Lexmark Toolbar (Version: 4.0.53.0) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Automated Troubleshooting Services Shim Microsoft Fix it Center (Version: 1.0.0100) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Works (Version: 08.05.0818) MSVCRT (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) muvee autoProducer 5.0 (Version: 5.00.050) My HP Games (Version: HPLAP0304) Norton Internet Security (Version: 20.3.1.22) Norton Utilities (Version: 14.5) NVIDIA Drivers (Version: 1.4) OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) PDFCreator (Version: 1.2.0) Revo Uninstaller 1.94 (Version: 1.94) RF Wireless Mouse Roxio Creator Audio (Version: 3.3.0) Roxio Creator Basic v9 (Version: 3.3.0) Roxio Creator Copy (Version: 3.3.0) Roxio Creator Data (Version: 3.3.0) Roxio Creator EasyArchive (Version: 3.3.0) Roxio Creator Tools (Version: 3.3.0) Roxio Express Labeler 3 (Version: 2.1.0) Roxio MyDVD Basic v9 (Version: 9.0.114) Segoe UI (Version: 15.4.2271.0615) Sonic Activation Module (Version: 1.0) Symantec Technical Support Advanced Chat Controls (Version: 3.5.3) Symantec Technical Support Web Controls (Version: 3.5.3) Synaptics Pointing Device Driver (Version: 11.0.7.0) TuneUp Utilities 2012 (Version: 12.0.3600.103) TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.103) TurboTax Deluxe 2005 TurboTax Deluxe Deduction Maximizer 2006 TurboTax ItsDeductible 2005 (Version: 9.05.0000) TurboTax ItsDeductible 2006 (Version: 10.00.0000) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows 7 Upgrade Advisor (Version: 2.0.5000.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live Family Safety (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live Sync (Version: 14.0.8089.726) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) ==================== Restore Points ========================= 23-05-2013 07:00:23 Windows Update 23-05-2013 18:56:21 Made by Norton Utilities 23-05-2013 19:00:08 Windows Update 24-05-2013 15:45:56 Windows Update 25-05-2013 04:00:02 Scheduled Checkpoint 25-05-2013 04:38:45 Windows Update 25-05-2013 04:47:44 Windows Update 25-05-2013 05:06:30 Windows Update 25-05-2013 13:44:58 Windows Update 25-05-2013 13:58:23 Windows Update 25-05-2013 14:49:54 Windows Update 25-05-2013 14:57:24 Made by Norton Utilities 25-05-2013 14:59:13 Made by Norton Utilities 26-05-2013 13:25:27 Scheduled Checkpoint ==================== Hosts content: ========================== ::1 localhost 127.0.0.1 localhost ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/27/2013 11:33:41 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: -1023 Error: (05/27/2013 11:33:41 AM) (Source: ESENT) (User: ) Description: Catalog Database (1376) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log. Error: (05/27/2013 11:33:41 AM) (Source: ESENT) (User: ) Description: Catalog Database (1376) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). Error: (05/27/2013 11:33:41 AM) (Source: ESENT) (User: ) Description: Catalog Database (1376) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log. Error: (05/27/2013 11:33:41 AM) (Source: ESENT) (User: ) Description: Catalog Database (1376) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). Error: (05/27/2013 11:33:41 AM) (Source: ESENT) (User: ) Description: Catalog Database (1376) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\edb.chk" for read / write access failed with system error 3 (0x00000003): "The system cannot find the path specified. ". The open file operation will fail with error -1023 (0xfffffc01). Error: (05/27/2013 11:29:37 AM) (Source: Windows Search Service) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (05/26/2013 01:18:33 PM) (Source: MatSvc) (User: ) Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422 . Error: (05/25/2013 11:12:12 AM) (Source: Windows Search Service) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03) Error: (05/25/2013 11:12:12 AM) (Source: Windows Search Service) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (0x80040d03) System errors: ============= Error: (05/27/2013 11:32:52 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (05/27/2013 11:29:34 AM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (05/27/2013 10:45:30 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (05/27/2013 10:37:07 AM) (Source: Service Control Manager) (User: ) Description: XAudioService1 Error: (05/26/2013 08:09:11 PM) (Source: Schannel) (User: ) Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (05/25/2013 11:12:13 AM) (Source: Service Control Manager) (User: ) Description: Windows Search1300001Restart the service Error: (05/25/2013 11:12:13 AM) (Source: Service Control Manager) (User: ) Description: Windows Search2147749155 (0x80040D23) Error: (05/25/2013 11:11:57 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (05/25/2013 10:30:57 AM) (Source: DCOM) (User: NT AUTHORITY) Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (05/25/2013 10:26:40 AM) (Source: Service Control Manager) (User: ) Description: Windows Modules Installer%%32 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-05-27 23:47:22.923 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:47:22.580 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:47:22.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:47:21.800 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:46:27.137 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130515.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:46:26.794 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130515.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:46:26.420 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130515.