Jump to content

sirefef.ez trojan


Recommended Posts

I ran the Farbar Recovery Scan Tool. I have attached the FRST log. It did not create an Addition log this time. Was I supposed to check Addition in the optional scan area?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-07-2013 01
Ran by Chris Jacobs (administrator) on 10-07-2013 00:00:21
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Orb Networks, Inc.) C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TorchMedia Inc.) C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [sigmatelSysTrayApp] - stsystra.exe [x]
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [startCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ATICustomerCare] - "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [YeppStudioAgent] - C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe [40960 2005-09-12] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iSUSPM Startup] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [TkBellExe] - "C:\program files\real\realplayer\update\realsched.exe"  -osboot [296096 2012-08-10] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [5078504 2013-03-21] (ESET)
HKLM\...\Winlogon: [userinit] C:\WINDOWS\system32\userinit.exe, [x]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [steam] - "C:\Program Files\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18672232 2013-02-28] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @GameNutt_2s.com/Plugin - C:\Program Files\GameNutt_2s\bar\1.bin\NP2sStub.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\searchplugins\visualbee-v1-customized-web-search.xml
FF Extension: No Name - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [2sffxtbr@GameNutt_2s.com] C:\Program Files\GameNutt_2s\bar\1.bin
FF Extension: UltimateGamesBar - C:\Program Files\GameNutt_2s\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Torch Share) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Gmail) - C:\DOCUME~1\CHRISJ~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
========================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
R2 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2010-11-08] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 TorchCrashHandler; C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1205088 2013-06-20] (TorchMedia Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2011-08-17] ()
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5417472 2010-09-10] (ATI Technologies Inc.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
U1 NDISRD; C:\Windows\System32\Drivers\NDISRD.sys [24576 2009-06-22] (NT Kernel Resources)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2003-01-09] (Padus, Inc.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2004-04-14] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [21280 2004-04-14] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2004-04-14] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [44064 2004-04-14] (Logitech Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S2 RPSKT; system32\DRIVERS\rp_skt32.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2013-07-09 23:05 - 2013-07-09 23:05 - 00017810 ____A C:\ComboFix.txt
2013-07-09 22:54 - 2013-07-09 22:54 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-07-09 22:29 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-09 22:29 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-09 22:29 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 09:02 - 2013-07-09 23:05 - 00000000 ____D C:\Qoobox
2013-07-06 21:29 - 2013-07-07 08:49 - 00000000 ____D C:\FRST
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 ____A C:\Windows\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 ____A C:\Windows\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 22:02 - 2013-07-04 22:03 - 00000000 ____D C:\Program Files\ERUNT
2013-07-03 22:30 - 2013-07-03 23:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-07-03 21:16 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\Windows\System32\ieencode.dll
2013-07-02 19:34 - 2013-07-09 23:54 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-01 12:17 - 2013-07-05 01:13 - 00000000 ____D C:\Program Files\ESET
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 00:43 - 2013-07-01 01:49 - 00000000 __HDC C:\Windows\ie8
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-06-30 23:27 - 2013-06-30 23:29 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:26 - 2013-06-28 12:28 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:26 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-28 12:26 - 2011-06-23 13:26 - 01700352 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:39 - 2013-06-24 17:40 - 00000000 ____D C:\Program Files\WinRAR
2013-06-22 22:13 - 2013-06-23 13:03 - 00000000 ____D C:\Fraps
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 00:03 - 2013-07-05 03:02 - 00024435 ____A C:\Windows\KB2838727-IE8.log
2013-06-12 16:06 - 2013-06-13 00:09 - 00015785 ____A C:\Windows\KB2839229.log
 
