Jump to content

alison2011

Honorary Members
  • Posts

    192
  • Joined

  • Last visited

Everything posted by alison2011

  1. my signature is there because if you look through this thread you will see many questions i never got answers to and i never requested immediate support! my signature is merely a suggestion not an order!
  2. i now recall that the microsoft fix it program would not work because the windows desktop search was active so that is a current problem heuristic analysis still doesn't complete the scan in mbam scan, but no infections detected even if it did you still haven't explained to me how to access the clipboard to attach it to here i had problems finding the clipboard after i managed about a week ago to attach a scan log on to the clipboard have asked you previously to explain how i access the clipboard but you must have missed that question along with am i safe to install avast av free edition? i have gone ahead and installed avast! on the first installation scan it detected this: C:\program files\toshiba\toshiba applet\thotkey.exe severity: High Threat: win32:Malware-gen Action: Move to chest Result: green tick i am now running a scan where upon it reboots and scans all files etc before opening windows. It has found this: File C:\System Volume Information\_restore{7953D9EF-F7E4-41B1-AB0F-E8D629863461}\RP1026\A0224227.exe is infected by win32:Malware-gen i have clicked on option 2 to fix all automatically and it has been moved to chest. Now waiting for the rest of the scan to complete. i am sorry that i haven't waited for your say so in doing this Ron, but i have now sold this system and am posting it to the buyer on Monday around 12pm GMT (uk) i need to make sure the system has a solid AV on it and also to make sure all infections are gone! i have purposely not warned you of me having sold this system as i didn't want you to be pressured or rushed in helping me - if push comes to shove i will remove all of the programs i have installed since receiving your help like javaJRT FRST etc etc before sending to my buyer. All seems ok on the system except of course the mbam scanner not completing and not being able to run the microsoft fix it program due to not being able to uninstall the windows desktop search if you are able to help me fix both of these things within 36hrs then that would be great if not then i would like to thank you for all your help you have given me in getting this system as clean as your knowledge allowed
  3. ONLY the not being able to uninstall windows desktop search so i can do the fix windows desktop search direction! I would really like to know if i am safe to install Avast AV free edition? I will check if the mbam scanner will now complete and get back to you asap Ron
  4. i actually removed all avg files before the combo fix so they shouldn't be showing in my next logs
  5. ComboFix 14-09-11.01 - Heather 11/09/2014 18:12:59.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.396 [GMT 1:00] Running from: c:\documents and settings\Heather\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security 2014 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\1338750107.bdinstall.bin c:\documents and settings\All Users\Application Data\TEMP C:\Microsoft C:\Thumbs.db c:\windows\system32\Cache c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\1c1bac9197030214.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\3b9c3193a0f466ac.fb c:\windows\system32\Cache\44f8731177834a2f.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\6195a63dd23bae46.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\655ec530b55c9308.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\875e0174e6f8b7c8.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\c4e10d1be905349b.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d73a98e64df23733.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2014-08-11 to 2014-09-11 ))))))))))))))))))))))))))))))) . . 2014-09-11 16:13 . 2014-09-11 16:13 -------- d-----w- c:\documents and settings\Heather\Local Settings\Application Data\Adobe 2014-09-07 04:28 . 2014-09-11 16:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-09-07 04:27 . 2014-09-08 13:34 54232 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-09-07 04:27 . 2014-09-07 04:27 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-09-07 04:27 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-30 14:40 . 2014-08-30 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Reimage Protector 2014-08-30 14:40 . 2014-08-30 14:47 -------- d-----w- c:\program files\Reimage 2014-08-30 14:40 . 2014-08-30 14:49 -------- dc----w- C:\rei 2014-08-30 05:18 . 2014-08-30 05:18 -------- d-----w- c:\windows\system32\wbem\Repository 2014-08-29 04:24 . 2014-08-29 04:28 -------- dc----w- C:\AdwCleaner 2014-08-29 04:00 . 2014-08-29 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MobileBrServ 2014-08-29 02:30 . 2014-08-29 02:30 -------- d-----w- c:\windows\ERUNT 2014-08-28 06:39 . 2014-07-22 21:21 47216 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll 2014-08-27 21:39 . 2014-09-10 19:45 -------- dc----w- C:\FRST 2014-08-27 04:19 . 2014-08-27 04:19 -------- d-----w- c:\program files\Malwarebytes Secure Backup 2014-08-27 03:08 . 2014-08-30 05:19 -------- d-----w- c:\documents and settings\mine 2014-08-27 00:52 . 2014-08-27 00:52 -------- d--h--w- c:\windows\PIF 2014-08-27 00:11 . 2014-08-27 00:11 -------- d-----w- c:\windows\Downloaded Installations 2014-08-21 18:47 . 2014-08-21 18:47 -------- d-----w- c:\documents and settings\Heather\Application Data\EPSON 2014-08-21 15:47 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll 2014-08-21 15:47 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-30 19:53 . 2013-12-03 07:30 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-30 19:53 . 2013-12-03 07:30 699568 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-14 10:26 . 2014-07-26 10:08 35640 ----a-w- c:\windows\system32\uxtuneup.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2011-05-22 00:17 . E62DBCCDF66DA3ED660CED32E70886C0 . 924632 . . [5.0] . . c:\windows\ERDNT\cache\firefox.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1024000] "ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-09-05 393216] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-09 159744] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-29 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-29 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-29 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-10-29 16851456] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-19 417792] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904] "SOSUAUI"="c:\program files\Malwarebytes Secure Backup\sosuploadagent.exe" [2014-03-19 55704] "SMessaging"="c:\program files\Malwarebytes Secure Backup\SMessaging.exe" [2014-03-19 65432] "AccountCreatorRunner"="c:\program files\Malwarebytes Secure Backup\AccountCreatorRunner.exe" [2014-03-19 22424] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2008-09-08 5567800] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [28/07/2014 20:12 5857128] R2 sagentservice;Offsite Online Backup Service;c:\program files\Malwarebytes Secure Backup\SAgent.Service.exe [19/03/2014 14:25 41880] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [19/09/2008 08:26 5888] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19/09/2008 08:09 157696] R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [20/05/2010 14:40 80000] S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys --> c:\windows\system32\drivers\BMLoad.sys [?] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [07/09/2014 05:27 1809720] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [07/09/2014 05:27 860472] S2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\documents and settings\All Users\Application Data\MobileBrServ\mbbService.exe [29/08/2014 05:01 233344] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?] S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [30/03/2012 00:46 72832] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [07/09/2014 05:27 54232] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/09/2014 05:27 23256] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [12/05/2011 02:02 27064] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys [18/06/2009 14:48 92464] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [05/04/2014 03:35 13464] S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?] S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [15/04/2011 17:22 105856] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-10 20:05 1088840 ----a-w- c:\program files\Google\Chrome\Application\39.0.2150.5\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-14 19:53] . 2014-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2014-09-11 c:\windows\Tasks\Online Backup Update Notifier.job - c:\program files\Malwarebytes Secure Backup\SUpdateNotifier.exe [2014-03-19 13:25] . 2014-09-08 c:\windows\Tasks\Reimage Reminder.job - c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2014-07-27 14:53] . 2014-09-11 c:\windows\Tasks\ReimageUpdater.job - c:\program files\Reimage\Reimage Protector\ReiGuard.exe [2014-07-28 19:12] . 2009-04-27 c:\windows\Tasks\System Restore.job - c:\windows\system32\Restore\rstrui.exe [2008-09-19 12:00] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012\ . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Notify-SDWinLogon - SDWinLogon.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-09-11 18:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2014-09-11 18:27:58 ComboFix-quarantined-files.txt 2014-09-11 17:27 ComboFix2.txt 2011-05-25 09:27 . Pre-Run: 90,161,405,952 bytes free Post-Run: 90,560,602,112 bytes free . - - End Of File - - 48040EA4453734388524B96B40C70494 8F558EB6672622401DA993E1E865C861
  6. the log is above attached directly under the photo's i attached it via more reply options i did state also above that i hoped you didn't miss it
  7. sorry the photos came up in multiples first time i have succeeded in attaching a log correctly - i am hoping you don't miss the log attached Would you please let me know when i will be safe to install Avast AV? i have removed all files named AVG!