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2013-05-27 23:46:26.045 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130515.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system. Date: 2013-05-22 10:51:28.968 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. Date: 2013-05-22 10:51:28.609 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 1981.87 MB Available physical RAM: 897.12 MB Total Pagefile: 4210.27 MB Available Pagefile: 2825.89 MB Total Virtual: 2047.88 MB Available Virtual: 1903.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:86.98 GB) (Free:31.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (PRESARIO_RP) (Fixed) (Total:6.17 GB) (Free:0.47 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 93 GB) (Disk ID: B90883C0) Partition 1: (Active) - (Size=87 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=6 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Please let me know what you want me to do next. thanks, srruse tuesday may 28, 2013 at 1:19 am edst
  10. srrsue
    Hi Gringo...I tried what you said but got AN ERROR MESSAGE that said: An error occurred while saving the troubleshooting results. A problem is preventing the troubleshooter from starting. Package ID: WindowsUpdateDiagnostic; Error Code: 0x80092003...what do YOU suggest I do next ?? thanks, srrsue monday may 27, 2013 at 9:27 pm edst
  11. srrsue
    Hi Gringo...the microsoft update is STILL running...I just got a POP UP (Problem Reports and Solutions) from windows problem reporting...and it is a LISTING OF 857 ERRORS....the MOST recent dates were may 20th thru may 27th..and the largest listings are entitled: HOST PROCESS FOR WINDOWS SERVICES - WINDOWS UPDATE INSTALLATION PROBLEM (251 errors)....then the next large listing is: INTERNET EXPLORER - Webpage Display Problems (321 errors),,,,,then: WINDOWS MODULES INSTALLER - Cbs Package Servicing Failure, WindowsWcpOtherFailure 3 (268 errors) - so I don't know what THESE ARE ALL ABOUT - and I assume you do and know what I have to do next...I clicked to find out if MICROSOFT found answers for these 857 errors and it came back: No solutions found !! Please check for solutions again later !! WHAT IS THIS ALL ABOUT...thanks for your NEXT instruction. srrsue monday may 27 2013 at 12:33 pm edst
  12. srrsue
    Hi Gringo...I did what you said and did Uninstall combofix and otc cleanit. We had NOT used defogger. I am presently TRYING TO see if there are any new UPDATES....and it seems to keep on running and running for OVER AN HOUR now...this is not usual. I use to get it to run and Updates, important and optional would pop up on the screen in a few minutes. I DON'T KNOW WHAT TO MAKE OF THIS...what should I do ? I am reluctant to close it out until I hear from you. I checked my settings and it is on AUTOMATIC UPDATE at 3 am daily. After I did otc clean it....there are still SEVERAL programs etc. THAT WERE CREATED when you had me do all those steps...for example: revo setup, adwcleaner, JRT, hijack this, tweaking.com, REPAIR and CIntrep - do I manually delete all of these, or do I keep any ? Let me know what to do from this point and if I should be concerned about the UPDATE loop I am in. thanks, srrsue monday may 26, 2013 at 11:15 am edst
  13. srrsue
    Hi Gringo....I think YOU finally figured it out !! I did as you said and loaded the 49 updates (3 additional showed up as being available) in 6 different "loads" of 3/8/25/5/3/5 at a time....I did the 25 by clicking on the LOW kb updates, as compared to the larger mb updates....i kept updating and restarting and right now my UPDATE AVAILABLE page only says 3 optional...and when I checked the updates installed....all 49 were installed today 5/25/2013 !! So Gringo...I think you did an excellent job of figuring out and FIXING all these capers....and it is indicative of your intellect and will power to surely be an EXPERT maleware and virus guru. Please let me know what the next steps are to finalize. thank you very much, srrsue saturday may 25, 2013 at 11:27 am edst
  14. srrsue
    Hi Gringo..I did the complete internet repair..then rebooted...then opened IE and did the windows update button and saw there were 46/3 updates ...so I checked off the 46 (note: THESE were the new ones...with VISTA in the description !) The OLD 67 were STILL IN the INSTALLED EARLIER list..so I rant the 46 important updates...it said a restart was necessary...I did that....and the SAME OLD ERROR popped up saying updates were NOT configured properly and were being REVERTED again...do not turn off your computer...I DID NOT TURN IT OFF...then the regular desktop icons appered. I check on WINDOWS UPDATE availability..it said ONLY 3 optional were available...I looked at the INSTALLED EARLIER list and it WAS ONLY THE 67 previously installed....so NONE OF THE NEW 46 with a lot of VISTA in the description were there at all !! So the COMPLETE INTERNET REPAIR does not seem like it worked at all.....Please let me know what to try next...do you think I should try to install ONLY the bing bar OPTIONAL update..and see if that takes...or what do you suggest ? Let me know...thanks, srrsue friday may 24, 2013 at 1:45 pm edst
  15. srrsue
    Hi Gringo - I just booted up my PC this morning and AGAIN got the notification of 46 Important and 3 Optional windows updates available. I DID NOT TRY TO LOAD them because of the loop problem I have referenced above. I will wait until I hear your next instruction and will not try to do any of the 46 and/or 3 update. Thanks for your continued assistance and direction. srrsue friday may 24, 2013 at 10:17 am edst
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.