==================== One Month Modified Files and Folders =======
 
2013-07-09 23:55 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Steam
2013-07-09 23:55 - 2010-11-06 16:48 - 00196608 ____A C:\Windows\System32\config\ACEEvent.evt
2013-07-09 23:54 - 2013-07-02 19:34 - 00000292 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-09 23:54 - 2005-08-16 06:18 - 00002206 ____A C:\Windows\System32\wpa.dbl
2013-07-09 23:53 - 2005-08-16 06:40 - 01267339 ____A C:\Windows\WindowsUpdate.log
2013-07-09 23:53 - 2005-08-16 06:35 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-09 23:53 - 2005-08-16 06:35 - 00000048 ____A C:\Windows\wiaservc.log
2013-07-09 23:51 - 2005-08-16 06:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 23:18 - 2005-08-16 06:49 - 00032474 ____A C:\Windows\SchedLgU.Txt
2013-07-09 23:09 - 2011-05-26 17:14 - 00001006 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
2013-07-09 23:05 - 2013-07-09 23:05 - 00017810 ____A C:\ComboFix.txt
2013-07-09 23:05 - 2013-07-08 09:02 - 00000000 ____D C:\Qoobox
2013-07-09 22:56 - 2005-08-16 06:18 - 00000227 ____A C:\Windows\system.ini
2013-07-09 22:55 - 2005-08-16 00:27 - 55836672 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 12582912 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 05767168 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-09 22:54 - 2013-07-09 22:54 - 00008192 ___AH C:\Windows\System32\config\SECURITY.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SYSTEM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SOFTWARE.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\SAM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ___AH C:\Windows\System32\config\DEFAULT.tmp.LOG
2013-07-09 22:54 - 2012-08-29 21:53 - 00000000 ____D C:\Windows\erdnt
2013-07-09 22:37 - 2005-08-16 06:40 - 00000000 ____D C:\Windows\System32\Restore
2013-07-09 21:31 - 2012-03-29 20:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 21:09 - 2011-05-26 17:14 - 00000954 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
2013-07-07 08:49 - 2013-07-06 21:29 - 00000000 ____D C:\FRST
2013-07-06 22:54 - 2005-08-16 06:33 - 03004537 ____A C:\Windows\FaxSetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01467830 ____A C:\Windows\ocgen.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01370045 ____A C:\Windows\iis6.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01366219 ____A C:\Windows\tsoc.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00969421 ____A C:\Windows\comsetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00596806 ____A C:\Windows\ntdtcsetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00529764 ____A C:\Windows\netfxocm.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00339840 ____A C:\Windows\MedCtrOC.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00159881 ____A C:\Windows\ocmsn.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00148516 ____A C:\Windows\msgsocm.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00146221 ____A C:\Windows\tabletoc.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00001891 ____A C:\Windows\imsins.log
2013-07-06 22:53 - 2005-08-16 06:33 - 00925310 ____A C:\Windows\msmqinst.log
2013-07-06 10:10 - 2012-09-30 17:54 - 00207900 ____A C:\Windows\setupapi.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00557092 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 23:38 - 2005-08-16 06:33 - 00004635 ____A C:\Windows\imsins.BAK
2013-07-05 23:38 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\System32\inetsrv
2013-07-05 18:27 - 2012-08-10 12:07 - 00000300 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 ____A C:\Windows\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2485663$
2013-07-05 03:04 - 2007-01-25 09:16 - 00000000 ___HD C:\Windows\$hf_mig$
2013-07-05 03:03 - 2009-12-09 11:02 - 00026979 ____A C:\Windows\KB973904.log
2013-07-05 03:03 - 2005-08-16 06:18 - 00001208 ____A C:\Windows\win.ini
2013-07-05 03:02 - 2013-06-13 00:03 - 00024435 ____A C:\Windows\KB2838727-IE8.log
2013-07-05 03:02 - 2005-08-16 06:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 03:01 - 2011-04-16 12:33 - 00017101 ____A C:\Windows\KB2510531-IE8.log
2013-07-05 03:01 - 2009-10-28 20:54 - 00000000 ____D C:\Windows\ie8updates
2013-07-05 03:01 - 2005-08-16 23:04 - 00632237 ____A C:\Windows\updspapi.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 ____A C:\Windows\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB923561$
2013-07-05 02:00 - 2013-04-03 15:19 - 00000356 ____A C:\Windows\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job
2013-07-05 01:13 - 2013-07-01 12:17 - 00000000 ____D C:\Program Files\ESET
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 23:02 - 2011-03-24 10:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2524375$
2013-07-04 23:02 - 2005-08-16 06:22 - 00000000 _SHDC C:\Windows\$NtUninstallKB44159$
2013-07-04 22:31 - 2011-04-20 04:41 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-07-04 22:03 - 2013-07-04 22:02 - 00000000 ____D C:\Program Files\ERUNT
2013-07-04 17:10 - 2012-08-16 22:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-03 23:37 - 2013-07-03 22:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 22:02 - 2005-08-16 23:10 - 00161704 ___AC C:\Windows\spupdsvc.log
2013-07-03 22:01 - 2008-09-23 21:26 - 00000352 ____A C:\Windows\spupdsvc.log.1.log
2013-07-03 22:01 - 2008-09-23 21:26 - 00000253 ____A C:\Windows\System32\spupdwxp.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00161569 ____A C:\Windows\wmsetup.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00001103 ___AC C:\Windows\DtcInstall.log
2013-07-03 21:54 - 2008-09-12 15:35 - 00731728 ____A C:\Windows\svcpack.log
2013-07-03 21:54 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\security
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\Windows\$NtUninstallKB951376$
2013-07-03 21:21 - 2008-08-23 10:00 - 00218980 ____A C:\Windows\KB952287.log
2013-07-03 21:21 - 2008-08-22 18:52 - 00037915 ____A C:\Windows\KB951072-v2.log
2013-07-03 21:21 - 2008-08-22 18:46 - 00226690 ____A C:\Windows\KB952954.log
2013-07-03 21:21 - 2008-07-09 04:35 - 00223762 ____A C:\Windows\KB951748.log
2013-07-03 21:21 - 2008-06-20 10:00 - 00210916 ____A C:\Windows\KB951376-v2.log
2013-07-03 21:21 - 2008-06-11 10:00 - 00210859 ____A C:\Windows\KB951376.log
2013-07-03 21:21 - 2008-06-10 22:33 - 00222068 ____A C:\Windows\KB951698.log
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\Windows\$NtUninstallKB938464$
2013-07-03 21:20 - 2008-09-10 10:00 - 00212975 ____A C:\Windows\KB938464.log
2013-07-03 21:20 - 2008-08-23 10:01 - 00220427 ____A C:\Windows\KB946648.log
2013-07-03 21:20 - 2008-08-23 10:00 - 00211902 ____A C:\Windows\KB951066.log
2013-07-03 21:20 - 2008-08-22 18:44 - 00225013 ____A C:\Windows\KB950974.log
2013-07-03 21:20 - 2008-06-11 10:00 - 00211215 ____A C:\Windows\KB950762.log
2013-07-03 21:20 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\Messenger
2013-07-03 21:17 - 2005-08-16 06:36 - 00000573 ___AC C:\Windows\cmsetacl.log
2013-07-03 21:16 - 2005-08-16 06:39 - 00003257 ___AC C:\Windows\sessmgr.setup.log
2013-07-03 21:16 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\MSN
2013-07-03 21:16 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\Help
2013-07-03 21:15 - 2007-01-25 09:08 - 00000000 ____D C:\Windows\System32\ReinstallBackups
2013-07-02 15:43 - 2011-12-28 22:03 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-07-02 13:48 - 2008-09-13 14:37 - 00000000 ____D C:\Program Files\Nancy Drew
2013-07-01 17:14 - 2012-08-13 11:18 - 00001954 ____A C:\Windows\epplauncher.mif
2013-07-01 12:06 - 2007-01-25 09:27 - 00000000 ____D C:\Program Files\Google
2013-07-01 11:42 - 2008-01-30 19:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-01 02:15 - 2005-08-16 06:38 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-01 01:59 - 2005-08-16 06:27 - 03694712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-01 01:57 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\Media
2013-07-01 01:56 - 2009-07-05 19:11 - 00186214 ____A C:\Windows\ie8_main.log
2013-07-01 01:49 - 2013-07-01 00:43 - 00000000 __HDC C:\Windows\ie8
2013-07-01 01:49 - 2009-10-28 20:51 - 00350556 ____A C:\Windows\ie8.log
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 01:42 - 2007-01-25 09:29 - 00000376 ____A C:\Windows\ODBC.INI
2013-07-01 01:41 - 2005-08-16 06:40 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-01 01:38 - 2005-08-16 06:22 - 00000000 ____D C:\Windows\system
2013-07-01 00:45 - 2011-12-14 11:05 - 00019449 ____A C:\Windows\KB2618444-IE8.log
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-07-01 00:07 - 2008-09-09 17:49 - 00000000 ____D C:\Program Files\Windows Live
2013-06-30 23:52 - 2012-08-10 09:51 - 00104792 ____A C:\Windows\ie8Uninst.log
2013-06-30 23:29 - 2013-06-30 23:27 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-06-30 22:19 - 2007-08-15 10:01 - 00000000 __HDC C:\Windows\$NtUninstallKB938828$
2013-06-30 18:13 - 2011-04-17 17:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-30 18:03 - 2013-06-09 23:15 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-28 12:28 - 2013-06-28 12:26 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:26 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-25 00:13 - 2013-02-17 22:31 - 00065536 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:40 - 2013-06-24 17:39 - 00000000 ____D C:\Program Files\WinRAR
2013-06-23 13:03 - 2013-06-22 22:13 - 00000000 ____D C:\Fraps
2013-06-15 16:45 - 2008-12-15 20:54 - 00000000 ____A C:\transcoding.log
2013-06-13 17:41 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-13 00:09 - 2013-06-12 16:06 - 00015785 ____A C:\Windows\KB2839229.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00340543 ____A C:\Windows\plusoc.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00164061 ____A C:\Windows\ehOCGen.log
2013-06-13 00:05 - 2011-04-18 07:21 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 16:31 - 2012-03-29 20:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:31 - 2011-06-22 17:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\Users\public\MyWebTattoo.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please download this tool from ESET antivirus and save it to your computer.
Then close all open programs and run it.   Then reboot your computer when done.
 
ServicesRepair.exe
 
 
Then run the following antivirus scanner and let me know if it finds anything or not. 
 

dr_web_cureit_zpse80d87bf.jpg

  • Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.
Link to post
Share on other sites

I ran both of the programs as outlined above. Dr. Web did not find anything. I did not see an Open Report link when it finished. It simply said no threats found. After reboot, I am still getting the message of limited or no connectivity to the network and that the Windows firewall settings cannot be displayed because the associated service is not running. Do you think I should uninstall Microsoft Security Essentials as I installed a 30 day Eset trial when I first discovered my virus issues and thought something had gone awry with MSE.

Link to post
Share on other sites

I re-ran ESET Services Repair. It indicated that "multiple services were reinstated". I then ran combofix again. Message that Rootkit.Zero Access has inserted itself into the tcp/ip stack. Combofix forced a reboot. Still limited connectivity, etc. 