  8. hi Ron i have found windows desktop search in my program files is there a way to disable it from the files and would you know which file? Will try & attach photos of windows desktop search files. also i see the porn sites in the above addition log here: (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com
  9. i can see from this that the windows search is showing on the user acct (titled: mine) i set up to try and fix mbam back up let me know if i should go to that user acct to uninstall it also i see i have bad sites appearing again ie. porn etc Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
  10. Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014 Ran by Heather at 2014-09-10 20:44:18 Running from C:\Documents and Settings\Heather\desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: - Atheros) Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation) FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - ) Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2145.4 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation) Map Button (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Internet Explorer Administration Kit 5 (HKLM\...\IEAK5) (Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office XP Resource Kit Tools (HKLM\...\{95250409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6403.0 - Microsoft Corporation) Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038 - Microsoft Corporation) Hidden OutRun (HKLM\...\OutRun_is1) (Version: - GameFabrique) Pacman (remove only) (HKLM\...\Pacman) (Version: - JenkatGames) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.) Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0001 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5699 - Realtek Semiconductor Corp.) Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.6.6 - Reimage) Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group) Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Smart Menus (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics) Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.11A2 - ) TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0a - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation) TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA) Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.00.0002 - TOSHIBA) TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.00.00.24f - TOSHIBA) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 13-06-2014 11:01:14 Software Distribution Service 3.0 09-07-2014 03:40:18 Software Distribution Service 3.0 24-07-2014 00:58:53 System Checkpoint 26-07-2014 09:41:32 Installed AVG PC TuneUp 2014 26-07-2014 09:51:18 Removed AVG PC TuneUp 2014 26-07-2014 09:52:02 Removed AVG PC TuneUp 2014 (en-US) 26-07-2014 09:53:31 Installed AVG PC TuneUp 2014 28-07-2014 10:40:42 Removed AVG PC TuneUp 2014 28-07-2014 10:43:10 Removed AVG PC TuneUp 2014 (en-US) 13-08-2014 11:45:13 Software Distribution Service 3.0 21-08-2014 15:25:19 Unsigned printer driver EPSON SX510W Series installed. 26-08-2014 23:13:06 Removed AVG 2014 26-08-2014 23:14:20 Removed AVG 2014 27-08-2014 03:03:58 Installed Malwarebytes Secure Backup 27-08-2014 03:05:30 Installed Malwarebytes Secure Backup 27-08-2014 04:18:55 Installed Malwarebytes Secure Backup 29-08-2014 03:54:24 Installed Windows XP KB959765. 29-08-2014 03:54:51 Installed Windows XP KB945436. 29-08-2014 04:01:37 Installed Windows XP KB959765. 29-08-2014 04:02:00 Installed Windows XP KB945436. 29-08-2014 07:18:41 Removed Java 7 Update 51 29-08-2014 10:00:30 Software Distribution Service 3.0 30-08-2014 05:14:10 Restore Operation 30-08-2014 14:04:11 Software Distribution Service 3.0 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe Task: C:\WINDOWS\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe Task: C:\WINDOWS\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe Task: C:\WINDOWS\Tasks\System Restore.job => C:\WINDOWS\system32\Restore\rstrui.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-29 05:01 - 2012-06-28 07:19 - 00233344 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe 2008-09-19 08:26 - 2004-11-05 17:24 - 00090112 _____ () C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Atheros AR5007EG Wireless Network Adapter Description: Atheros AR5007EG Wireless Network Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Atheros Service: AR5416 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/10/2014 08:41:16 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 08:38:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:36:30 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:12:38 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/10/2014 02:08:06 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/09/2014 00:42:33 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/09/2014 00:38:36 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 02:07:16 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 02:03:57 PM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI Error: (09/08/2014 03:53:10 AM) (Source: Windows Search Service) (EventID: 1006) (User: ) Description: 50x80070715Search.MapPI System errors: ============= Error: (09/10/2014 08:41:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Application Layer Gateway Service service failed to start due to the following error: %%1053 Error: (09/10/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. Error: (09/10/2014 08:39:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/10/2014 08:39:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (09/10/2014 08:38:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 08:38:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: BMLoad Error: (09/10/2014 02:36:31 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 02:12:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23). Error: (09/10/2014 02:10:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Atom CPU N270 @ 1.60GHz Percentage of memory in use: 88% Total physical RAM: 1013.88 MB Available physical RAM: 116.16 MB Total Pagefile: 2445.1 MB Available Pagefile: 1591.57 MB Total Virtual: 2047.88 MB Available Virtual: 1928.68 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:84.22 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 5417C78F) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014 Ran by Heather (administrator) on CURLEWBIRDY on 10-09-2014 20:42:02 Running from C:\Documents and Settings\Heather\desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Atheros) C:\WINDOWS\system32\acs.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe (Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (TOSHIBA Corp.) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe (TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe (FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2008-08-13] (Synaptics, Inc.) HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [450648 2008-04-14] (Atheros Communications, Inc.) HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [393216 2008-09-05] (TOSHIBA) HKLM\...\Run: [smoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation) HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [495616 2007-04-26] (TOSHIBA Corporation) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-10-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-08-19] (Chicony) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] () HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-14] FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon Chrome: ======= CHR CustomProfile: C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19] CHR Extension: (Google Wallet) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-04-14] (Atheros) [File not signed] S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-08-30] (Adobe Systems Incorporated) [File not signed] R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.) R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) [File not signed] R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) [File not signed] R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [233344 2012-06-28] () S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-07-22] (Mozilla Foundation) [File not signed] R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®) [File not signed] R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) [File not signed] R2 TAPPSRV; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [33792 2008-08-29] (TOSHIBA Corp.) [File not signed] R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-09-08] (Malwarebytes Corporation) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) [File not signed] R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-10] (Malwarebytes Corporation) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed] R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-09-04] (Realtek Semiconductor Corp.) S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [92464 2009-06-18] (Sunbelt Software) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-05] () R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed] S3 tdcmdpst; C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed] R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation) R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation) S3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.) R3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [80000 2010-05-20] (Vodafone) S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated) S3 BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [X] S3 BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [X] S0 BMLoad; system32\drivers\BMLoad.