Jump to content

Infected? C:\Program Files\wrapper_inst\


Recommended Posts

This is my first post on this.  Been in computers for many years.  "Grandma's"  computer started with the log on - log off for Win XP.  Had to edit the registry to put the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell=explorer.exe & Userinit = c:\windows\system32\userinit.exe keys back in. They were missing. Also found the following directory: C:\Program Files\wrapper_inst\ as well.  Sophos did find the services.exe in the C:\Program Files\wrapper_inst\ directory and removed it.  Malwarebytes didn't find anything wrong.  When trying to run the Malwarebytes Anti-Rootkit BETA 1.07.0.1005 I get the following:The system volume seems inaccessible or encrypted. Scan can't continue.   All I can do at that time is click OK.  I will include the dds.txt & attach.txt below.  

 

Thank you in advance.

John Campanale

 

 

 DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.4.2_03
Run by JACK at 9:01:10 on 2013-09-25
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1526.662 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\wrapper_inst\file_to_run.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Download] "c:\documents and settings\jack\local settings\application data\supportsoft\ddoctorv2\jack\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRun: [Google Update] "c:\documents and settings\jack\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [OSCD_Creator] c:\dell\mediaexe\PreODM.EXE
mRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [brStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRunOnce: [OSCD_Creator] c:\dell\mediaexe\PreODM.EXE /2
mRunOnce: [ (A0)] cmd /c "c:\documents and settings\jack\desktop\mbar\mbar.exe" /rdv /s
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{05A691B0-0B56-4A12-A242-DD76FD27C1DC} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jack\application data\mozilla\firefox\profiles\j5amn9uk.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jack\application data\mozilla\firefox\profiles\j5amn9uk.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\jack\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 211560]
R1 MpKsl6900d989;MpKsl6900d989;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb63fe53-1c2c-480f-8f14-23f32032ddb1}\MpKsl6900d989.sys [2013-9-25 40392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-1-18 54752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-23 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-23 701512]
R2 pcregservice;pcregservice Service;c:\program files\wrapper_inst\file_to_run.exe [2013-9-6 31344]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-6-24 4150112]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-12-26 245760]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-25 48728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-23 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-1-18 9040]
S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2010-1-18 19408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2013-09-25 07:06:24 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb63fe53-1c2c-480f-8f14-23f32032ddb1}\offreg.dll
2013-09-25 07:06:24 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb63fe53-1c2c-480f-8f14-23f32032ddb1}\MpKsl6900d989.sys
2013-09-25 06:43:40 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-09-25 06:43:00 48728 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-09-25 04:10:33 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb63fe53-1c2c-480f-8f14-23f32032ddb1}\mpengine.dll
2013-09-24 14:06:37 -------- d-----w- C:\FRST
2013-09-24 01:26:48 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-09-24 01:26:24 73728 ----a-r- c:\documents and settings\jack\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-24 01:26:24 73728 ----a-r- c:\documents and settings\jack\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-24 01:26:24 73728 ----a-r- c:\documents and settings\jack\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2013-09-24 01:26:06 -------- d-----w- c:\program files\Sophos
2013-09-23 23:41:29 -------- d-----w- c:\documents and settings\jack\application data\Malwarebytes
2013-09-23 23:41:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-09-23 23:41:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-23 23:41:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-23 18:34:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-09-23 15:44:51 7328304 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-22 01:02:59 -------- d-----w- c:\windows\Microsoft Antimalware
2013-09-11 16:26:54 -------- d-----w- c:\windows\LastGood.Tmp
2013-09-06 16:23:49 -------- d-----w- c:\documents and settings\jack\application data\GoforFiles
2013-09-06 12:12:47 -------- d-----w- c:\program files\wrapper_inst
2013-09-03 13:53:52 187248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-09-01 07:21:43 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-09-21 17:12:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-21 17:12:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH:  9:02:33.34 ===============
 