 

ComboFix Log

 

ComboFix 13-07-07.01 - Chris Jacobs 11/07/2013   1:01.3.2 - x86
Running from: c:\documents and settings\Chris Jacobs\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  )))))))))))))))))))))))))))))))
.
.
2013-07-10 18:12 . 2013-07-10 18:12 -------- d-----w- c:\documents and settings\Chris Jacobs\Doctor Web
2013-07-07 01:29 . 2013-07-07 12:49 -------- d-----w- C:\FRST
2013-07-05 04:35 . 2013-07-05 04:35 -------- d-----w- c:\windows\ERUNT
2013-07-05 02:02 . 2013-07-05 02:03 -------- d-----w- c:\program files\ERUNT
2013-07-04 01:56 . 2013-07-04 01:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-07-04 01:16 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll
2013-07-04 01:16 . 2007-04-03 04:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-07-04 01:16 . 2007-04-03 04:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-07-04 01:16 . 2008-04-14 09:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-07-04 01:16 . 2008-04-14 09:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-07-04 01:16 . 2008-04-14 09:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-07-04 01:16 . 2007-04-03 04:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-07-04 01:16 . 2007-04-03 04:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-07-01 16:54 . 2013-07-01 16:54 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\ESET
2013-07-01 16:17 . 2013-07-05 05:13 -------- d-----w- c:\program files\ESET
2013-07-01 16:17 . 2013-07-01 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-07-01 05:42 . 2013-07-01 05:42 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-07-01 04:43 . 2013-07-01 05:49 -------- dc-h--w- c:\windows\ie8
2013-07-01 04:38 . 2013-07-01 04:38 -------- d-----w- c:\program files\Microsoft Download Manager
2013-07-01 04:17 . 2013-07-01 04:17 -------- d-----w- C:\WINSSLog
2013-07-01 03:27 . 2013-07-01 03:29 -------- d--h--w- c:\windows\msdownld.tmp
2013-06-28 16:28 . 2013-06-28 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2013-06-28 16:28 . 2013-06-28 16:28 -------- d-----w- c:\documents and settings\Chris Jacobs\Application Data\AVS4YOU
2013-06-28 16:27 . 2013-06-28 16:27 -------- d-----w- c:\program files\AVS4YOU
2013-06-28 16:26 . 2013-06-28 16:27 -------- d-----w- c:\program files\Common Files\AVSMedia
2013-06-28 16:26 . 2011-06-23 17:26 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2013-06-28 16:26 . 2013-06-28 16:28 -------- d-----w- C:\AVSVideoEditor
2013-06-28 14:03 . 2013-06-28 14:04 -------- d-----w- c:\documents and settings\Chris Jacobs\Application Data\.technic
2013-06-28 13:27 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF0B931E-3306-4452-A5C1-FD27BD249E02}\mpengine.dll
2013-06-27 12:34 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-25 01:32 . 2013-07-11 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TorchCrashHandler
2013-06-25 01:31 . 2013-07-05 04:36 -------- d-----w- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Torch
2013-06-25 01:14 . 2013-06-25 01:14 -------- d-----w- c:\program files\CheckPoint
2013-06-23 02:13 . 2013-06-23 17:03 -------- d-----w- C:\Fraps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 20:31 . 2012-03-30 00:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 20:31 . 2011-06-22 21:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2005-08-16 10:18 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2005-08-16 10:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2005-08-16 10:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2005-08-16 10:18 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2005-08-16 10:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 04:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2013-06-10 03:07 238872 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18672232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-11 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"YeppStudioAgent"="c:\program files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 40960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-10 296096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10/01/2013 3:08 PM 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/01/2013 3:08 PM 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21/03/2013 3:19 PM 1341664]
R2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [14/05/2009 1:21 PM 98304]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [30/06/2013 6:12 PM 418376]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 1:26 PM 3289208]
R2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [20/06/2013 9:54 AM 1205088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17/04/2011 5:40 PM 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17/04/2011 5:40 PM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 7:09 PM 161384]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 1:37 PM 517096]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 20:31]
.
2013-07-05 c:\windows\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-03-21 09:10]
.
2013-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2013-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
- c:\documents and settings\Chris Jacobs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-26 03:03]
.
2013-06-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
2013-07-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-07-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: brassring.com\sjobs
Trusted Zone: freerealms.com
Trusted Zone: microsoft.com\www.update
Trusted Zone: plaxo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.222.220
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\TurboTax 2012\ic2012pp.dll
FF - ProfilePath - c:\documents and settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-11 01:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:4f,f0,c1,db,95,ae,f7,27,e6,fd,32,e9,60,e2,5b,b8,5f,69,ea,fc,89,b2,63,
   2e,86,7f,1b,b8,ab,0c,79,d0,10,1a,57,f7,17,63,82,ca,0a,18,3c,46,e5,44,88,54,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-3363229072-3021304974-548893752-1007\Software\SecuROM\License information*]
"datasecu"=hex:8d,fc,6d,66,69,bd,ae,84,4a,b8,0d,af,93,16,c7,41,0e,17,47,01,47,
   7f,06,f5,97,0d,b3,c0,3d,2d,51,55,53,7e,2f,58,4e,1f,07,c5,af,97,b6,44,ac,ab,\
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\stsystra.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-07-11  01:26:26 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-11 05:26
ComboFix2.txt  2013-07-10 03:05
.
Pre-Run: 104,109,035,520 bytes free
Post-Run: 104,072,306,688 bytes free
.
- - End Of File - - 267FD92C398CCA64541AF11D206620E1
5CB90281D1A59B251F6603134774EEC3
Link to post
Share on other sites

  • Root Admin

Let's go ahead and run this scanner again then now.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

Let's try these and see if they can help.

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thanks
Link to post
Share on other sites

Okay. Here is the result of the MiniTool Box

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Chris Jacobs (administrator) on 11-07-2013 at 23:21:09
Running from "C:\Documents and Settings\Chris Jacobs\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® 82566DC Gigabit Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : KJacobs
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Broadcast
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : phub.net.cable.rogers.com
 
        Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection
 
        Physical Address. . . . . . . . . : 00-19-D1-1D-42-C2
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 0.0.0.0
 
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
 
        Default Gateway . . . . . . . . . : 
 
        DHCP Server . . . . . . . . . . . : 192.168.0.1
 
        DNS Servers . . . . . . . . . . . : 208.67.222.222
 
                                            208.67.222.220
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
 
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 1d 42 c2 ...... Intel® 82566DC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
  255.255.255.255  255.255.255.255  255.255.255.255               2  1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/11/2013 07:57:24 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.
 
Error: (07/11/2013 07:55:34 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 07:41:21 PM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.
 
Error: (07/11/2013 07:41:13 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 01:18:59 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.
 
Error: (07/11/2013 01:18:31 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 01:00:14 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.
 
Error: (07/11/2013 00:59:58 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 00:47:34 AM) (Source: Media Center Extender Services) (User: )
Description: ERROR: Device Service Listener - UDP networking failed. Error code 0x80072742.
 
Error: (07/11/2013 00:47:25 AM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
 
System errors:
=============
Error: (07/11/2013 00:39:53 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the AFD service which failed to start because of the following error: 
%%31
 
Error: (07/09/2013 11:54:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
 
Error: (07/09/2013 11:04:29 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: 
%%2001
 
Error: (07/09/2013 11:04:29 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error: 
%%2001
 
Error: (07/09/2013 11:00:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (07/09/2013 10:59:33 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: 
%%2001
 
Error: (07/09/2013 10:59:33 PM) (Source: Service Control Manager) (User: )
Description: The AFD service failed to start due to the following error: 
%%2001
 
Error: (07/09/2013 10:59:32 PM) (Source: Service Control Manager) (User: )
Description: The BITS service terminated with service-specific error 2147952450 (0x80072742).
 
Error: (07/09/2013 10:59:32 PM) (Source: DCOM) (User: KJACOBS)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.
 