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 IntelIde; No ImagePath S3 massfilter; system32\drivers\massfilter.sys [X] U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation) S3 PCASp50; System32\Drivers\PCASp50.sys [X] S3 Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [X] S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X] U5 sdbus; C:\Windows\System32\Drivers\sdbus.sys [79232 2008-04-14] (Microsoft Corporation) U3 TlntSvr; No ImagePath S3 Tosrfcom; No ImagePath S3 Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [X] S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:42 - 2014-09-10 20:42 - 00015597 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt 2014-09-10 02:19 - 2014-09-10 02:19 - 00002318 _____ () C:\WINDOWS\system32\ScanResults.xml 2014-09-10 02:08 - 2014-09-10 02:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2014-09-08 14:17 - 2014-09-08 14:17 - 00162010 _____ () C:\Documents and Settings\Heather\desktop\DIAG_MATS_NETWORK_global(1).DiagCab 2014-09-08 14:14 - 2014-09-08 14:14 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Heather\desktop\MicrosoftFixit.Search.RNP.1333612852258658.1.1.Run.exe 2014-09-07 05:28 - 2014-09-10 20:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-07 05:27 - 2014-09-08 14:34 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-07 05:27 - 2014-09-07 05:27 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-09-07 05:23 - 2014-09-07 05:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Heather\desktop\mbam-setup-2.0.2.1012.exe 2014-09-06 20:53 - 2014-09-06 20:54 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-clean-2.1.1.1001.exe 2014-09-05 01:51 - 2014-09-05 01:59 - 00028486 _____ () C:\Documents and Settings\Heather\desktop\Result.txt 2014-09-05 01:39 - 2014-09-05 01:40 - 00401920 _____ (Farbar) C:\Documents and Settings\Heather\desktop\MiniToolBox.exe 2014-09-02 16:16 - 2014-09-02 16:19 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Net Conf Fix 2014-09-02 16:05 - 2014-09-02 16:05 - 00000000 __SDC () C:\ComboFix 2014-08-30 15:48 - 2014-09-08 15:48 - 00000278 _____ () C:\WINDOWS\Tasks\Reimage Reminder.job 2014-08-30 15:47 - 2014-09-10 20:39 - 00000336 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job 2014-08-30 15:40 - 2014-08-30 15:49 - 00000000 ___DC () C:\rei 2014-08-30 15:40 - 2014-08-30 15:47 - 00000000 ____D () C:\Program Files\Reimage 2014-08-30 15:40 - 2014-08-30 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector 2014-08-30 15:40 - 2014-08-30 15:40 - 00001749 _____ () C:\Documents and Settings\All Users\desktop\PC Scan & Repair by Reimage.lnk 2014-08-30 15:40 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair 2014-08-30 15:34 - 2014-08-30 15:49 - 00000163 _____ () C:\WINDOWS\Reimage.ini 2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt 2014-08-29 12:33 - 2014-08-29 07:52 - 01095168 ____C (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe 2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log 2014-08-29 08:30 - 2014-08-29 08:31 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java 2014-08-29 06:35 - 2014-08-29 06:57 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt 2014-08-29 06:08 - 2014-08-29 06:57 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt 2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe 2014-08-29 05:24 - 2014-08-29 05:28 - 00000000 ___DC () C:\AdwCleaner 2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe 2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log 2014-08-29 05:00 - 2014-08-29 05:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ 2014-08-29 04:54 - 2014-08-29 05:02 - 00011345 _____ () C:\WINDOWS\KB945436.log 2014-08-29 04:53 - 2014-08-29 05:01 - 00007495 _____ () C:\WINDOWS\KB959765.log 2014-08-29 04:51 - 2014-08-29 05:05 - 00049586 _____ () C:\WINDOWS\setupapi.log 2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe 2014-08-28 19:43 - 2014-08-30 08:34 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk 2014-08-27 23:13 - 2014-09-05 02:08 - 00032041 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt 2014-08-27 23:11 - 2014-08-27 23:12 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe 2014-08-27 22:39 - 2014-09-10 20:42 - 00000000 ___DC () C:\FRST 2014-08-27 05:20 - 2014-09-10 20:39 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer 2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google 2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk 2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk 2014-08-27 04:08 - 2014-08-30 06:19 - 00000000 ____D () C:\Documents and Settings\mine 2014-08-27 04:08 - 2014-08-30 06:14 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp 2014-08-27 04:08 - 2014-08-29 04:42 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini 2014-08-27 04:08 - 2014-08-28 09:50 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-08-27 04:08 - 2014-08-27 04:10 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories 2014-08-27 04:08 - 2013-11-27 09:17 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\TuneUp Software 2014-08-27 04:08 - 2013-11-27 09:16 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Avg2014 2014-08-27 04:08 - 2011-05-11 17:32 - 00000000 __SHD () C:\Documents and Settings\mine\IETldCache 2014-08-27 04:08 - 2009-08-01 00:34 - 00001599 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Remote Assistance.lnk 2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Seven Zip 2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Adobe 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Sun 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\InstallShield 2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Adobe 2014-08-27 04:08 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Microsoft Help 2014-08-27 04:08 - 2008-09-19 07:31 - 00000745 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Outlook Express.lnk 2014-08-27 03:54 - 2014-08-27 03:57 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt 2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF 2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON 2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk 2014-08-21 16:47 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe 2014-08-21 16:47 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escdev.dll 2014-08-21 16:47 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll 2014-08-21 16:25 - 2014-08-21 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON 2014-08-21 16:25 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLBFIE.DLL 2014-08-21 16:25 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FD4BFIE.DLL 2014-08-21 16:25 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL 2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys 2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2014-08-18 15:02 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll 2014-08-18 15:02 - 2007-06-22 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini 2014-08-18 15:02 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll 2014-08-18 15:02 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll 2014-08-18 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll 2014-08-18 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll 2014-08-18 15:02 - 2005-06-01 00:20 - 00111932 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00026154 _____ () C:\WINDOWS\system32\EPPICPattern1.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00024903 _____ () C:\WINDOWS\system32\EPPICPattern3.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00021390 _____ () C:\WINDOWS\system32\EPPICPattern5.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00020148 _____ () C:\WINDOWS\system32\EPPICPattern2.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00013732 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00011811 _____ () C:\WINDOWS\system32\EPPICPattern4.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00006442 _____ () C:\WINDOWS\system32\EPPICLocal_IT.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006335 _____ () C:\WINDOWS\system32\EPPICLocal_GE.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006122 _____ () C:\WINDOWS\system32\EPPICLocal_DU.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00006103 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00005817 _____ () C:\WINDOWS\system32\EPPICLocal_KO.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00005436 _____ () C:\WINDOWS\system32\EPPICLocal_SC.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00002889 _____ () C:\WINDOWS\system32\EPPICLocal_RU.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00002426 _____ () C:\WINDOWS\system32\EPPICLocal_TC.cfg 2014-08-18 15:02 - 2004-03-03 06:10 - 00001146 _____ () C:\WINDOWS\system32\EPPICPresetData_DU.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001136 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001120 _____ () C:\WINDOWS\system32\EPPICPresetData_IT.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001107 _____ () C:\WINDOWS\system32\EPPICPresetData_GE.dat 2014-08-18 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat 2014-08-18 14:55 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON 2014-08-18 14:47 - 2014-08-21 16:47 - 00000000 ____D () C:\Program Files\epson ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-10 20:42 - 2014-09-10 20:42 - 00015597 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt 2014-09-10 20:42 - 2014-08-27 22:39 - 00000000 ___DC () C:\FRST 2014-09-10 20:42 - 2010-10-06 09:55 - 00000000 ____D () C:\Documents and Settings\Heather\Local Settings\Temp 2014-09-10 20:41 - 2014-09-07 05:28 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 20:39 - 2014-08-30 15:47 - 00000336 _____ () C:\WINDOWS\Tasks\ReimageUpdater.job 2014-09-10 20:39 - 2014-08-27 05:20 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job 2014-09-10 20:39 - 2010-09-06 01:26 - 01937029 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-10 20:38 - 2010-09-06 03:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-10 20:38 - 2010-09-06 03:16 - 00000050 ____C () C:\WINDOWS\wiaservc.log 2014-09-10 20:38 - 2008-09-19 07:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-10 03:35 - 2011-06-21 02:24 - 00032650 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-10 03:35 - 2009-04-06 07:56 - 00000178 __SHC () C:\Documents and Settings\Heather\ntuser.ini 2014-09-10 03:35 - 2008-09-19 08:10 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt 2014-09-10 02:53 - 2013-12-03 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-10 02:19 - 2014-09-10 