Jump to content

Search the Community

Showing results for tags 'xp'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I keep my XP machine updated with the POS hack. So the problem I just started having with MB on my XP machine is the same problem anyone would have on an XP POS machine. Today, after updating with KB4056564-V2, KB4089453-V2, KB4095516, KB4095528, KB4103768, KB4101477, KB4130957, KB4131188 and KB4134651, MalwareBytes just crashed. UNinstalling with MB-clean and REinstalling various versions of MB did not work - all crashed. Any ideas? Thanks.
  2. I've installed 2 MalwareBytes Endpoint Protection on Windows XP Pro endpoints. On each, now everytime someone logs on, a File Explorer window opens to the Program Files folder for MalwareBytes. That's going to confuse the population of users (and entice experimentation). I've yet to figure out what's causing it! It's not in the Startup folder in the Start menu, nor did a registry search give me an obvious clue why it's happening. I found the entry to start the task tray icon, and that's working. Please help, I'd like to get rid of this annoyance.
  3. I am reviving a laptop not used in 3 years for someone who cannot buy anything. It is a Toshiba TE2000 running XP SP3. I removed the old version of MalwareBytes and now the installer crashes with a Runtime error 352:120 Invalid Floating Point Operation just after the English prompt. I have no idea why. This person will only have dialup and they need some kind of protection. So far, the computer is working fine. Can't get antivirus on it! I have run the MW_Cleaner, but there was nothing left to clean. Any ideas?
  4. I updated successfully to the new Malwarebytes consumer 3.2.2.2029 (premium) on M$-Windows XP SP3 32-bit, but Firefox ESR 45.9.0 and Thunderbird 52.3.0 would each fail to start, presenting the window offering to submit a crash report (to Mozilla). Google Chrome 49.0.2623.112 and SAS 9.3 both started and ran fine. I tried turning off Malwarebytes protection features, one-by-one, even turning off protection specifically for Firefox. The only way I could restore functionality for Firefox and Thunderbird was to remove Malwarebytes 3.2.2.2029 and reinstall Malwarebytes 3.1.2.1733 (premium). I upgraded Malwarebytes to the latest version on a Windows 7 laptop. It works fine, but does not have Thunderbird. Thanks for any suggestions
  5. I'm wondering if there's any chance that your "latest and greatest" V3.x program will work any better with my XP Pro? I don't want to install it and have it completely lock up my system, like it did a couple of months ago. I would appreciate an honest answer to this. Nathaniel, still hoping your program will get along with my legacy system.....
  6. My PC runs Windows XP Professional SP3 and Malwarebytes 3.2.2. Trying to install Mozilla Firefox 52.3, while running the installation exe file, after the files are extracted but before the installer begins, I get the error message “Windows cannot open this program because it has been prevented by a software restriction policy. For more information open Event Viewer…”. Is this error message the result of Malwarebytes 3.2.2 setting a software restriction policy? I am using the default settings in Malwarebytes 3.2.2.
  7. On my good XP Pro SP3 machine, I just got a prompt to update to a better subversion of MB, from my 3.0.[something] to I think 3.2. But when I did the version update and rebooted, the MB service was blocked - got two error messages. Checked, and MB was not running at all. Uh-oh. So I completely UNinstalled MB and reinstalled from the 3.0.x install file I still had in Downloads from this past April. And updated the definitions the normal way. It's running again as version 3.0.6. Whew! But what's the problem between the new version and XP? Important info: 1) My XP is fully updated using the POS hack. (If you don't know what that is by now, don't try it at home!!) 2) My AV is Avast, but Avast and MB have been playing nice for some time now. And Avast usually does not cause error messages like the one I describe above for the new MB. 3) I also use CryptoPrevent, which prevents .exe files from running in, for example, AppData folders. It also stops some other stuff that ransomware likes to do. Might that be the problem? if yes, is there a specific MB installation folder or file I should whitelist for the next time? Thanks, y'all. Happy Fourth and Fireworks from the good 'ole USA !!