Error: (07/09/2013 10:59:08 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: 
%%2001
 
 
Microsoft Office Sessions:
=========================
Error: (07/11/2013 07:57:24 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742
 
Error: (07/11/2013 07:55:34 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 07:41:21 PM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742
 
Error: (07/11/2013 07:41:13 PM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 01:18:59 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742
 
Error: (07/11/2013 01:18:31 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 01:00:14 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742
 
Error: (07/11/2013 00:59:58 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
Error: (07/11/2013 00:47:34 AM) (Source: Media Center Extender Services)(User: )
Description: UDP0x80072742
 
Error: (07/11/2013 00:47:25 AM) (Source: JavaQuickStarterService)(User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10050)
 
 
=========================== Installed Programs ============================
 
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
ATI Catalyst Install Manager (Version: 3.0.795.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Parental Control & Encoder (Version: 3.0)
AVS Video Editor 6 (Version: 6.3.3.235)
BioShock (Version: 2.5.0000)
Black's Digital Solution Studio (Version: 2.6.8.704)
Bonjour (Version: 3.0.0.10)
Canon Camera Access Library (Version: 8.2.0.1)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.3.0.11)
Canon Easy-PhotoPrint EX
Canon Easy-PhotoPrint Pro
Canon Easy-WebPrint EX
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MG6100 series MP Drivers
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon MP Navigator EX 4.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 2.4.0.7)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.6.0.9)
Canon Solution Menu EX
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0910.2122.36517)
Catalyst Control Center InstallProxy (Version: 2010.0910.2122.36517)
CCC Help English (Version: 2010.0910.2121.36517)
ccc-core-static (Version: 2010.0910.2122.36517)
ccc-utility (Version: 2010.0910.2122.36517)
CCScore (Version: 7.00.0000.0001)
Clone Wars
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell CinePlayer (Version: 3.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support 3.2.1 (Version: 5.5.2087)
Dell System Restore (Version: 2.00.0000)
DivX Web Player (Version: 1.4.3)
DVD-MovieAlbumSE 3 for DVDCAM
EPSON Printer Software
ERUNT 1.1j
ESET NOD32 Antivirus (Version: 6.0.316.0)
ESET Online Scanner v3
ESPNMotion (Version: 2.1.6.0011)
ESSBrwr (Version: 8.00.0000.0001)
ESSCDBK (Version: 8.00.0000.0001)
ESSgui (Version: 8.00.0000.0001)
ESSini (Version: 8.00.0000.0001)
ESSPCD (Version: 7.01.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
Europa Universalis III
EZface ActiveX 210 (Version: 2.1.0)
Fraps (remove only)
Google Talk Plugin (Version: 2.1.8.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Graboid Video 3.05 (Version: 3.05)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel® Matrix Storage Manager
Intel® PRO Network Connections (Version: )
InterActual Player
iTunes (Version: 11.0.2.26)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 33 (Version: 6.0.330)
KEDDS (Version: 1.04.0000.0005)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Logitech Gaming Software (Version: 4.40)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Managed DirectX (0900) (Version: 4.09.00.0900)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Musicnotes Player
Musicnotes Software Suite 1.0 (Version: 1.1)
Nancy Drew: The Captive Curse (Version: 8.0.0.30162)
Nancy Drew: The Curse of Blackmoor Manor
netbrdg (Version: 7.01.0000.0001)
On2 VP3 Video for Windows Codec
Origin (Version: 8.2.2.2413)
Otto
PDF Settings CS6 (Version: 11.0)
Picasa 3 (Version: 3.9)
Picture Package Music Transfer (Version: 1.1.00.11270)
PSE10 STI Installer (Version: 10.0)
PunkBuster Services (Version: 0.986)
QuickTax 2006
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
QuickTime for Windows (32-bit)
Race Day Demo Version
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RPS CRT (Version: 7.0.28)
Samsung Media Studio
SecondLife (remove only)
SHASTA (Version: 7.01.0000.0001)
Sibelius Scorch (ActiveX Only) (Version: 5.2.1)
Sid Meier's Civilization V
skin0001 (Version: 8.00.0000.0001)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.105)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
Sonic Activation Module (Version: 1.0)
Sonic Encoders (Version: 1.00)
Sony Picture Utility (Version: 3.0.01.12110)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.00.0000.0001)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
TeamViewer 5 (Version: 5.1.10408 )
The Sims™ 3 (Version: 1.42.130)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Late Night (Version: 6.0.81)
Tiger Woods PGA TOUR 2004
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
TurboTax 2012 (Version: 1.00.0000)
UltimateGamesBar
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VLC media player 2.0.7 (Version: 2.0.7)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Mail
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]
Windows PowerShell 1.0 (Version: 1)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WIRELESS (Version: 7.02.0000.0001)
YP-U1 (Version: )
ZoneAlarm Free Firewall (Version: 10.2.078.000)
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 38%
Total physical RAM: 2045.85 MB
Available physical RAM: 1260.74 MB
Total Pagefile: 3938.07 MB
Available Pagefile: 3156.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.75 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:293.4 GB) (Free:97.01 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KJACOBS
 
Administrator            Aidan Jacobs             Alison Jacobs            
Chris Jacobs             Guest                    Hannah Jacobs            
HelpAssistant            Katherine Jacobs         kodak                    
SUPPORT_388945a0         
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\Mini030610-01.dmp
C:\WINDOWS\Minidump\Mini041611-01.dmp
C:\WINDOWS\Minidump\Mini050210-01.dmp
C:\WINDOWS\Minidump\Mini051510-01.dmp
C:\WINDOWS\Minidump\Mini101710-01.dmp
C:\WINDOWS\Minidump\Mini101810-01.dmp
C:\WINDOWS\Minidump\Mini102410-01.dmp
C:\WINDOWS\Minidump\Mini102710-01.dmp
C:\WINDOWS\Minidump\Mini102910-01.dmp
C:\WINDOWS\Minidump\Mini110110-01.dmp
C:\WINDOWS\Minidump\Mini110609-01.dmp
 
**** End of log ****
Link to post
Share on other sites

Now, here is the Farbar Recovery Scan Tool log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2013 01
Ran by Chris Jacobs (administrator) on 11-07-2013 23:24:57
Running from C:\Documents and Settings\Chris Jacobs\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Orb Networks, Inc.) C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TorchMedia Inc.) C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ehTray] - C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation)
HKLM\...\Run: [sigmatelSysTrayApp] - stsystra.exe [x]
HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-07-06] (Intel Corporation)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [startCCC] - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ATICustomerCare] - "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [YeppStudioAgent] - C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe [40960 2005-09-12] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iSUSPM Startup] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [TkBellExe] - "C:\program files\real\realplayer\update\realsched.exe"  -osboot [296096 2012-08-10] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [5078504 2013-03-21] (ESET)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [steam] - "C:\Program Files\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
HKCU\...\Run: [skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18672232 2013-02-28] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [DellSupport] - "C:\Program Files\Dell Support\DSAgnt.exe" /startup [ 2006-08-28] (Gteko Ltd.)
HKU\Aidan Jacobs\...\Run: [swg] - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Aidan Jacobs\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Alison Jacobs\...\Run: [DellSupport] - "C:\Program Files\Dell Support\DSAgnt.exe" /startup [ 2006-08-28] (Gteko Ltd.)
HKU\Alison Jacobs\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Alison Jacobs\...\Run: [EleFunAnimatedWallpaper] -  [x]
HKU\Alison Jacobs\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\Dell Support\DSAgnt.exe" /startup [ 2006-08-28] (Gteko Ltd.)
HKU\Guest\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime [ 2012-10-25] (Apple Inc.)
HKU\Guest\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Hannah Jacobs\...\Run: [DellSupport] - "C:\Program Files\Dell Support\DSAgnt.exe" /startup [ 2006-08-28] (Gteko Ltd.)
HKU\Hannah Jacobs\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Hannah Jacobs\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Katherine Jacobs\...\Run: [RegistryBooster] - "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000  [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - {093d18f3-98c6-4e68-b6c0-9da816681fcf} URL = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU -No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @GameNutt_2s.com/Plugin - C:\Program Files\GameNutt_2s\bar\1.bin\NP2sStub.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @soe.sony.com/installer,version=1.0.3 - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Firefox\Profiles\kxgn1snm.default\searchplugins\visualbee-v1-customized-web-search.xml
FF Extension: No Name - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [2sffxtbr@GameNutt_2s.com] C:\Program Files\GameNutt_2s\bar\1.bin
FF Extension: UltimateGamesBar - C:\Program Files\GameNutt_2s\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Documents and Settings\Chris Jacobs\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
 