02:19 - 00002318 _____ () C:\WINDOWS\system32\ScanResults.xml 2014-09-10 02:08 - 2014-09-10 02:08 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings 2014-09-10 02:07 - 2008-09-19 06:15 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-08 15:48 - 2014-08-30 15:48 - 00000278 _____ () C:\WINDOWS\Tasks\Reimage Reminder.job 2014-09-08 14:34 - 2014-09-07 05:27 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-09-08 14:17 - 2014-09-08 14:17 - 00162010 _____ () C:\Documents and Settings\Heather\desktop\DIAG_MATS_NETWORK_global(1).DiagCab 2014-09-08 14:14 - 2014-09-08 14:14 - 00347816 _____ (Microsoft Corporation) C:\Documents and Settings\Heather\desktop\MicrosoftFixit.Search.RNP.1333612852258658.1.1.Run.exe 2014-09-07 05:27 - 2014-09-07 05:27 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2014-09-07 05:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-07 05:27 - 2010-12-16 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-09-07 05:24 - 2014-09-07 05:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Heather\desktop\mbam-setup-2.0.2.1012.exe 2014-09-06 20:54 - 2014-09-06 20:53 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-clean-2.1.1.1001.exe 2014-09-05 02:15 - 2014-06-19 09:20 - 00001813 _____ () C:\Documents and Settings\All Users\desktop\Google Chrome.lnk 2014-09-05 02:08 - 2014-08-27 23:13 - 00032041 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt 2014-09-05 01:59 - 2014-09-05 01:51 - 00028486 _____ () C:\Documents and Settings\Heather\desktop\Result.txt 2014-09-05 01:40 - 2014-09-05 01:39 - 00401920 _____ (Farbar) C:\Documents and Settings\Heather\desktop\MiniToolBox.exe 2014-09-02 16:19 - 2014-09-02 16:16 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Net Conf Fix 2014-09-02 16:05 - 2014-09-02 16:05 - 00000000 __SDC () C:\ComboFix 2014-09-02 16:05 - 2011-05-25 09:55 - 00000000 ___DC () C:\Qoobox 2014-08-30 20:53 - 2013-12-03 08:30 - 00699568 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-08-30 20:53 - 2013-12-03 08:30 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-08-30 17:17 - 2009-04-06 07:56 - 00000000 ____D () C:\Documents and Settings\Heather 2014-08-30 17:03 - 2008-09-19 07:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-08-30 15:49 - 2014-08-30 15:40 - 00000000 ___DC () C:\rei 2014-08-30 15:49 - 2014-08-30 15:34 - 00000163 _____ () C:\WINDOWS\Reimage.ini 2014-08-30 15:47 - 2014-08-30 15:40 - 00000000 ____D () C:\Program Files\Reimage 2014-08-30 15:47 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Reimage Protector 2014-08-30 15:40 - 2014-08-30 15:40 - 00001749 _____ () C:\Documents and Settings\All Users\desktop\PC Scan & Repair by Reimage.lnk 2014-08-30 15:40 - 2014-08-30 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair 2014-08-30 08:34 - 2014-08-28 19:43 - 00000120 _____ () C:\WINDOWS\setupact.log 2014-08-30 06:19 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine 2014-08-30 06:19 - 2013-03-07 23:17 - 00000000 ____D () C:\Documents and Settings\ale 2014-08-30 06:19 - 2009-04-06 13:03 - 00000000 ____D () C:\Documents and Settings\Alison 2014-08-30 06:19 - 2008-09-19 07:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-08-30 06:19 - 2008-09-19 07:30 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-08-30 06:18 - 2008-09-19 07:25 - 00000000 ____D () C:\WINDOWS\Registration 2014-08-30 06:14 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp 2014-08-29 21:39 - 2012-02-11 14:02 - 00326144 __SHC () C:\Documents and Settings\Heather\My Documents\Thumbs.db 2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt 2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log 2014-08-29 08:31 - 2014-08-29 08:30 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java 2014-08-29 07:52 - 2014-08-29 12:33 - 01095168 ____C (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe 2014-08-29 07:22 - 2009-04-19 14:01 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-08-29 06:57 - 2014-08-29 06:35 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt 2014-08-29 06:57 - 2014-08-29 06:08 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt 2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe 2014-08-29 05:28 - 2014-08-29 05:24 - 00000000 ___DC () C:\AdwCleaner 2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe 2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log 2014-08-29 05:05 - 2014-08-29 04:51 - 00049586 _____ () C:\WINDOWS\setupapi.log 2014-08-29 05:02 - 2014-08-29 04:54 - 00011345 _____ () C:\WINDOWS\KB945436.log 2014-08-29 05:01 - 2014-08-29 05:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ 2014-08-29 05:01 - 2014-08-29 04:53 - 00007495 _____ () C:\WINDOWS\KB959765.log 2014-08-29 04:44 - 2014-01-15 00:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-29 04:42 - 2014-08-27 04:08 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini 2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe 2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-08-28 09:50 - 2014-08-27 04:08 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-08-28 07:39 - 2014-07-18 04:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-28 07:39 - 2014-01-15 00:05 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-28 07:39 - 2014-01-15 00:05 - 00000724 ____C () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk 2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk 2014-08-28 07:29 - 2014-07-26 13:56 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Old Firefox Data 2014-08-28 01:41 - 2011-09-27 02:53 - 00001919 ____C () C:\WINDOWS\epplauncher.mif 2014-08-27 23:12 - 2014-08-27 23:11 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe 2014-08-27 06:47 - 2012-05-28 02:17 - 00005632 __SHC () C:\WINDOWS\Thumbs.db 2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup 2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes 2014-08-27 04:50 - 2014-02-12 16:01 - 00000000 ____D () C:\Program Files\Music Toolbar 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla 2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search 2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer 2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk 2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google 2014-08-27 04:10 - 2014-08-27 04:08 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories 2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk 2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk 2014-08-27 04:01 - 2008-09-19 08:21 - 00824206 ____C () C:\WINDOWS\system32\PerfStringBackup.INI 2014-08-27 03:57 - 2014-08-27 03:54 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt 2014-08-27 03:16 - 2008-09-19 08:37 - 00000000 ____D () C:\Program Files\Microsoft.NET 2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF 2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations 2014-08-27 01:00 - 2014-04-25 00:59 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk 2014-08-27 01:00 - 2014-04-25 00:59 - 00000000 ____D () C:\Program Files\CCleaner 2014-08-27 00:15 - 2013-10-14 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014 2014-08-27 00:15 - 2010-12-18 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-08-27 00:13 - 2013-12-02 20:50 - 00000000 ___DC () C:\$AVG 2014-08-27 00:07 - 2014-03-31 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-08-27 00:03 - 2014-04-16 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar 2014-08-25 21:14 - 2014-04-16 16:18 - 00000000 ____D () C:\WINDOWS\system32\cache 2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON 2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk 2014-08-21 16:47 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON 2014-08-21 16:47 - 2014-08-18 14:47 - 00000000 ____D () C:\Program Files\epson 2014-08-21 16:47 - 2008-09-19 08:15 - 00000000 ____D () C:\WINDOWS\twain_32 2014-08-21 16:25 - 2014-08-18 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON 2014-08-13 13:14 - 2012-10-15 12:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-13 13:14 - 2009-10-18 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-13 13:05 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-08-13 13:03 - 2013-07-12 22:27 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Heather\Local Settings\Temp\ReimagePackage.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  12. mbam scan still not completing: objects scanned 501179 detected objects 0 time elapsed 00:34:41 root kits are enabled all is set correctly in the settings and mbam updates working fine - now switching notebook off until your next direction
  13. since doing the check disk for errors after rebooting i now have microsoft updates trying to install again on my xp i am running a mbam scan to see if it will complete and to see if i have any infections will update you a.s.a.p
  14. the windows destop search is stiil showing on my toolbar on the desktop i went to the application logs and found this warning log on it Event Type: Warning Event Source: Windows Search Service Event Category: Devices Event ID: 1008 Date: 10/09/2014 Time: 02:34:40 User: N/A Computer: CURLEWBIRDY Description: The description for Event ID ( 1008 ) in Source ( Windows Search Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