  8. I found out that my computer is too old, (two years old) for this new version. I wish they would have told me before I downloaded, not I can't get it to work at all. When I tried to download it, it says my malwareytes folder cannot be found in my registry. what can I do? Please help
  9. Using Malwarebytes Premium 3.0.6.1469 on a legacy XP Home machine. A dialog box pops up all the time saying "A new and improved version of Malwarebytes is available. Get the new version free of charge. Install Now." When I click on the "Install Now" button nothing happens. Throughout the day, the dialog pops up again. Frustrating to get the nagging popup that doesn't work. Does Malwarebytes have a direct link to the update since the dialog box button doesn't work? Thanks for your help
  10. Windows XP running Chrome, kept getting a "Notice of infection from Microsoft" it locked up the machine. I installed 3.0 today. ran the scan and told it to clean up the problems. computer will not reboot. the Cap lock light comes on, the num lock flashes. it will not reboot into safe mode. what can I try?
  11. Allrighty. 1) Issue is pop-up indicating Real Time protection is off, Dashboard indicates Web Protection is starting 2) Screen shots attached 3) No crash 4 ) MALWAREBYTES Pop-up noted the problem, I can't figure out how to repair 5) Always the same on start-up 6) Haha, what? Makes his best attempt, that seems to have worked 7) done 8) done MBAMSERVICE.LOG.zip FRST.txt Addition.txt MB-CheckResult.txt Malwarebytes screen shots.docx
  12. hi there, Joe again. im currently using my mums computer, it was built by my dad who passed away years ago, its a really old machine, it runs windows xp sp3 and its incredibly slow and virtually unusable, im not sure if thats due to the age of the machine though or the amount of stuff my mum has probably built up from being naive online! MBAM just showed some PUPS, scanned in safe mode, but often MBAM and other programs wont even open (the computer seems alot quicker in safe mode) if anyone could help me get a definitive answer that'd be much appreciated! thanks Joe
  13. I have a windows XP SP2 hand-me-down computer that desperately needs some antivirus help as programs and files wont open unless in safemode. However, when I install Malwarebytes on launch it says: "The application failed to initialize properly (0xc000001d). Click on OK to terminate the program." I have no idea what to do and currently I can only use my computer in safe mode. FRST.txt and Addition.txt are attatched to this post. Any help would be much appreciated. FRST.txt Addition.txt
  14. I use windows XP sp3 and have malwarebytes for antimalware monotoring. Off late i find that malwarebytes gives a message that Windos security notification service has been blocked. After i run Malwarebytes and delete the identified PUPs (firewall,,automatic updates and antivirus), it keeps coming back.Is securirt y center notification program infected. How to remove or replace this.The antivirus program (escan) also gives the similar message. rameshjey
  15. I raised an issue here see https://forums.malwarebytes.org/index.php?/topic/170966-malwarebytes-freezing-xp-computer/ I thought it was resolved but it is not, When I used the computer yesterday I noticed that the MWB icon was not in the notification area. This morning the computer got as far as as displaying the desktop with icons but no notification area icons were displayed and the computer locked. The only action I could take was to switch off. This evening after switching off once the start up was successful. I have disable MWB from starting with windows and the restarted the computer and all was OK. I also raised the issue about my licence and it changed correctly to life time. Now I notice that my licence details have again changed back for life time to time limited. Having done all the previous steps as in the previous issued raised what should I do now to get MWB working again.
  16. Malwarebytes and RogueKiller won't run.. generate an immediate error. Windows XP Home AMD 32 Panda Security 2013 The requested logs are attached. I have run just about all the cleanup tools with no improvement and few interesting detections. Thank you! CheckResults.txt FRST.txt Addition.txt
  17. I have 32 byte windows XP service pack 3 with the life time paid for version of malwarebytes. Yesterday evening the computer started up but would not respond to keyboard or mouse clicks. This morning after letting the computer to take its own time and wait between each action I accessed Malwarebtyes to try to run a scan assuming I was infected. To get to this point took several hours and then the screen said real time protection was disable. I have managed to close Malwarebytes and the computer is working fine. I accessed the forum and it seems that there are problems for a number of XP users. I downloaded the two tools but on runing the first I get an error message of: File not found C:\WINDOWS\ERDNT.E_E Is it safe to proceed further? I am not very IT literate and warning messages about manually restoring registery files has me worried. Does the forst process remove registery files? I don't want to switch my computer off as I may not get it working again as it was only be luck I stopped malwarebytes working and as it starts when I switch on I may not be able to do it again and this is my only computer.