========================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-21] (ESET)
R2 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2010-11-08] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)
R2 TorchCrashHandler; C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch\Update\TorchCrashHandler.exe [1205088 2013-06-20] (TorchMedia Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
S1 AFD; C:\Windows\System32\drivers\afd.sys [138496 2011-08-17] ()
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [5417472 2010-09-10] (ATI Technologies Inc.)
S3 DSproct; C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [4864 2006-01-10] (GTek Technologies Ltd.)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
U1 NDISRD; C:\Windows\System32\Drivers\NDISRD.sys [24576 2009-06-22] (NT Kernel Resources)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [9856 2003-01-09] (Padus, Inc.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2004-04-14] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [21280 2004-04-14] (Logitech Inc.)
S3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2004-04-14] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [44064 2004-04-14] (Logitech Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S2 RPSKT; system32\DRIVERS\rp_skt32.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2013-07-11 23:21 - 2013-07-11 23:21 - 00026357 _____ C:\Documents and Settings\Chris Jacobs\Desktop\Result.txt
2013-07-11 19:49 - 2013-07-11 19:37 - 02240864 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Chris Jacobs\Desktop\tdsskiller.exe
2013-07-11 01:26 - 2013-07-11 01:26 - 00017133 _____ C:\ComboFix.txt
2013-07-11 00:41 - 2013-07-11 00:09 - 04009167 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ServicesRepair (1).exe
2013-07-10 14:54 - 2013-07-10 15:09 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-07-10 14:12 - 2013-07-10 14:53 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-07-10 14:12 - 2013-07-10 14:12 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Doctor Web
2013-07-10 12:56 - 2013-07-10 11:06 - 124212832 _____ C:\Documents and Settings\Chris Jacobs\Desktop\drweb-cureit.exe
2013-07-10 11:28 - 2013-07-10 11:28 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-07-10 11:28 - 2013-07-10 10:56 - 04009167 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ServicesRepair.exe
2013-07-09 22:54 - 2013-07-09 22:54 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2013-07-09 22:29 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-07-09 22:29 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-07-09 22:29 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-07-09 22:29 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-07-08 09:02 - 2013-07-11 01:26 - 00000000 ____D C:\Qoobox
2013-07-08 08:58 - 2013-07-07 13:10 - 05087096 ____R (Swearware) C:\Documents and Settings\Chris Jacobs\Desktop\ComboFix.exe
2013-07-06 21:29 - 2013-07-11 23:13 - 01218598 _____ (Farbar) C:\Documents and Settings\Chris Jacobs\Desktop\FRST.exe
2013-07-06 21:29 - 2013-07-07 08:49 - 00000000 ____D C:\FRST
2013-07-06 11:43 - 2013-07-11 23:12 - 00760775 _____ (Farbar) C:\Documents and Settings\Chris Jacobs\Desktop\MiniToolBox.exe
2013-07-05 11:01 - 2013-07-05 11:01 - 00052279 _____ C:\Documents and Settings\Chris Jacobs\Desktop\eset scan.txt
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 _____ C:\WINDOWS\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 _____ C:\WINDOWS\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB923561$
2013-07-05 00:38 - 2013-07-05 00:38 - 00004139 _____ C:\Documents and Settings\Chris Jacobs\Desktop\JRT.txt
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-04 22:02 - 2013-07-04 22:03 - 00000000 ____D C:\Program Files\ERUNT
2013-07-04 22:02 - 2013-07-04 22:02 - 00000611 _____ C:\Documents and Settings\Chris Jacobs\Desktop\NTREGOPT.lnk
2013-07-04 22:02 - 2013-07-04 22:02 - 00000592 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ERUNT.lnk
2013-07-04 00:22 - 2013-07-04 00:22 - 00025604 _____ C:\Documents and Settings\Chris Jacobs\Desktop\attach.txt
2013-07-04 00:22 - 2013-07-04 00:22 - 00021871 _____ C:\Documents and Settings\Chris Jacobs\Desktop\dds.txt
2013-07-03 22:30 - 2013-07-03 23:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 22:01 - 2013-07-03 22:01 - 00000782 _____ C:\Documents and Settings\kodak\Desktop\Windows Media Player.lnk
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB938464$
2013-07-03 21:16 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2013-07-02 19:34 - 2013-07-11 19:58 - 00000292 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-02 13:51 - 2013-07-02 19:06 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\The Curse of Blackmoor Manor
2013-07-02 13:51 - 2013-07-02 13:51 - 00000807 _____ C:\Documents and Settings\All Users\Desktop\The Curse of Blackmoor Manor.lnk
2013-07-01 16:12 - 2013-07-01 16:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-07-01 16:11 - 2013-07-01 16:11 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-01 12:54 - 2013-07-01 12:54 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\ESET
2013-07-01 12:17 - 2013-07-05 01:13 - 00000000 ____D C:\Program Files\ESET
2013-07-01 12:17 - 2013-07-01 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2013-07-01 11:38 - 2013-07-01 11:38 - 00866592 _____ C:\Documents and Settings\Chris Jacobs\Desktop\Norton_Removal_Tool.exe
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 01:21 - 2013-07-01 01:21 - 00000738 _____ C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Outlook Express.lnk
2013-07-01 00:43 - 2013-07-01 01:49 - 00000000 __HDC C:\WINDOWS\ie8
2013-07-01 00:38 - 2013-07-01 00:38 - 00001892 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-06-30 23:27 - 2013-06-30 23:29 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-06-30 21:57 - 2013-06-30 21:57 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\saves
2013-06-30 16:20 - 2013-06-30 16:20 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\texturepacks
2013-06-30 16:19 - 2013-06-30 16:19 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\stats
2013-06-30 16:19 - 2013-06-30 16:19 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\screenshots
2013-06-29 13:41 - 2013-06-29 13:42 - 106387587 _____ C:\Documents and Settings\Chris Jacobs\Application Data\.minecraft.rar
2013-06-29 08:35 - 2013-06-29 08:35 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2013-06-28 18:43 - 2013-06-28 18:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\RealNetworks
2013-06-28 18:43 - 2013-06-28 18:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-06-28 14:40 - 2013-06-28 14:40 - 00009216 ___SH C:\Documents and Settings\Chris Jacobs\Downloads\Thumbs.db
2013-06-28 14:10 - 2013-06-28 14:09 - 02032810 _____ C:\Documents and Settings\Chris Jacobs\Desktop\minecraftforge-universal-1.5.2-7.8.1.737[1].zip
2013-06-28 12:52 - 2013-06-28 12:52 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\AVS4YOU
2013-06-28 12:28 - 2013-06-28 12:28 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\AVS4YOU
2013-06-28 12:28 - 2013-06-28 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:27 - 00000594 _____ C:\Documents and Settings\Chris Jacobs\Desktop\AVS Video Editor.lnk
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\AVS4YOU
2013-06-28 12:26 - 2013-06-28 12:28 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:26 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-28 12:26 - 2011-06-23 13:26 - 01700352 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2013-06-28 10:03 - 2013-06-28 10:04 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\.technic
2013-06-25 23:07 - 2013-07-01 15:55 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\Me
2013-06-25 20:21 - 2013-06-24 17:40 - 00000704 _____ C:\Documents and Settings\Chris Jacobs\Desktop\WinRAR.lnk
2013-06-24 21:32 - 2013-07-11 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2013-06-24 21:32 - 2013-06-24 21:32 - 00001122 _____ C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Torch.lnk
2013-06-24 21:32 - 2013-06-24 21:32 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Torch
2013-06-24 21:31 - 2013-07-05 00:36 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:40 - 2013-06-24 21:37 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\WinRAR
2013-06-24 17:40 - 2013-06-24 17:40 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\WinRAR
2013-06-24 17:39 - 2013-06-24 17:40 - 00000000 ____D C:\Program Files\WinRAR
2013-06-24 15:56 - 2013-06-24 15:56 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-06-22 22:13 - 2013-06-24 21:48 - 00000488 _____ C:\Documents and Settings\All Users\Desktop\Fraps.lnk
2013-06-22 22:13 - 2013-06-23 13:03 - 00000000 ____D C:\Fraps
2013-06-13 20:53 - 2013-06-13 20:53 - 00000318 _____ C:\Documents and Settings\Chris Jacobs\My Documents\My Documents.lnk
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-13 00:03 - 2013-07-05 03:02 - 00024435 _____ C:\WINDOWS\KB2838727-IE8.log
2013-06-12 16:06 - 2013-06-13 00:09 - 00015785 _____ C:\WINDOWS\KB2839229.log
 