  15. no idea how to uninstall windows search as not showing in my programs so i went to http://answers.microsoft.com/en-us/windows/forum/windows_xp-files/i-would-like-to-remove-windows-search-40-from-my/7f043b7c-2b32-4193-9906-53bcee6a3f6e followed the directions and it said it was found not sure if it uninstalled i tried the microsoft fix it and still got the same error message here is my check disk error log: Event Type: Information Event Source: Winlogon Event Category: None Event ID: 1001 Date: 10/09/2014 Time: 01:25:55 User: N/A Computer: CURLEWBIRDY Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 151 unused index entries from index $SII of file 0x9. Cleaning up 151 unused index entries from index $SDH of file 0x9. Cleaning up 151 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 117219768 KB total disk space. 28627448 KB in 96312 files. 47728 KB in 9429 indexes. 4 KB in bad sectors. 316764 KB in use by the system. 65536 KB occupied by the log file. 88227824 KB available on disk. 4096 bytes in each allocation unit. 29304942 total allocation units on disk. 22056956 allocation units available on disk. Internal Info: f0 f5 01 00 19 9d 01 00 a2 61 02 00 00 00 00 00 .........a...... 04 96 00 00 03 00 00 00 e5 02 00 00 00 00 00 00 ................ aa cd 99 0c 00 00 00 00 82 9c 7e 80 00 00 00 00 ..........~..... 96 f0 a6 18 00 00 00 00 50 88 1e 73 04 00 00 00 ........P..s.... fc b8 bc ed 04 00 00 00 b4 28 b5 13 0a 00 00 00 .........(...... 99 9e 36 00 00 00 00 00 88 38 07 00 38 78 01 00 ..6......8..8x.. 00 00 00 00 00 e0 47 d3 06 00 00 00 d5 24 00 00 ......G......$.. Windows has finished checking your disk. Please wait while your computer restarts. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  16. i am assuming your last direction on this topic was for my other topic titled PUP.OPTIONAL.REWARDARCADE so i will put the log of the disk check for windows 7 on that topic! please answer my above query before the above direction from you on here Ron Thanks
  17. fix windows desktop search - i ran it from your link and i got a pop up window stating - trouble shooting cannot continue because an error has occurred we're sorry but the program encountered an error trying to contact the server please try again later code 80072f8f my internet connection is working i tried several times but got this same pop up window every time is this fix it for windows xp?
  18. uninstalled mbam - ran the mbam clean tool - reinstalled mbam scanner - now heuristic analysis is stuck - so no scan log - i will leave the analysis running for an hour or so. If it completes - once i have put the scan log on to the clipboard - how do i access the clipboard to attach here? Thanks Ron
  19. yes Ron as stated above in the last paragraph! Do i need to fix this? Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
  20. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014 Ran by Administrator (administrator) on NB200-NETBOOK on 05-09-2014 05:57:38 Running from C:\Users\Administrator\Desktop Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\ProgramData\MobileBrServ\mbbService.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation) HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM\...\RunOnce: [1] => C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\mbam-chameleon.exe [750392 2014-05-12] (MalwareBytes) HKU\S-1-5-21-4096279028-3035823704-499056865-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\i6olledz.default-1409856200851 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-23] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-02] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-30] FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker Chrome: ======= ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [233344 2012-06-28] () R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [251728 2010-12-08] (AVG Technologies CZ, s.r.o.) R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.) R4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [74456 2014-09-05] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 05:57 - 2014-09-05 05:59 - 00010737 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-09-05 05:57 - 2014-09-05 05:58 - 00000000 ____D () C:\FRST 2014-09-05 05:52 - 2014-09-05 05:53 - 01096704 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2014-09-05 03:14 - 2014-09-05 03:14 - 00025010 _____ () C:\Users\Administrator\Documents\cc_20140905_031401.reg 2014-09-05 02:22 - 2014-09-05 02:22 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2014-09-05 02:22 - 2014-09-05 02:22 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-04 22:21 - 2014-09-04 22:21 - 00000000 ____D () C:\Program Files\ReviverSoft 2014-09-04 04:08 - 2014-09-04 04:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Games 2014-09-04 02:14 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-09-04 02:14 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-09-04 02:14 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-09-04 02:14 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-09-04 02:14 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-09-04 02:14 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-09-03 21:17 - 2014-09-03 21:17 - 00000578 _____ () C:\Users\Administrator\Documents\cc_20140903_211741.reg 2014-09-03 21:10 - 2014-09-03 21:10 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini 2014-09-03 21:10 - 2014-09-03 21:10 - 00000000 ____D () C:\Users\Classic .NET AppPool 2014-09-03 21:10 - 2010-03-30 10:40 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia 2014-09-03 21:10 - 2010-03-14 23:55 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Microsoft Help 2014-09-03 21:10 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-03 21:10 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-09-03 21:06 - 2014-09-05 02:27 - 00194019 _____ () C:\Windows\iis7.log 2014-09-03 21:05 - 2014-09-05 02:22 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-09-03 21:05 - 2014-09-05 02:22 - 00000000 ____D () C:\inetpub 2014-09-03 20:49 - 2014-09-03 20:50 - 00195578 _____ () C:\Users\Administrator\Documents\cc_20140903_204927.reg 2014-09-03 20:47 - 2014-09-03 20:56 - 24758792 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\NetFx20SP1_x86.exe 2014-09-03 20:47 - 2014-09-03 20:48 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-03 20:47 - 2014-09-03 20:47 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-03 20:47 - 2014-09-03 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-03 20:41 - 2014-09-03 20:45 - 04902336 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup417pro.exe 2014-09-01 02:50 - 2014-09-01 02:51 - 00000000 ____D () C:\ProgramData\MobileBrServ 2014-09-01 02:08 - 2014-09-01 02:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EPSON 2014-09-01 02:03 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL 2014-09-01 02:02 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBFIE.DLL 2014-09-01 02:02 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BFIE.DLL 2014-09-01 02:01 - 2014-09-01 02:15 - 00000000 ____D () C:\ProgramData\EPSON 2014-09-01 01:59 - 2014-09-01 02:00 - 15802368 _____ () C:\Users\Administrator\Downloads\epson325334eu.exe 2014-09-01 01:43 - 2014-09-01 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-09-01 01:43 - 2014-09-01 01:43 - 00000937 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-09-01 01:43 - 2014-09-01 01:43 - 00000000 ____D () C:\Program Files\epson 2014-09-01 01:43 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe 2014-09-01 01:43 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll 2014-09-01 01:43 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll 2014-09-01 01:36 - 2014-09-01 01:37 - 12873216 _____ () C:\Users\Administrator\Downloads\epson324758eu.exe 2014-08-31 05:11 - 2014-08-31 05:11 - 00000000 ____D () C:\Program Files\Application Compatibility Toolkit 2014-08-31 04:08 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-08-30 00:48 - 2014-08-30 00:37 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2014-08-30 00:48 - 2014-08-30 00:37 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-08-30 00:38 - 2014-08-30 00:37 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-30 00:37 - 2014-08-30 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-30 00:21 - 2014-08-30 00:22 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe 2014-08-29 23:58 - 2014-08-29 23:59 - 00244136 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 31.0(1).exe 2014-08-29 07:24 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-29 07:24 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-28 19:21 - 2014-08-28 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle 2014-08-28 18:37 - 2014-08-28 18:37 - 00000000 ____D () C:\Windows\Sun 2014-08-28 17:29 - 2014-08-30 00:38 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-28 16:43 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-28 16:43 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-28 16:43 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-28 16:43 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-28 16:43 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-28 16:43 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-28 16:43 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-28 16:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-28 16:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-28 16:40 - 2014-09-05 04:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-28 16:39 - 2014-08-28 16:39 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-28 16:39 - 2014-08-28 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-28 16:38 - 2014-09-05 04:50 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-28 16:38 - 2014-08-29 07:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-28 16:38 - 2014-08-28 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-28 16:38 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-28 16:38 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-28 16:26 - 2014-08-28 16:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-28 16:24 - 2014-08-28 16:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-08-28 16:16 - 2014-08-29 23:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-08-28 16:16 - 2014-08-28 16:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-08-26 10:36 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-26 10:36 - 2014-07-25 13:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-26 10:36 - 2014-07-25 12:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-26 10:36 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-26 10:35 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-26 10:35 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-26 10:35 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-26 10:35 - 2014-07-25 14:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-26 10:35 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-26 10:35 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-26 