  18. Hello MalwareBytes staff and community, I have a reasonably big problem with a relatives PC at this time. The computer in question is a Dell Optiplex 755 running Windows XP Professional with 1GB RAM. The problem is that this computer is owned by a relative of mine that isn't very tech-literate and doesn't really understand the concept of computer viruses and how they damage computers. This computer was scanned recently by me one day before posting this thread and the computer is closing in at 1759 infections and, as you can tell, it's pretty severe. I tried running Malwarebytes on the machine and there seems to be some process blocking it, so I immediately sprung to get Chameleon to try and dodge it. Explorer.exe is closed and Malwarebytes takes the screen. It gets through the scans and gets to Heuristic scan and stops... 1759 infections and it stops. After one hour on Heuristic ALONE it began to annoy me. So I tried multiple times to no success. It would be very much appreciated if I could get another method to apply some heavy-duty methods to this machine to remove the infections. Although I considered using Remote Desktop Connection to keep an eye on the machine as they were happy with it, I don't really want to put MYSELF in danger too and also have them be at the risk aswell as me. Thanks ~MrOutOfSanity
  19. MB caused my PC (XP) to crash (blue screen) when a schedule scan was to start. When I rebooted my PC I could not start MB. The MB program would crash everytime. I tried running Cameleon but every attempt to fix the problem failed all 13 times. I don't know why it crahsed my PC. There were no warnings and I can't get MB to work at all sicne. Windows XP 32 bits Malware Ant-Malware (Paid version) I don't know the actual verson and cant start it up to findout what it was but only had the program for about 5 months now. 20140922 Malware Crash.bmp
  20. My XP box has been infected with several malware according to MalwareBytes software. What can I do? Thanks Here are my logs from malwarebytes and Farbar (addition.txt) Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 5/12/2014Scan Time: 10:35:23 AMLogfile: Malwarebytes log.txtAdministrator: Yes Version: 2.00.1.1004Malware Database: v2014.05.12.02Rootkit Database: v2014.03.27.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: grsmith Scan Type: Threat ScanResult: CompletedObjects Scanned: 447613Time Elapsed: 1 hr, 29 min, 42 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 4PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [3949d77949321f179e7d29845da66e92], PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [671b153b215a8fa7998e2766e12105fb], PUP.Optional.Softonic.A, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [90f219372c4fff37f0616c18dd25aa56], PUP.Optional.SweetIM.A, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [651d2c24f982e15534e64964df246a96], Registry Values: 8PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, 1605756259969262938, , [3949d77949321f179e7d29845da66e92]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-16708-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [add53f111962191d1b9a5ea8ae55cd33]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [532ffa56097278beedc89a6c4db605fb]PUP.Optional.SweetIM.A, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1605756259969262938, , [651d2c24f982e15534e64964df246a96]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-28051-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [008264ecf289fd398e27d630b54ea65a]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-30291-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [90f2ada3314ae254189da363b1529e62]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-88000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [bac8d17f017ade584c69f70f50b321df]Hijack.ControlPanelStyle, HKU\S-1-5-21-474555628-3583835843-2727511887-94795-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, , [c2c01a3688f389ad0ca948be689b3dc3] Registry Data: 12PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-16708-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[e0a2351b52292e08ee29c17efa0a956b]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-16708-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[661c83cd2556bf773a2248f61de742be]PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[4d35490791eaa294031453ec54b0827e]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-17978-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[3a480848285306307fdd142a32d28878]PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-28051-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[067cb799cbb04fe726f156e93cc83cc4]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-28051-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[4c36331dde9df83e520a1d21fe069868]PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-30291-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[7e04ff51cfacf73f7c9b0738d82c4cb4]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-30291-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[93efce82d6a5d1651b413509ca3a42be]PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-88000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[91f169e72952e452809794abf311619f]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-88000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[0979dc74adcecb6b79e36fcfbb4930d0]PUM.Hijack.DisplayProperties, HKU\S-1-5-21-474555628-3583835843-2727511887-94795-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),,[b5cd99b74b30e353789fb887ba4acb35]PUM.Hijack.HomePageControl, HKU\S-1-5-21-474555628-3583835843-2727511887-94795-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[cbb7d47c85f6b086ca92ac925ea656aa] Folders: 1PUP.Optional.Conduit.A, C:\Documents and Settings\grsmith\Local Settings\Temp\CT3325809, , [3c464b0597e484b26e6478f5cd354db3], Files: 1PUP.Optional.Conduit.A, C:\Documents and Settings\grsmith\Local Settings\Temp\CT3325809\ddt.csf, , [3c464b0597e484b26e6478f5cd354db3], Physical Sectors: 0(No malicious items detected) (end)-------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01Ran by grsmith at 2014-05-12 10:48:32Running from C:\Documents and Settings\grsmith\Desktop\Docs\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: AVG update module (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ==================== Installed Programs ====================== 7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )Active Whois 3.2 (HKLM\...