==================== One Month Modified Files and Folders =======
 
2013-07-11 23:21 - 2013-07-11 23:21 - 00026357 _____ C:\Documents and Settings\Chris Jacobs\Desktop\Result.txt
2013-07-11 23:13 - 2013-07-06 21:29 - 01218598 _____ (Farbar) C:\Documents and Settings\Chris Jacobs\Desktop\FRST.exe
2013-07-11 23:12 - 2013-07-06 11:43 - 00760775 _____ (Farbar) C:\Documents and Settings\Chris Jacobs\Desktop\MiniToolBox.exe
2013-07-11 23:09 - 2011-05-26 17:14 - 00001006 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007UA.job
2013-07-11 22:31 - 2012-03-29 20:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-07-11 21:09 - 2011-05-26 17:14 - 00000954 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3363229072-3021304974-548893752-1007Core.job
2013-07-11 19:58 - 2013-07-02 19:34 - 00000292 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-11 19:57 - 2013-06-24 21:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TorchCrashHandler
2013-07-11 19:57 - 2010-11-06 16:48 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-07-11 19:57 - 2005-08-16 06:40 - 01286027 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-11 19:57 - 2005-08-16 06:35 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-11 19:57 - 2005-08-16 06:35 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-07-11 19:55 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Steam
2013-07-11 19:55 - 2009-12-10 23:42 - 00000062 ___SH C:\Documents and Settings\kodak\Local Settings\desktop.ini
2013-07-11 19:55 - 2005-08-16 06:49 - 00000062 ___SH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-11 19:54 - 2007-01-31 01:23 - 00000062 ___SH C:\Documents and Settings\Chris Jacobs\Local Settings\desktop.ini
2013-07-11 19:52 - 2005-08-16 06:49 - 00000062 ___SH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-11 19:52 - 2005-08-16 06:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-11 19:51 - 2007-01-31 01:23 - 00000278 ___SH C:\Documents and Settings\Chris Jacobs\ntuser.ini
2013-07-11 19:51 - 2005-08-16 06:49 - 00032474 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-11 19:41 - 2005-08-16 06:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-11 19:37 - 2013-07-11 19:49 - 02240864 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Chris Jacobs\Desktop\tdsskiller.exe
2013-07-11 02:00 - 2013-04-03 15:19 - 00000356 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-KJACOBS-Chris Jacobs.job
2013-07-11 02:00 - 2007-02-08 01:03 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Adobe
2013-07-11 01:26 - 2013-07-11 01:26 - 00017133 _____ C:\ComboFix.txt
2013-07-11 01:26 - 2013-07-08 09:02 - 00000000 ____D C:\Qoobox
2013-07-11 01:17 - 2005-08-16 06:18 - 00000227 _____ C:\WINDOWS\system.ini
2013-07-11 00:46 - 2013-04-18 20:16 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\Skype
2013-07-11 00:09 - 2013-07-11 00:41 - 04009167 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ServicesRepair (1).exe
2013-07-10 15:09 - 2013-07-10 14:54 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
2013-07-10 14:53 - 2013-07-10 14:12 - 00065536 _____ C:\WINDOWS\system32\config\Doctor W.evt
2013-07-10 14:34 - 2011-04-20 04:41 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-10 14:12 - 2013-07-10 14:12 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Doctor Web
2013-07-10 14:12 - 2007-01-31 01:23 - 00000000 ____D C:\Documents and Settings\Chris Jacobs
2013-07-10 11:28 - 2013-07-10 11:28 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-07-10 11:06 - 2013-07-10 12:56 - 124212832 _____ C:\Documents and Settings\Chris Jacobs\Desktop\drweb-cureit.exe
2013-07-10 10:56 - 2013-07-10 11:28 - 04009167 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ServicesRepair.exe
2013-07-09 22:55 - 2005-08-16 00:27 - 55836672 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 12582912 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 05767168 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-07-09 22:55 - 2005-08-16 00:27 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-07-09 22:54 - 2013-07-09 22:54 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-07-09 22:54 - 2013-07-09 22:54 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2013-07-09 22:54 - 2012-08-29 21:53 - 00000000 ____D C:\WINDOWS\erdnt
2013-07-09 22:37 - 2005-08-16 06:40 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-07-07 13:10 - 2013-07-08 08:58 - 05087096 ____R (Swearware) C:\Documents and Settings\Chris Jacobs\Desktop\ComboFix.exe
2013-07-07 08:49 - 2013-07-06 21:29 - 00000000 ____D C:\FRST
2013-07-06 22:54 - 2005-08-16 06:33 - 03004537 _____ C:\WINDOWS\FaxSetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01467830 _____ C:\WINDOWS\ocgen.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01370045 _____ C:\WINDOWS\iis6.log
2013-07-06 22:54 - 2005-08-16 06:33 - 01366219 _____ C:\WINDOWS\tsoc.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00969421 _____ C:\WINDOWS\comsetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00596806 _____ C:\WINDOWS\ntdtcsetup.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00529764 _____ C:\WINDOWS\netfxocm.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00339840 _____ C:\WINDOWS\MedCtrOC.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00159881 _____ C:\WINDOWS\ocmsn.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00148516 _____ C:\WINDOWS\msgsocm.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00146221 _____ C:\WINDOWS\tabletoc.log
2013-07-06 22:54 - 2005-08-16 06:33 - 00001891 _____ C:\WINDOWS\imsins.log
2013-07-06 22:53 - 2005-08-16 06:33 - 00925310 _____ C:\WINDOWS\msmqinst.log
2013-07-06 10:10 - 2012-09-30 17:54 - 00207900 _____ C:\WINDOWS\setupapi.log
2013-07-05 23:38 - 2005-08-16 06:33 - 00557092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-05 23:38 - 2005-08-16 06:33 - 00004635 _____ C:\WINDOWS\imsins.BAK
2013-07-05 23:38 - 2005-08-16 06:22 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2013-07-05 18:27 - 2012-08-10 12:07 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3363229072-3021304974-548893752-1007.job
2013-07-05 11:01 - 2013-07-05 11:01 - 00052279 _____ C:\Documents and Settings\Chris Jacobs\Desktop\eset scan.txt
2013-07-05 03:04 - 2013-07-05 03:04 - 00013049 _____ C:\WINDOWS\KB2485663.log
2013-07-05 03:04 - 2013-07-05 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2485663$
2013-07-05 03:04 - 2007-01-25 09:16 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-07-05 03:03 - 2009-12-09 11:02 - 00026979 _____ C:\WINDOWS\KB973904.log
2013-07-05 03:03 - 2005-08-16 06:18 - 00001208 _____ C:\WINDOWS\win.ini
2013-07-05 03:02 - 2013-06-13 00:03 - 00024435 _____ C:\WINDOWS\KB2838727-IE8.log
2013-07-05 03:02 - 2005-08-16 06:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-05 03:01 - 2011-04-16 12:33 - 00017101 _____ C:\WINDOWS\KB2510531-IE8.log
2013-07-05 03:01 - 2009-10-28 20:54 - 00000000 ____D C:\WINDOWS\ie8updates