10:35 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-26 10:35 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-26 10:35 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-26 10:35 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-26 10:35 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-26 10:35 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-26 10:35 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-26 10:35 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-26 10:35 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-26 10:35 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-26 10:35 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-26 10:35 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-26 10:35 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-26 10:35 - 2014-07-25 12:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-26 10:35 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-26 10:35 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-26 10:35 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-26 10:35 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-26 10:35 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-26 10:35 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-26 10:34 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-08-26 10:34 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-26 10:34 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-08-26 10:34 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-08-26 10:34 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-08-26 10:22 - 2014-08-26 10:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\toshiba 2014-08-18 13:27 - 2014-08-18 13:27 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-08-18 13:27 - 2014-08-18 13:27 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-08-18 12:37 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-08-18 12:37 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-18 12:37 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-18 12:37 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-08-18 12:37 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-08-18 12:37 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-18 12:37 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-08-18 12:37 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-08-18 12:37 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-08-18 12:37 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-08-18 12:37 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-18 12:33 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-08-18 09:58 - 2014-08-18 09:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-08-18 09:28 - 2014-08-18 09:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-18 09:28 - 2014-08-18 09:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-18 09:28 - 2014-08-18 09:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-18 09:28 - 2014-08-18 09:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-18 09:25 - 2014-08-18 09:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-08-18 09:17 - 2014-08-18 09:32 - 00009908 _____ () C:\Windows\IE11_main.log 2014-08-18 08:54 - 2014-08-18 08:54 - 00109280 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-18 08:53 - 2014-08-18 08:53 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-18 08:52 - 2014-08-29 07:10 - 00000000 ____D () C:\Users\Administrator 2014-08-18 08:52 - 2014-08-18 08:52 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-18 08:52 - 2010-03-30 10:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia 2014-08-18 08:52 - 2010-03-14 23:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help 2014-08-18 08:52 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-18 08:52 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-18 08:42 - 2014-08-31 03:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-18 08:42 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Mozilla 2014-08-18 06:21 - 2014-08-18 06:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-18 05:33 - 2014-08-18 05:39 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-18 04:46 - 2014-08-18 04:46 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-08-18 04:07 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-18 04:07 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-18 04:06 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-18 04:06 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-18 03:44 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-08-18 03:44 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-08-18 01:47 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2014-08-18 01:47 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-08-18 01:47 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2014-08-18 01:47 - 2013-07-03 05:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2014-08-18 01:47 - 2013-07-03 04:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-08-18 01:47 - 2013-07-03 04:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2014-08-18 01:46 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-18 01:46 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-08-18 01:46 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2014-08-18 01:46 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2014-08-18 01:45 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-18 01:45 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2014-08-18 01:45 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-18 01:45 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2014-08-18 01:45 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-08-18 01:45 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-08-18 01:45 - 2014-03-04 10:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-08-18 01:45 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-08-18 01:45 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-08-18 01:44 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-08-18 01:44 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-08-18 01:44 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-08-18 01:44 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-08-18 01:44 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-08-18 01:44 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-08-18 01:44 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-08-18 01:44 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-08-18 01:44 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-08-18 01:44 - 2013-08-29 02:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-08-18 01:44 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2014-08-18 01:44 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2014-08-18 01:44 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2014-08-18 01:44 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2014-08-18 01:44 - 2013-06-06 05:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2014-08-18 01:44 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2014-08-18 01:44 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2014-08-18 01:44 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2014-08-18 01:44 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2014-08-18 01:43 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-18 01:43 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-08-18 01:43 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-08-18 01:43 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-08-18 01:43 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-08-18 01:43 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-08-18 01:42 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-08-18 01:42 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-18 01:42 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-18 01:42 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-18 01:42 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-18 01:42 - 2014-05-30 07:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-08-18 01:42 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-08-18 01:42 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-08-18 01:42 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-08-18 01:42 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-08-18 01:42 - 2013-10-04 02:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-08-18 01:42 - 2013-10-04 02:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2014-08-18 01:42 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2014-08-18 01:42 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-08-18 01:41 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-08-18 01:40 - 2014-08-07 02:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-18 01:40 - 2014-08-07 02:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-18 01:40 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2014-08-18 01:40 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2014-08-18 01:40 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2014-08-18 01:40 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2014-08-18 01:40 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2014-08-18 01:40 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-08-18 01:40 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-08-18 01:40 - 2013-07-04 10:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2014-08-18 01:39 - 2014-03-04 10:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-08-18 01:39 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-08-18 01:39 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-08-18 01:39 - 2013-08-02 02:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 01:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2014-08-18 01:39 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2014-08-18 01:39 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2014-08-18 01:39 - 2013-07-12 11:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys 2014-08-18 01:39 - 2013-07-12 11:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2014-08-18 