\Active Whois_is1) (Version: 3.1 - Ivan Mayrakov)Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)Adobe Acrobat Connect Add-in (HKCU\...\Adobe Acrobat Connect Add-in) (Version: - )Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)Adobe AIR (Version: 3.5.0.600 - Adobe Systems Incorporated) HiddenAdobe Digital Editions (HKLM\...\Digital Editions) (Version: - )Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Archivists Toolkit 2.0 (HKLM\...\Archivists Toolkit 2.0) (Version: 1.1.0.0 - )ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1021 - )ATI Catalyst Control Center (HKLM\...\{87841AF8-C785-42FF-A76E-CC0F0C2816CC}) (Version: 1.2.2735.37383 - )ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.49-080409a-063306C-Dell - )AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)AVG 2014 (Version: 14.0.3931 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4570 - AVG Technologies) HiddenAVS Image Converter 1.1.3.71 (HKLM\...\AVS Image Converter_is1) (Version: - Online Media Technologies Ltd.)AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)AVS4YOU Software Navigator 1.3 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)bluegenii (HKLM\...\{6FAB42C0-C2E9-44D9-B622-2B99F69191E8}) (Version: 1.0.0 - FileSubmit)BMG LABTECH MARS Data Analysis (HKLM\...\BMG LABTECH MARS Data Analysis) (Version: - )Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Box Sync (HKLM\...\{3DA56604-D7B4-49A9-B0CD-95562247C1AA}) (Version: 4.0.4884.0 - Box, Inc.)Box Sync (Version: 4.0.4212.0 - Box Inc.) HiddenCDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)ChemAxon JChem for Excel 6.1.4.770 (HKLM\...\{8EA1B0F3-5140-46DF-89A5-5AD8530DB544}) (Version: 6.1.4.770 - ChemAxon)CmdHere Powertoy For Windows XP (HKLM\...\{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}) (Version: 1.00.0001 - Microsoft Corporation)ComponentSoftware Revision Control System (CS-RCS) (HKLM\...\CS-RCS) (Version: - )Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) HiddenCritical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A3AD381D-848C-4478-80DC-228E37309308}) (Version: - Microsoft)Dell KACE Agent (HKLM\...\{45C1BF25-8330-4E6F-8CFB-BE8FC39387F5}) (Version: 5.5.25198 - Dell Inc.)Document Express DjVu Plug-in (HKLM\...\{C98876CB-9847-4DCB-96F6-98CD5D66D2E2}) (Version: 6.1.27999 - Caminova, Inc.)Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Evernote v. 4.6.7 (HKLM\...\{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}) (Version: 4.6.7.8409 - Evernote Corp.)FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.2.1.401 - Foxit Software Company)GEPath 1.4.4a (HKLM\...\ST6UNST #1) (Version: - )Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Talk Plugin (HKLM\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)Google Update Helper (Version: 1.3.24.7 - Google Inc.) HiddenGoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)iLivid (HKLM\...\iLivid) (Version: 4.0.0.2208 - Bandoo Media Inc) <==== ATTENTIONImage Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)Instant JChem (HKLM\...\6917-0625-9556-4196) (Version: 6.1.4 - ChemAxon)Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - )Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)J2SE Runtime Environment 5.0 Update 13 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150130}) (Version: 1.5.0.130 - Sun Microsystems, Inc.)Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.370 - Oracle)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)JChem .NET API 6.1.0.161 (HKLM\...\{8442FD48-C8A2-4C74-B5D1-8960AD0086C0}) (Version: 6.1.0 - ChemAxon)JMP 7 (HKLM\...\{12089734-6365-4E86-A926-310AAED42527}) (Version: 7.0 - SAS Institute Inc.)Kies mini (HKLM\...\InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)Kies mini (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) HiddenLizardtech DjVu Control (autoinstall) (HKLM\...\DjVu) (Version: - )Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)MATLAB Component Runtime (HKLM\...\{36397154-0993-445D-A22F-8049559D4B22}) (Version: 7.2 - MathWorks)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) HiddenMicrosoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version: - Microsoft) HiddenMicrosoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft Policy Platform (Version: 1.2.3602.0 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) HiddenMicrosoft SQL Server 2000 (HKLM\...\Microsoft SQL Server 2000) (Version: 8.00.194 - Microsoft)Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)Microsoft SQL Server Native Client (HKLM\...\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}) (Version: 9.00.3042.00 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NOOK for PC (HKLM\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.2.010 - Oracle Corporation)Oracle JInitiator 1.3.1.18 (HKLM\...\{68249B6E-B714-11D7-88E8-0050DA21757E}) (Version: - )PHERAstar (HKLM\...\PHERAstar) (Version: - )Protege 4.0.2 (HKLM\...\Protege 4.0.2) (Version: 1.0.0.0 - Stanford Center for Biomedical Informatics Research)QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)R for Windows 2.13.0 (HKLM\...