2013-07-05 03:01 - 2005-08-16 23:04 - 00632237 _____ C:\WINDOWS\updspapi.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00007443 _____ C:\WINDOWS\KB923561.log
2013-07-05 03:00 - 2013-07-05 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB923561$
2013-07-05 01:13 - 2013-07-01 12:17 - 00000000 ____D C:\Program Files\ESET
2013-07-05 00:59 - 2012-11-07 15:51 - 00000000 ____D C:\Documents and Settings\Katherine Jacobs\Application Data\CheckPoint
2013-07-05 00:59 - 2012-09-02 00:13 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\CheckPoint
2013-07-05 00:38 - 2013-07-05 00:38 - 00004139 _____ C:\Documents and Settings\Chris Jacobs\Desktop\JRT.txt
2013-07-05 00:36 - 2013-06-24 21:31 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\Torch
2013-07-05 00:35 - 2013-07-05 00:35 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-04 23:02 - 2011-03-24 10:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2524375$
2013-07-04 23:02 - 2005-08-16 06:22 - 00000000 _SHDC C:\WINDOWS\$NtUninstallKB44159$
2013-07-04 22:03 - 2013-07-04 22:02 - 00000000 ____D C:\Program Files\ERUNT
2013-07-04 22:02 - 2013-07-04 22:02 - 00000611 _____ C:\Documents and Settings\Chris Jacobs\Desktop\NTREGOPT.lnk
2013-07-04 22:02 - 2013-07-04 22:02 - 00000592 _____ C:\Documents and Settings\Chris Jacobs\Desktop\ERUNT.lnk
2013-07-04 17:10 - 2012-08-16 22:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-04 00:22 - 2013-07-04 00:22 - 00025604 _____ C:\Documents and Settings\Chris Jacobs\Desktop\attach.txt
2013-07-04 00:22 - 2013-07-04 00:22 - 00021871 _____ C:\Documents and Settings\Chris Jacobs\Desktop\dds.txt
2013-07-03 23:37 - 2013-07-03 22:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-03 22:02 - 2005-08-16 23:10 - 00161704 ____C C:\WINDOWS\spupdsvc.log
2013-07-03 22:01 - 2013-07-03 22:01 - 00000782 _____ C:\Documents and Settings\kodak\Desktop\Windows Media Player.lnk
2013-07-03 22:01 - 2008-09-23 21:26 - 00000352 _____ C:\WINDOWS\spupdsvc.log.1.log
2013-07-03 22:01 - 2008-09-23 21:26 - 00000253 _____ C:\WINDOWS\system32\spupdwxp.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00161569 _____ C:\WINDOWS\wmsetup.log
2013-07-03 22:01 - 2005-08-16 06:38 - 00001103 ____C C:\WINDOWS\DtcInstall.log
2013-07-03 21:54 - 2008-09-12 15:35 - 00731728 _____ C:\WINDOWS\svcpack.log
2013-07-03 21:54 - 2005-08-16 06:22 - 00000000 ____D C:\WINDOWS\security
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952954$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951748$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951698$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376-v2$
2013-07-03 21:21 - 2013-07-03 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951376$
2013-07-03 21:21 - 2008-08-23 10:00 - 00218980 _____ C:\WINDOWS\KB952287.log
2013-07-03 21:21 - 2008-08-22 18:52 - 00037915 _____ C:\WINDOWS\KB951072-v2.log
2013-07-03 21:21 - 2008-08-22 18:46 - 00226690 _____ C:\WINDOWS\KB952954.log
2013-07-03 21:21 - 2008-07-09 04:35 - 00223762 _____ C:\WINDOWS\KB951748.log
2013-07-03 21:21 - 2008-06-20 10:00 - 00210916 _____ C:\WINDOWS\KB951376-v2.log
2013-07-03 21:21 - 2008-06-11 10:00 - 00210859 _____ C:\WINDOWS\KB951376.log
2013-07-03 21:21 - 2008-06-10 22:33 - 00222068 _____ C:\WINDOWS\KB951698.log
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB951066$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950974$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB946648$
2013-07-03 21:20 - 2013-07-03 21:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB938464$
2013-07-03 21:20 - 2008-09-10 10:00 - 00212975 _____ C:\WINDOWS\KB938464.log
2013-07-03 21:20 - 2008-08-23 10:01 - 00220427 _____ C:\WINDOWS\KB946648.log
2013-07-03 21:20 - 2008-08-23 10:00 - 00211902 _____ C:\WINDOWS\KB951066.log
2013-07-03 21:20 - 2008-08-22 18:44 - 00225013 _____ C:\WINDOWS\KB950974.log
2013-07-03 21:20 - 2008-06-11 10:00 - 00211215 _____ C:\WINDOWS\KB950762.log
2013-07-03 21:20 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\Messenger
2013-07-03 21:17 - 2005-08-16 06:36 - 00000573 ____C C:\WINDOWS\cmsetacl.log
2013-07-03 21:16 - 2005-08-16 06:39 - 00003257 ____C C:\WINDOWS\sessmgr.setup.log
2013-07-03 21:16 - 2005-08-16 06:37 - 00000000 ____D C:\Program Files\MSN
2013-07-03 21:16 - 2005-08-16 06:22 - 00000000 ____D C:\WINDOWS\Help
2013-07-03 21:15 - 2007-01-25 09:08 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-07-02 19:06 - 2013-07-02 13:51 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\The Curse of Blackmoor Manor
2013-07-02 15:43 - 2011-12-28 22:03 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-07-02 13:51 - 2013-07-02 13:51 - 00000807 _____ C:\Documents and Settings\All Users\Desktop\The Curse of Blackmoor Manor.lnk
2013-07-02 13:48 - 2008-09-13 14:37 - 00000000 ____D C:\Program Files\Nancy Drew
2013-07-01 19:19 - 2005-08-16 06:49 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-07-01 17:37 - 2012-06-28 22:52 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\.minecraft
2013-07-01 17:14 - 2012-08-13 11:18 - 00001954 _____ C:\WINDOWS\epplauncher.mif
2013-07-01 16:12 - 2013-07-01 16:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-07-01 16:11 - 2013-07-01 16:11 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-07-01 15:55 - 2013-06-25 23:07 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\Me
2013-07-01 15:54 - 2013-02-17 22:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-07-01 13:06 - 2012-07-21 12:36 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\{43028B5C-D352-11E1-8270-B8AC6F996F26}
2013-07-01 12:54 - 2013-07-01 12:54 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\ESET
2013-07-01 12:17 - 2013-07-01 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2013-07-01 12:06 - 2007-01-25 09:27 - 00000000 ____D C:\Program Files\Google
2013-07-01 11:42 - 2008-01-30 19:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-01 11:38 - 2013-07-01 11:38 - 00866592 _____ C:\Documents and Settings\Chris Jacobs\Desktop\Norton_Removal_Tool.exe
2013-07-01 02:15 - 2005-08-16 06:38 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-07-01 02:01 - 2007-01-25 09:32 - 00102632 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-01 01:59 - 2005-08-16 06:27 - 03694712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-01 01:57 - 2005-08-16 06:22 - 00000000 ____D C:\WINDOWS\Media
2013-07-01 01:56 - 2009-07-05 19:11 - 00186214 _____ C:\WINDOWS\ie8_main.log
2013-07-01 01:49 - 2013-07-01 00:43 - 00000000 __HDC C:\WINDOWS\ie8
2013-07-01 01:49 - 2009-10-28 20:51 - 00350556 _____ C:\WINDOWS\ie8.log
2013-07-01 01:42 - 2013-07-01 01:42 - 00000000 ____D C:\Program Files\Microsoft ActiveSync
2013-07-01 01:42 - 2007-01-25 09:29 - 00000376 _____ C:\WINDOWS\ODBC.INI
2013-07-01 01:41 - 2005-08-16 06:40 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-01 01:38 - 2005-08-16 06:22 - 00000000 ____D C:\WINDOWS\system
2013-07-01 01:21 - 2013-07-01 01:21 - 00000738 _____ C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Outlook Express.lnk