01:39 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-08-18 01:39 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2014-08-18 01:33 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-18 01:33 - 2014-05-08 10:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-18 01:33 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-18 01:33 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-08-18 01:33 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-08-18 01:33 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-08-18 01:33 - 2013-06-25 23:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2014-08-18 01:32 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-08-18 01:32 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-08-18 01:32 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-08-18 01:32 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-08-18 01:32 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-08-18 01:32 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-08-18 01:32 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-08-18 01:32 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-08-18 01:32 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-08-18 01:32 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-08-18 01:22 - 2014-06-05 15:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-08-18 01:22 - 2014-04-12 03:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-08-18 01:22 - 2014-04-12 03:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-08-18 01:22 - 2014-04-12 03:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-08-18 01:22 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-08-18 01:22 - 2014-04-12 03:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-08-18 01:22 - 2014-04-12 03:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-08-18 01:22 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-08-18 01:21 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys 2014-08-18 01:21 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2014-08-18 01:16 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-08-18 01:16 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2014-08-17 20:26 - 2014-08-17 20:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-17 20:26 - 2014-08-17 20:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-17 15:47 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2014-08-17 15:47 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2014-08-17 15:47 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2014-08-17 15:47 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2014-08-17 15:19 - 2013-03-19 05:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2014-08-17 15:19 - 2013-03-19 03:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2014-08-17 14:49 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-05 05:59 - 2014-09-05 05:57 - 00010737 _____ () C:\Users\Administrator\Desktop\FRST.txt 2014-09-05 05:58 - 2014-09-05 05:57 - 00000000 ____D () C:\FRST 2014-09-05 05:53 - 2014-09-05 05:52 - 01096704 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2014-09-05 05:32 - 2012-05-06 09:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-05 04:53 - 2014-08-28 16:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 04:50 - 2014-08-28 16:38 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 04:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-05 03:27 - 2010-03-14 17:15 - 01282834 _____ () C:\Windows\WindowsUpdate.log 2014-09-05 03:14 - 2014-09-05 03:14 - 00025010 _____ () C:\Users\Administrator\Documents\cc_20140905_031401.reg 2014-09-05 02:32 - 2009-07-14 05:34 - 00028176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-05 02:32 - 2009-07-14 05:34 - 00028176 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-05 02:27 - 2014-09-03 21:06 - 00194019 _____ () C:\Windows\iis7.log 2014-09-05 02:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-09-05 02:27 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration 2014-09-05 02:25 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-05 02:25 - 2009-07-14 05:39 - 00068138 _____ () C:\Windows\setupact.log 2014-09-05 02:22 - 2014-09-05 02:22 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2014-09-05 02:22 - 2014-09-05 02:22 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-05 02:22 - 2014-09-03 21:05 - 00000000 ____D () C:\Program Files\Microsoft Games 2014-09-05 02:22 - 2014-09-03 21:05 - 00000000 ____D () C:\inetpub 2014-09-05 02:22 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\ShellNew 2014-09-05 02:22 - 2009-07-14 05:56 - 00000000 ____D () C:\Windows\system32\0409 2014-09-05 02:22 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-05 02:22 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\DVD Maker 2014-09-05 02:22 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-09-04 22:21 - 2014-09-04 22:21 - 00000000 ____D () C:\Program Files\ReviverSoft 2014-09-04 16:35 - 2009-07-14 05:33 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-04 04:11 - 2014-09-04 04:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Games 2014-09-04 04:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-03 21:17 - 2014-09-03 21:17 - 00000578 _____ () C:\Users\Administrator\Documents\cc_20140903_211741.reg 2014-09-03 21:10 - 2014-09-03 21:10 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini 2014-09-03 21:10 - 2014-09-03 21:10 - 00000000 ____D () C:\Users\Classic .NET AppPool 2014-09-03 21:09 - 2010-03-14 10:37 - 00847030 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-03 20:56 - 2014-09-03 20:47 - 24758792 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\NetFx20SP1_x86.exe 2014-09-03 20:50 - 2014-09-03 20:49 - 00195578 _____ () C:\Users\Administrator\Documents\cc_20140903_204927.reg 2014-09-03 20:48 - 2014-09-03 20:47 - 00000000 ____D () C:\Program Files\CCleaner 2014-09-03 20:47 - 2014-09-03 20:47 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-09-03 20:47 - 2014-09-03 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-09-03 20:45 - 2014-09-03 20:41 - 04902336 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup417pro.exe 2014-09-03 20:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache 2014-09-02 16:07 - 2010-03-14 11:35 - 00000000 ____D () C:\Windows\Minidump 2014-09-01 02:51 - 2014-09-01 02:50 - 00000000 ____D () C:\ProgramData\MobileBrServ 2014-09-01 02:15 - 2014-09-01 02:01 - 00000000 ____D () C:\ProgramData\EPSON 2014-09-01 02:15 - 2014-09-01 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-09-01 02:08 - 2014-09-01 02:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\EPSON 2014-09-01 02:00 - 2014-09-01 01:59 - 15802368 _____ () C:\Users\Administrator\Downloads\epson325334eu.exe 2014-09-01 01:43 - 2014-09-01 01:43 - 00000937 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk 2014-09-01 01:43 - 2014-09-01 01:43 - 00000000 ____D () C:\Program Files\epson 2014-09-01 01:43 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32 2014-09-01 01:37 - 2014-09-01 01:36 - 12873216 _____ () C:\Users\Administrator\Downloads\epson324758eu.exe 2014-08-31 10:58 - 2010-03-14 11:39 - 00159734 _____ () C:\Windows\PFRO.log 2014-08-31 05:11 - 2014-08-31 05:11 - 00000000 ____D () C:\Program Files\Application Compatibility Toolkit 2014-08-31 03:19 - 2014-08-18 08:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-31 03:19 - 2010-03-14 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-30 00:48 - 2010-03-16 15:04 - 00000000 ____D () C:\Program Files\Java 2014-08-30 00:38 - 2014-08-28 17:29 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-30 00:37 - 2014-08-30 00:48 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll 2014-08-30 00:37 - 2014-08-30 00:48 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-08-30 00:37 - 2014-08-30 00:38 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-30 00:37 - 2014-08-30 00:37 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-30 00:37 - 2014-08-30 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-30 00:22 - 2014-08-30 00:21 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe 2014-08-30 00:17 - 2011-05-14 06:46 - 00001124 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-30 00:17 - 2010-03-14 23:24 - 00001112 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-29 23:59 - 2014-08-29 23:58 - 00244136 _____ () C:\Users\Administrator\Downloads\Firefox Setup Stub 31.0(1).exe 2014-08-29 23:58 - 2014-08-28 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla 2014-08-29 07:10 - 2014-08-28 16:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-08-29 07:10 - 2014-08-18 08:52 - 00000000 ____D () C:\Users\Administrator 2014-08-29 07:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-08-29 07:08 - 2009-07-14 08:49 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-08-29 07:08 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries 2014-08-28 19:21 - 2014-08-28 19:21 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle 2014-08-28 18:37 - 2014-08-28 18:37 - 00000000 ____D () C:\Windows\Sun 2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-28 16:39 - 2014-08-28 16:39 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-08-28 16:39 - 2014-08-28 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-08-28 16:38 - 2014-08-28 16:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-28 16:38 - 2014-08-28 16:26 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-28 16:24 - 2014-08-28 16:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia 2014-08-28 16:17 - 2014-08-28 16:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla 2014-08-26 10:22 - 2014-08-26 10:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\toshiba 2014-08-23 02:46 - 2014-08-29 07:24 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 01:42 - 2014-08-29 07:24 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-18 13:27 - 2014-08-18 13:27 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-08-18 13:27 - 2014-08-18 13:27 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-08-18 09:58 - 2014-08-18 09:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR 2014-08-18 09:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-18 09:32 - 2014-08-18 09:17 - 00009908 _____ () C:\Windows\IE11_main.log 2014-08-18 09:28 - 2014-08-18 09:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-08-18 09:28 - 2014-08-18 09:28 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-08-18 09:28 - 2014-08-18 09:28 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-08-18 09:28 - 2014-08-18 09:28 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-08-18 09:28 - 2014-08-18 09:28 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-18 09:28 - 2014-08-18 09:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-18 09:25 - 2014-08-18 09:25 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-08-18 09:25 - 2014-08-18 09:25 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-08-18 08:55 - 2010-06-27 19:51 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-08-18 08:54 - 2014-08-18 08:54 - 00109280 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-18 08:53 - 2014-08-18 08:53 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-18 08:53 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-08-18 08:52 - 2014-08-18 08:52 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini 2014-08-18 08:42 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Mozilla 2014-08-18 08:19 - 2010-03-15 08:23 - 00000000 ____D () C:\ProgramData\Skype 2014-08-18 06:25 - 2010-10-24 22:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-18 06:21 - 2014-08-18 06:21 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-18 05:47 - 2010-03-14 11:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-18 05:39 - 2014-08-18 05:33 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-18 04:46 - 2014-08-18 04:46 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-08-18 03:58 - 2010-10-24 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-17 20:28 - 2014-08-17 20:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-17 20:26 - 2014-08-17 20:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-08-17 20:26 - 2010-03-30 10:40 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-17 20:26 - 2010-03-30 10:40 - 00000000 ____D () C:\Program Files\Adobe 2014-08-17 18:18 - 2010-11-01 20:50 - 00000000 ____D () C:\ProgramData\MFAData 2014-08-17 17:38 - 2012-05-06 09:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-17 17:38 - 2011-05-18 20:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-17 17:09 - 2012-04-27 09:38 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-08-17 17:09 - 2011-01-24 22:37 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-08-17 17:07 - 2011-01-24 22:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-08-17 16:49 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender 2014-08-07 02:43 - 2014-08-18 01:40 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 02:39 - 2014-08-18 01:40 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 08:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014 Ran by Administrator at 2014-09-05 06:00:46 Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated) Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.) Adobe AIR (Version: 2.0.4.13090 - Adobe Systems Inc.) Hidden Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.302.105 - ALPS ELECTRIC CO., LTD.) Application Compatibility Toolkit (HKLM\...\{B4CF72FF-4A3F-44A7-BFF2-31A8E1CC70B6}) (Version: 20.00.0713 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd) Mozilla Firefox 31.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.) TOSHIBA Flash Cards Support Utility (HKLM\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.3C - TOSHIBA CORPORATION) TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.1 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.28 - TOSHIBA Corporation) TOSHIBA Value Added Package (Version: 1.2.28 - TOSHIBA Corporation) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Utility Common Driver (Version: 1.0.50.22C - TOSHIBA) Hidden Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AFF1EF8-FB46-4257-9D95-10999D8172E3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {5CA478E6-2430-4D6B-8FE9-2A5A36DB1AE5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {9558954F-AD45-457C-B5D7-D4D3E37719DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17] (Adobe Systems Incorporated) Task: {E50036FA-55AD-4CC6-A936-413F2F6C5D2E} - System32\Tasks\{200B3F4B-B7A1-4993-9C60-76160A7EC81E} => C:\Program Files\Skype\Phone\Skype.exe Task: {FBBDB636-29EF-4C96-A4B3-823727108E56} - System32\Tasks\{B6755252-56BA-4F4E-84A0-178F47513089} => Firefox.exe http://ui.skype.com/...all?page=tsMain (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-09-01 02:51 - 2012-06-28 07:19 - 00233344 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2009-07-16 16:27 - 2009-07-16 16:27 - 07263544 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll 2009-07-16 16:27 - 2009-07-16 16:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll 2009-03-12 20:08 - 2009-03-12 20:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll 2014-04-14 20:41 - 2014-04-14 20:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll 2014-08-30 00:15 - 2014-07-17 06:42 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/04/2014 02:15:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service AVG Security Toolbar Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (09/03/2014 09:03:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service AVG Security Toolbar Service since QueryServiceConfig API failed System Error: The system cannot find the file specified. . Error: (09/03/2014 07:10:29 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 31.0.0.5310 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 94c Start Time: 01cfc6c9ea7bc057 Termination Time: 3704 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: ac721001-3330-11e4-af6e-582c80139263 Error: (09/01/2014 02:48:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbbservice.exe, version: 22.16.0.3, time stamp: 0x4febf55e Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c Exception code: 0xc0000005 Fault offset: 0x00028109 Faulting process id: 0x7e0 Faulting application start time: 0xmbbservice.exe0 Faulting application path: mbbservice.exe1 Faulting module path: mbbservice.exe2 Report Id: mbbservice.exe3 Error: (08/31/2014 09:17:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91 Faulting module name: NPSWF32_14_0_0_145.dll, version: 14.0.0.145, time stamp: 0x53aa1b9a Exception code: 0x80000003 Fault offset: 0x0035128d Faulting process id: 0x1628 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (08/31/2014 07:00:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: appverif.exe, version: 2.2.0.0, time stamp: 0x3b4fa576 Faulting module name: apihex86.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bd9b3 Exception code: 0xc0000005 Fault offset: 0x72463eda Faulting process id: 0x126c Faulting application start time: 0xappverif.exe0 Faulting application path: appverif.exe1 Faulting module path: appverif.exe2 Report Id: appverif.exe3 Error: (08/31/2014 05:03:36 AM) (Source: MsiInstaller) (EventID: 10005) (User: NB200-NETBOOK) Description: Product: Application Compatibility Toolkit -- This release of the Application Compatibility Toolkit is intended for Microsoft Windows® XP. Error: (08/26/2014 10:19:13 AM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x81000101). Error: (08/26/2014 10:19:13 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101). Error: (08/18/2014 08:55:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NB200-NETBOOK) Description: Windows cannot delete the profile directory C:\Users\Georgia. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty. System errors: ============= Error: (09/05/2014 02:25:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/05/2014 02:25:02 AM) (Source: volsnap) (EventID: 25) (User: ) Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. Error: (09/05/2014 02:23:21 AM) (Source: FTPSVC) (EventID: 30) (User: ) Description: 15redirection.config0 Error: (09/04/2014 08:20:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1505.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/04/2014 08:20:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.1505.0 Update Source: %NT AUTHORITY59 Update Stage: 4.5.0216.00 Source Path: 4.5.0216.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (09/04/2014 07:53:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/04/2014 07:52:55 PM) (Source: volsnap) (EventID: 25) (User: ) Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. Error: (09/04/2014 04:38:14 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070420 Error: (09/04/2014 04:35:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (09/04/2014 02:22:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Atom™ CPU N270 @ 1.60GHz Percentage of memory in use: 81% Total physical RAM: 1014.43 MB Available physical RAM: 191.19 MB Total Pagefile: 2115.43 MB Available Pagefile: 865.98 MB Total Virtual: 2047.88 MB Available Virtual: 1916.86 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:74.52 GB) (Free:25.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:73.24 GB) (Free:11.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5209A946) Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=73.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1.3 GB) - (Type=17) ==================== End Of Log ============================ Hi admins. This is a newly acquired mini-notebook Toshiba NB200 11L - Windows 7. I would like to check if it is clean please and operating correctly. I have installed the chameleon & scanner, 10 x Pup.optional.rewardarcade was found on registry key. I have quarantined them & deleted them. Please can I have some assistance to see this Toshiba is clean. Please note this is a different computer to the one I am already getting help with! Thanks in advance for your assistance with this one.
  21. obviously i would like my mbam scanner back to normal as i have a full licence for it - if that is possible? then i could do a scan to check what malware remains!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.