\R for Windows 2.13.0_is1) (Version: 2.13.0 - R Development Core Team)R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)RDC (Version: - Microsoft Corporation) HiddenRootsMagic 6.3.1.0 (HKLM\...\{94433E0D-764C-4964-AD0B-EC46BCA7E68E}_is1) (Version: RootsMagic 6.3.1.0 - RootsMagic, Inc.)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.)ScreenAble (HKLM\...\{2612A2E9-5DD9-41E2-8EAB-4E6E0250CFC8}) (Version: 1.0.0 - ScreenAble Solutions)Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) HiddenSHARP MX/DX Series PCL/PS Printer Driver (HKLM\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)SoftMax Pro v5 (HKLM\...\{93EDF2E2-A28F-49BD-8D50-1FE4B5D25D61}) (Version: 5.0.1 - Molecular Devices)SoftMax Pro v5.4.5 (HKLM\...\{3F18BC4F-4F36-4B8F-8650-E12F5C213C8A}) (Version: 5.4.5000 - Molecular Devices)Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) HiddenSoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7255 - Analog Devices)SSH Secure Shell (HKLM\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )ST Microelectronics TPM Driver Installer (HKLM\...\{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}) (Version: 1.04.15 - Dell Inc.)Symantec Endpoint Protection (HKLM\...\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}) (Version: 12.1.671.4971 - Symantec Corporation)TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)TWC Customer Controls (HKLM\...\{F8722041-B63A-47FB-82A8-5F0977E1CF45}) (Version: 7 - SupportSoft)TweetDeck (HKLM\...\{533B3480-EAB6-44DD-B2E4-715E958210E0}) (Version: 2.1.0 - Twitter, Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 Help for Common Features (KB957244) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{C8C72583-C907-4D20-8973-C3858D96BD9E}) (Version: - Microsoft)Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWIMGAPI (HKLM\...\{721ABC3B-5F12-4332-9C0C-C11424EF666C}) (Version: 1.0.0.0 - Microsoft Corporation)Winamp (HKLM\...\Winamp) (Version: 5.572 - Nullsoft, Inc)Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\95E56D57DA5C5A08C88234D00B94023A8AD713AA) (Version: 02/17/2009 2.04.16 - FTDI)Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\C3323A996199A7675B69D3FDB0A25449206A4231) (Version: 02/17/2009 2.04.16 - FTDI)Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15) (HKLM\...\35858E766EFC35B58A45C301DD358D503119A8FA) (Version: 05/24/2007 1.00.04.15 - STMicroelectronics)Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.7 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: - Microsoft Corporation)Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) HiddenWindows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) HiddenWindows XP Media Center Edition Screen Saver Screen Saver (HKLM\...\Windows XP Media Center Edition Screen Saver Screen Saver) (Version: - )Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WinPcap 4.12 - Numara Software (HKLM\...\winpcap-numara) (Version: - )WinZip 14.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )WordPerfect Office 12 (HKLM\...\{20BFD848-897A-48BB-97A7-CDB5A8D4719E}) (Version: 12.3.0 - Corel Corporation)XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) HiddenXnView 1.97.4 (HKLM\...\XnView_is1) (Version: 1.97.4 - Gougelet Pierre-e)Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2003-03-31 08:00 - 2012-12-04 15:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\Configuration Manager Health Evaluation.job => C:\WINDOWS\CCM\CcmEval.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-474555628-3583835843-2727511887-17978Core.job => C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-474555628-3583835843-2727511887-17978UA.job => C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8927665C-4FA9-4303-A4CD-50DC517FF9F2}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2009-02-19 13:35 - 2007-07-12 23:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2007-10-03 08:02 - 2010-02-05 14:27 - 01291776 _____ () C:\WINDOWS\system32\quartz.dll2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-11-24 06:04 - 2010-11-24 06:04 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_25579242\mscorlib.dll2010-11-24 06:04 - 2010-11-24 06:04 - 03018752 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_cc278ef5\system.windows.forms.dll2010-11-24 06:04 - 2010-11-24 06:04 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fd4b3b22\system.dll2010-11-24 06:04 - 2010-11-24 06:04 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1fbad18f\system.xml.dll2010-11-24 06:04 - 2010-11-24 06:04 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_de90186c\system.drawing.dll2014-04-28 17:43 - 2014-04-23 20:33 - 00065352 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll2004-08-04 00:56 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2004-08-04 00:56 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Documents and Settings\grsmith\Application Data\Dropbox\bin\libcef.dll2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll2014-04-28 17:43 - 2014-04-23 20:33 - 04081480 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll2014-04-28 17:43 - 2014-04-23 20:33 - 00390472 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll2014-04-28 17:43 - 2014-04-23 20:33 - 01647432 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll2014-05-12 08:45 - 2014-05-12 08:45 - 00098816 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32api.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00110080 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\PyWinTypes27.dll2014-05-12 08:45 - 2014-05-12 08:45 - 00364544 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\pythoncom27.dll2014-05-12 08:45 - 2014-05-12 08:45 - 00045568 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_socket.