 
---------------------------------------------------------------------------------------------------
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/23/2005 9:26:39 PM
System Uptime: 9/24/2013 11:30:02 PM (10 hours ago)
.
Motherboard: Dell Inc.           |  | 0M3918
Processor:               Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 8.791 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1092: 6/27/2013 10:06:24 AM - Software Distribution Service 3.0
RP1093: 6/28/2013 10:23:01 AM - Software Distribution Service 3.0
RP1094: 7/1/2013 4:55:56 AM - Software Distribution Service 3.0
RP1095: 8/31/2013 2:14:26 PM - System Checkpoint
RP1096: 9/1/2013 2:49:02 AM - Software Distribution Service 3.0
RP1097: 9/1/2013 3:00:23 AM - Software Distribution Service 3.0
RP1098: 9/2/2013 2:56:52 AM - Software Distribution Service 3.0
RP1099: 9/3/2013 2:34:35 AM - Software Distribution Service 3.0
RP1100: 9/3/2013 5:44:58 PM - Software Distribution Service 3.0
RP1101: 9/4/2013 2:33:32 AM - Software Distribution Service 3.0
RP1102: 9/5/2013 2:36:12 PM - System Checkpoint
RP1103: 9/5/2013 8:27:27 PM - Software Distribution Service 3.0
RP1104: 9/6/2013 3:16:28 AM - Software Distribution Service 3.0
RP1105: 9/6/2013 12:47:27 PM - Software Distribution Service 3.0
RP1106: 9/7/2013 3:07:29 AM - Software Distribution Service 3.0
RP1107: 9/7/2013 2:37:42 PM - Software Distribution Service 3.0
RP1108: 9/8/2013 3:07:09 AM - Software Distribution Service 3.0
RP1109: 9/8/2013 2:38:00 PM - Software Distribution Service 3.0
RP1110: 9/9/2013 3:07:21 AM - Software Distribution Service 3.0
RP1111: 9/10/2013 6:45:26 AM - Software Distribution Service 3.0
RP1112: 9/11/2013 7:27:48 AM - Software Distribution Service 3.0
RP1113: 9/11/2013 1:14:22 PM - Software Distribution Service 3.0
RP1114: 9/12/2013 2:42:46 AM - Software Distribution Service 3.0
RP1115: 9/12/2013 3:00:20 AM - Software Distribution Service 3.0
RP1116: 9/12/2013 1:47:54 PM - Software Distribution Service 3.0
RP1117: 9/13/2013 2:42:36 AM - Software Distribution Service 3.0
RP1118: 9/13/2013 3:00:21 AM - Software Distribution Service 3.0
RP1119: 9/14/2013 2:41:42 AM - Software Distribution Service 3.0
RP1120: 9/14/2013 1:48:17 PM - Software Distribution Service 3.0
RP1121: 9/15/2013 2:43:09 AM - Software Distribution Service 3.0
RP1122: 9/21/2013 12:27:58 PM - Software Distribution Service 3.0
RP1123: 9/22/2013 12:35:01 PM - System Checkpoint
RP1124: 9/23/2013 11:44:46 AM - Software Distribution Service 3.0
RP1125: 9/23/2013 9:26:00 PM - Installed Sophos Virus Removal Tool.
RP1126: 9/24/2013 9:45:18 PM - System Checkpoint
RP1127: 9/25/2013 12:10:24 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Banctec Service Agreement
Bonjour
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Dell Driver Reset Tool
Dell System Restore
DellSupport
Desktop Doctor
Google Chrome
HL-2240
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
LibreOffice 4.0 Help Pack (English)
LibreOffice 4.0.1.2
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
pdfsam enhanced
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SIW 2011 Home Edition
Skype Click to Call
Skype™ 6.6
Sophos Virus Removal Tool
Speccy
TeamViewer 8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/24/2013 9:28:58 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.5 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/24/2013 2:41:58 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.510.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80072efd Error description: A connection with the server could not be established 
9/24/2013 11:43:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.510.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
9/24/2013 11:43:00 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.510.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 
9/24/2013 11:30:28 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.4 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
9/23/2013 8:15:44 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
9/23/2013 7:12:03 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.16 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/23/2013 3:33:29 PM, error: System Error [1003]  - Error code 1000008e, parameter1 c0000005, parameter2 bf9571fe, parameter3 a80aec00, parameter4 00000000.
9/23/2013 11:39:47 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.3 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/23/2013 10:44:32 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.423.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
9/22/2013 8:41:48 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.423.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
9/22/2013 3:00:30 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version:   Previous Signature Version: 1.159.423.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:   Previous Engine Version: 1.1.9901.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
9/21/2013 4:04:36 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 4:04:36 PM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/21/2013 12:16:50 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.4 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/21/2013 11:15:22 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/21/2013 10:56:44 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm MpFilter
9/21/2013 10:53:13 AM, error: Dhcp [1002]  - The IP address lease 192.168.2.2 for the Network Card with network address 0013203890CC has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Kevin,