2013-07-01 01:21 - 2007-01-31 01:23 - 00000234 ___SH C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\desktop.ini
2013-07-01 00:45 - 2011-12-14 11:05 - 00019449 _____ C:\WINDOWS\KB2618444-IE8.log
2013-07-01 00:38 - 2013-07-01 00:38 - 00001892 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
2013-07-01 00:38 - 2013-07-01 00:38 - 00000000 ____D C:\Program Files\Microsoft Download Manager
2013-07-01 00:17 - 2013-07-01 00:17 - 00000000 ____D C:\WINSSLog
2013-07-01 00:07 - 2008-09-09 17:49 - 00000000 ____D C:\Program Files\Windows Live
2013-06-30 23:52 - 2012-08-10 09:51 - 00104792 _____ C:\WINDOWS\ie8Uninst.log
2013-06-30 23:29 - 2013-06-30 23:27 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-06-30 22:19 - 2007-08-15 10:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB938828$
2013-06-30 21:57 - 2013-06-30 21:57 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\saves
2013-06-30 18:13 - 2011-04-17 17:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-30 18:12 - 2012-06-13 16:37 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-30 18:03 - 2013-06-09 23:15 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-30 16:20 - 2013-06-30 16:20 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\texturepacks
2013-06-30 16:19 - 2013-06-30 16:19 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\stats
2013-06-30 16:19 - 2013-06-30 16:19 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Desktop\screenshots
2013-06-29 13:42 - 2013-06-29 13:41 - 106387587 _____ C:\Documents and Settings\Chris Jacobs\Application Data\.minecraft.rar
2013-06-29 08:35 - 2013-06-29 08:35 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Sun
2013-06-29 08:33 - 2007-09-16 19:44 - 00115712 _____ C:\Documents and Settings\Chris Jacobs\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-28 18:43 - 2013-06-28 18:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\RealNetworks
2013-06-28 18:43 - 2013-06-28 18:43 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-06-28 14:40 - 2013-06-28 14:40 - 00009216 ___SH C:\Documents and Settings\Chris Jacobs\Downloads\Thumbs.db
2013-06-28 14:09 - 2013-06-28 14:10 - 02032810 _____ C:\Documents and Settings\Chris Jacobs\Desktop\minecraftforge-universal-1.5.2-7.8.1.737[1].zip
2013-06-28 13:12 - 2012-03-29 20:31 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\vlc
2013-06-28 12:52 - 2013-06-28 12:52 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\AVS4YOU
2013-06-28 12:28 - 2013-06-28 12:28 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\AVS4YOU
2013-06-28 12:28 - 2013-06-28 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVS4YOU
2013-06-28 12:28 - 2013-06-28 12:26 - 00000000 ____D C:\AVSVideoEditor
2013-06-28 12:27 - 2013-06-28 12:27 - 00000594 _____ C:\Documents and Settings\Chris Jacobs\Desktop\AVS Video Editor.lnk
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Program Files\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:27 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\AVS4YOU
2013-06-28 12:27 - 2013-06-28 12:26 - 00000000 ____D C:\Program Files\Common Files\AVSMedia
2013-06-28 10:04 - 2013-06-28 10:03 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\.technic
2013-06-25 00:13 - 2013-02-17 22:31 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-06-24 21:48 - 2013-06-22 22:13 - 00000488 _____ C:\Documents and Settings\All Users\Desktop\Fraps.lnk
2013-06-24 21:37 - 2013-06-24 17:40 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\WinRAR
2013-06-24 21:32 - 2013-06-24 21:32 - 00001122 _____ C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Torch.lnk
2013-06-24 21:32 - 2013-06-24 21:32 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Torch
2013-06-24 21:14 - 2013-06-24 21:14 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-24 17:40 - 2013-06-25 20:21 - 00000704 _____ C:\Documents and Settings\Chris Jacobs\Desktop\WinRAR.lnk
2013-06-24 17:40 - 2013-06-24 17:40 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\WinRAR
2013-06-24 17:40 - 2013-06-24 17:39 - 00000000 ____D C:\Program Files\WinRAR
2013-06-24 15:56 - 2013-06-24 15:56 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-06-23 13:03 - 2013-06-22 22:13 - 00000000 ____D C:\Fraps
2013-06-15 16:45 - 2008-12-15 20:54 - 00000000 _____ C:\transcoding.log
2013-06-15 10:10 - 2013-03-10 07:50 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Start Menu\Programs\Steam
2013-06-14 14:30 - 2008-12-14 12:15 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\Application Data\Real
2013-06-13 20:53 - 2013-06-13 20:53 - 00000318 _____ C:\Documents and Settings\Chris Jacobs\My Documents\My Documents.lnk
2013-06-13 17:41 - 2013-03-09 21:10 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-13 00:09 - 2013-06-13 00:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-06-13 00:09 - 2013-06-12 16:06 - 00015785 _____ C:\WINDOWS\KB2839229.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00340543 _____ C:\WINDOWS\plusoc.log
2013-06-13 00:09 - 2005-08-16 06:33 - 00164061 _____ C:\WINDOWS\ehOCGen.log
2013-06-13 00:05 - 2011-04-18 07:21 - 73381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-06-12 21:55 - 2013-06-04 17:44 - 00000000 ____D C:\Documents and Settings\Chris Jacobs\My Documents\Chapbook
2013-06-12 16:31 - 2012-03-29 20:20 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-06-12 16:31 - 2011-06-22 17:55 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

The computer we have been working on is our desktop. I is connected to our router/modem via cable. We have a wireless network off this router/modem that is working. However, I am unable to get connectivity on the desktop.  Therefore have have been posting on a different computer and using a usb key to transfer files.

 

Yesterday, ComboFix gave a message that indicated Rootkit.Zero Access has inserted itself into the tcp/ip stack. 

Link to post
Share on other sites

  • Root Admin

Yes, just double checking as the networking does show its screwed up and yet you were posting so just wanted to double check is all.

I'm checking but I don't think we have any portable update for MBAR to copy to disk to transfer to the affected computer. If you're somewhat proficient at copying files around on the computer we can probably get an update on a working computer and then copy those files to a USB stick to put on the other computer.

Link to post
Share on other sites

  • Root Admin

Please save the attached file mbar-1.06.0.1004a.zip to your computer.

 

Then close all open browsers and extract the contents of the zip file to it's own new folder.  If not sure how simply open the file, then copy the folder, then select a new folder and paste.  Then run the mbar.exe file inside.

 

You can extract the files on a USB stick and then copy them over to the affected computer to run.

 

Let me know what it finds if anything.   If nothing found go ahead and run the FIXDAMAGE.EXE file in the Plugin folder and reboot the computer.

 

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.