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 01159680 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_ssl.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00320512 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32com.shell.shell.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00713216 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_hashlib.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 01175040 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._core_.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00805888 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._gdi_.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00811008 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._windows_.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 01062400 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._controls_.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00735232 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._misc_.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00128512 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_elementtree.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00127488 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\pyexpat.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00557056 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\pysqlite2._sqlite.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00087552 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_ctypes.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00119808 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32file.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00108544 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32security.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00018432 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32event.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00038912 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32inet.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00070656 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._html2.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00167936 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32gui.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00011264 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32crypt.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00027136 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\_multiprocessing.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00122368 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._wizard.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00010240 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\select.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00024064 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32pipe.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00686080 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\unicodedata.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00025600 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32pdh.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00525640 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\windows._lib_cacheinvalidation.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00035840 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32process.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00017408 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32profile.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00022528 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\win32ts.pyd2014-05-12 08:45 - 2014-05-12 08:45 - 00078336 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI279762\wx._animate.pyd2014-04-11 07:27 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-04-11 07:27 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2014-05-12 08:50 - 2014-05-12 08:50 - 00285184 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_hashlib.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00098816 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32api.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00110080 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\pywintypes27.dll2014-05-12 08:50 - 2014-05-12 08:50 - 00364544 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\pythoncom27.dll2014-05-12 08:50 - 2014-05-12 08:50 - 00074240 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_ctypes.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00686592 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\unicodedata.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00040960 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_socket.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00721920 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_ssl.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00003584 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\clr.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00025600 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32cred.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00029184 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\Crypto.Cipher._AES.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00007168 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\Crypto.Util.strxor.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00009728 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\Crypto.Random.OSRNG.winrandom.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00010240 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\Crypto.Util._counter.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00009728 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\select.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00024576 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\ujson.