 

Here is the info that you requested.  I did run this tool yesterday and have the FRST.txt and addition.txt from then and also reran the tool today but only got the FRST.txt that time.  I will include the ones done yesterday and at the end the FRST.txt from this morning.

 

See below.

John Campanale

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by JACK (administrator) on FIJAN on 24-09-2013 11:12:27
Running from C:\Documents and Settings\JACK\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\wrapper_inst\file_to_run.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [OSCD_Creator] - c:\Dell\MediaExe\PreODM.EXE [107520 2005-03-18] ()
HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] - "C:\Program Files\ATT-SST\McciTrayApp.exe"
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [ddoctorv2] - "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
HKLM\...\Run: [] - [x]
HKLM\...\Run: [brStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [OSCD_Creator] - c:\Dell\MediaExe\PreODM.EXE /2 [107520 2005-03-18] ()
HKCU\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKCU\...\Run: [Download] - "C:\Documents and Settings\JACK\Local Settings\Application Data\SupportSoft\ddoctorv2\JACK\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
HKCU\...\Run: [Google Update] - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-09-21] (Google Inc.)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\j2re1.4.2_03\bin\ssv.dll No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\j2re1.4.2_03\bin\jp2ssv.dll No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM -  No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FB472956-BB1C-4407-9574-362EA4CFC2A9} http://as400.namcocy.com/Symtnet.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome: 
=======
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Floorplanner) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0
CHR Extension: (Your Second Phone) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo\4.1_0
CHR Extension: (Angry Birds) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Turn Off the Lights) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.21_0
CHR Extension: (QRreader beta) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0
CHR Extension: (Facebook) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0
CHR Extension: (Adblock Plus) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Add to Amazon Wish List) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Email this page (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0
CHR Extension: (Google Tasks (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0
CHR Extension: (Craigslist\u2122) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ehooohheckbjmjbemknmiinpkjbibklb\2.0.3_0
CHR Extension: (IE Tab Multi (Enhance)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0
CHR Extension: (Pastebin.com) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh\2.4_0
CHR Extension: (TweetDeck by Twitter) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.2.4_0
CHR Extension: (Simple Highlighter) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\2.1.7.2_0
CHR Extension: (mysms - Text anywhere) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb\3.3.1_0
CHR Extension: (bitly | \u2665  your bitmarks) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_0
CHR Extension: (Adobe Edge Inspect CC) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem\1.0.424.1_0
CHR Extension: (DataJog for webOS) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jdjbfenehinjhopphkdodhkamhikjmij\1.1.0_0
CHR Extension: (Craigslist) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfhkdighkjbghfkkelkgdlmbkjopoali\0.1_0
CHR Extension: (DirecTV Remote) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jmddglkclmpiamakgjafoikngbphdfnm\2.0_0
CHR Extension: (Google Voice (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (eBay Extension for Google Chrome\u2122 (by eBay)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.5_0
CHR Extension: (Webcam Toy) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Cloud9) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp\1.9.9_0