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00320512 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32com.shell.shell.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00018432 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32event.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00108544 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32security.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00041984 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_sqlite3.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00337920 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\sqlite3.dll2014-05-12 08:50 - 2014-05-12 08:50 - 00035328 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_psutil_mswindows.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00119808 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32file.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00035840 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32process.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00070656 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_elementtree.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00103424 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\pyexpat.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00023552 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_multiprocessing.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00042496 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32service.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00016384 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\_yappi.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00017920 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32clipboard.pyd2014-05-12 08:50 - 2014-05-12 08:50 - 00167936 _____ () C:\Documents and Settings\grsmith\Local Settings\Temp\_MEI287642\win32gui.pyd2014-05-05 17:21 - 2014-05-05 17:21 - 00022528 _____ () c:\Program Files\Box\Box Sync\BoxSyncMonitor.exe2014-04-28 17:43 - 2014-04-23 20:33 - 13692232 _____ () C:\Documents and Settings\grsmith\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (05/12/2014 09:07:32 AM) (Source: Symantec AntiVirus) (User: AD) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exeEvent Info: Open ProcessActionTaken: BlockedActor Process: C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAM.EXE (PID 28668)Time: Monday, May 12, 2014 9:07:32 AM Error: (05/12/2014 09:07:32 AM) (Source: Symantec AntiVirus) (User: AD) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exeEvent Info: Open ProcessActionTaken: BlockedActor Process: C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAM.EXE (PID 28668)Time: Monday, May 12, 2014 9:07:32 AM Error: (05/12/2014 09:07:32 AM) (Source: Symantec AntiVirus) (User: AD) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exeEvent Info: Open ProcessActionTaken: BlockedActor Process: C:\PROGRAM FILES\MALWAREBYTES ANTI-MALWARE\MBAM.EXE (PID 28668)Time: Monday, May 12, 2014 9:07:32 AM Error: (05/12/2014 08:44:26 AM) (Source: Symantec AntiVirus) (User: NT AUTHORITY) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exeEvent Info: Open ProcessActionTaken: BlockedActor Process: C:\WINDOWS\CCM\CCMEXEC.EXE (PID 2332)Time: Monday, May 12, 2014 8:44:25 AM Error: (05/12/2014 08:44:35 AM) (Source: Userenv) (User: NT AUTHORITY) (EventID: 1085)Description: The Group Policy client-side extension Folder Redirection failed to execute. Please look for any errors reported earlier by that extension. Error: (05/12/2014 08:44:34 AM) (Source: Folder Redirection) (User: AD) (EventID: 112)Description: Failed to perform redirection of folder My Pictures.The files for the redirected folder could not be moved to the new location.The folder is configured to be redirected to <\\%HOMESHARE%%HOMEPATH%\My Pictures>. Files were being moved from <C:\Documents and Settings\grsmith\My Documents\My Pictures> to <\\fs-1\home\grsmith\My Pictures>.The following error occurred while copying <C:\Documents and Settings\grsmith\My Documents\My Pictures\1.JPG> to <\\fs-1\home\grsmith\My Pictures\1.JPG>: %%1307 Error: (05/10/2014 02:08:41 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snacnp.dllEvent Info: Open FileActionTaken: BlockedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 22576)Time: Saturday, May 10, 2014 2:08:41 PM Error: (05/10/2014 02:08:41 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\BinEvent Info: Open FileActionTaken: BlockedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 22576)Time: Saturday, May 10, 2014 2:08:41 PM Error: (05/10/2014 02:08:41 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105Event Info: Open FileActionTaken: BlockedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 22576)Time: Saturday, May 10, 2014 2:08:41 PM Error: (05/10/2014 02:08:41 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY) (EventID: 45)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131115.003\CCERASER.DLLEvent Info: Open FileActionTaken: BlockedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 22576)Time: Saturday, May 10, 2014 2:08:41 PM System errors:=============Error: (04/17/2014 08:39:29 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (04/17/2014 08:34:29 AM) (Source: DCOM) (User: NT AUTHORITY) (EventID: 10016)Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool. Error: (04/17/2014 08:33:38 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes.NtpClient has no source of accurate time. Error: (04/17/2014 08:33:38 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (04/17/2014 08:33:01 AM) (Source: NETLOGON) (User: ) (EventID: 5719)Description: No Domain Controller is available for domain AD due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (04/17/2014 06:58:30 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (04/17/2014 06:58:28 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes.NtpClient has no source of accurate time. Error: (04/17/2014 06:58:28 AM) (Source: W32Time) (User: ) (EventID: 29)Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes.NtpClient has no source of accurate time. Error: (04/14/2014 08:55:49 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D). Error: (04/14/2014 08:55:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7024)Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D). Microsoft Office Sessions:=========================Error: (02/21/2012 10:25:50 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 239 seconds with 60 seconds of active time. This session ended with a crash. Error: (11/19/2010 06:43:31 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3222 seconds with 1200 seconds of active time. This session ended with a crash. Error: (08/25/2010 04:14:28 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 52 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/06/2010 02:48:24 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 433 seconds with 360 seconds of active time. This session ended with a crash. Error: (03/28/2009 00:10:27 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 55952 seconds with 1020 seconds of active time. This session ended with a crash. Error: (01/14/2009 05:03:49 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3218 seconds with 300 seconds of active time. This session ended with a crash. Error: (01/14/2009 01:01:06 PM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5781 seconds with 3060 seconds of active time. This session ended with a crash. Error: (05/21/2008 11:24:25 AM) (Source: Microsoft Office 12 Sessions) (User: ) (EventID: 7001)Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 67%Total physical RAM: 3325.54 MBAvailable physical RAM: 1066.21 MBTotal Pagefile: 5205.5 MBAvailable Pagefile: 2369.19 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1943.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.83 GB) (Free:176.28 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive m: (HOME) (Network) (Total:2 GB) (Free:1.44 GB) NTFSDrive o: (Common) (Network) (Total:4095.87 GB) (Free:473.49 GB) NTFSDrive x: (Common) (Network) (Total:4095.87 GB) (Free:473.49 GB) NTFSDrive z: (readers) (Network) (Total:273.45 GB) (Free:33.48 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: A27DA27D)Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  21. Hi, How do I know if imjpmig.exe is a Trojan.Agent.GN OR not? Thanks Came My MBAM Log file Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.04.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Camelia :: CANDY [administrator] Protection: Enabled 3/4/2014 9:40:29 PM 01mbamlog.txt Scan type: Custom scan (C:\WINDOWS|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 23847 Time elapsed: 20 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\WINDOWS\system32\dllcache\imjpmig.exe (Trojan.Agent.GN) -> No action taken. C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe (Trojan.Agent.GN) -> No action taken. (end)
  22. HI, MBAM Team Argggg!! Now what? Are accwiz.exe & ctfmon.exe FP? I need to work!! not to ask if files are FP or NOT!!! :angry: :angry: Thanks Camelia This is my MBAM log file and attached files Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.05.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Camelia :: CANDY [administrator] Protection: Enabled 3/5/2014 3:06:24 AM 03mbamlog.txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 247756 Time elapsed: 29 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe (Trojan.FakeMS) -> No action taken. C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe (Trojan.FakeMS) -> No action taken. (end)
  23. Hi MBAM Team Is tintsetp.exe another FP or what? Thanks Camelia My MBAM Log Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.05.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Camelia :: CANDY [administrator] Protection: Enabled 3/4/2014 11:37:03 PM MBAM-log-2014-03-04 (23-41-48).txt Scan type: Custom scan (C:\WINDOWS\system32|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Memory | Startup | Registry | Heuristics/Extra Objects scanned: 5760 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\WINDOWS\system32\dllcache\tintsetp.exe (Trojan.Agent.GN) -> No action taken. (end)
  24. I noticed your options for emailing questions no longer has the option of WinXP. Guessing this support will end with the MB 2.0!?!? W2K3 and WinXP, will they still be supported? Will you continue to support the older versions with daily updates and such? I realize the base program wont change, but regular updates will allow the SAME protection we have now, to continue.
  25. 8:30am PST. After spending a couple of days on a client's Zbot Cryptolocker removal and file restoration - the blocking of executables running from XP's %username%\Application Data\ folders and sub-folders was implemented through Group Policy. As a test I just now copied notepad.exe from c:\windows into the \application data\ folder. But, Malwarebytes blocked this and called Zbot Crypto on notepad.exe - and Quarantined. Next, Right Click notepad.exe and 'scan with malwarebytes' - no malware found? Next, Delete notepad.exe from windows\ and windows\system32\ and replace with known good copy. Next, copy good notepad.exe into %username%\application data\ again. Again, Malwarebytes calls Zbot Cryptolocker on the copy and quarantines. Next, copy thunk??.exe into %username%\application data\ folder & run. Group Policy blocks the execution! Whassup with copying notepad.exe from \windows into %username\application data\ ? Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.