CHR Extension: (Pocket (formerly Read It Later)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Chrome to Phone) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: (Postponer Adder) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pggmlienkcoenodbjpkbidlmmedgonai\0.4_0
CHR Extension: (Evernote Web Clipper) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.20_0
CHR Extension: (Gmail) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Tapatalk Notifier) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\plfhcjljnfjpfcbjpgnflfofmahljkjj\2.1_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
R2 pcregservice; C:\Program Files\wrapper_inst\file_to_run.exe [31344 2013-09-06] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [9040 2010-01-18] (Microsoft Corporation)
S3 RDPVDD; C:\Windows\System32\DRIVERS\rdpvmp.sys [19408 2010-01-18] (Microsoft Corporation)
R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
S3 bvrp_pci; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-24 10:06 - 2013-09-24 10:06 - 00000000 ____D C:\FRST
2013-09-23 21:27 - 2013-09-23 21:27 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-23 21:26 - 2013-09-23 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00002072 _____ C:\Documents and Settings\JACK\Desktop\Sophos Virus Removal Tool.lnk
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Program Files\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\JACK\Start Menu\Programs\Sophos
2013-09-23 19:41 - 2013-09-23 19:41 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-23 15:04 - 2013-09-23 14:28 - 30687232 _____ C:\WINDOWS\system32\config\SOFTWARE - Copy
2013-09-21 21:02 - 2013-09-21 21:03 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2013-09-11 13:22 - 2013-09-11 13:23 - 00012015 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 12:27 - 2013-09-11 13:21 - 00010441 _____ C:\WINDOWS\KB2876315.log
2013-09-11 12:27 - 2013-09-11 13:21 - 00009751 _____ C:\WINDOWS\KB2876217.log
2013-09-11 12:26 - 2013-09-11 13:21 - 00008748 _____ C:\WINDOWS\KB2864063.log
2013-09-11 12:26 - 2013-09-11 12:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 15:14 - 2013-09-09 15:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini090913-01.dmp
2013-09-07 10:13 - 2013-09-07 10:13 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update (1).sit
2013-09-06 14:59 - 2013-09-06 14:59 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update.sit
2013-09-06 12:24 - 2013-09-09 14:05 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-06 12:23 - 2013-09-06 12:23 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\GoforFiles
2013-09-06 08:12 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\wrapper_inst
2013-09-01 03:32 - 2013-09-01 03:34 - 00135861 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00127972 _____ C:\WINDOWS\KB2834886.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-09-01 03:29 - 2013-09-01 03:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-09-01 03:21 - 2013-09-11 13:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-01 03:20 - 2013-09-01 03:20 - 00126501 _____ C:\WINDOWS\KB2834904-v2.log
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-09-01 03:19 - 2013-09-01 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-01 03:12 - 2013-09-01 03:12 - 00126974 _____ C:\WINDOWS\KB2863058.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-01 03:11 - 2013-09-01 03:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-31 23:56 - 2013-09-01 03:29 - 00136318 _____ C:\WINDOWS\KB2850851.log
2013-08-31 23:55 - 2013-09-01 03:20 - 00133960 _____ C:\WINDOWS\KB2845187.log
2013-08-31 23:55 - 2013-09-01 03:19 - 00135323 _____ C:\WINDOWS\KB2850869.log
2013-08-31 23:55 - 2013-09-01 03:13 - 00134740 _____ C:\WINDOWS\KB2859537.log
 
==================== One Month Modified Files and Folders =======
 
2013-09-24 11:12 - 2012-09-13 00:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-24 11:11 - 2009-12-26 20:37 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C6F3201-8111-4274-8D8D-B93708ED8D5A}.job
2013-09-24 10:53 - 2012-09-21 14:44 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006UA.job
2013-09-24 10:06 - 2013-09-24 10:06 - 00000000 ____D C:\FRST
2013-09-24 09:51 - 2013-03-07 23:35 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-09-24 09:45 - 2005-05-19 14:01 - 01587577 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-24 09:41 - 2011-04-22 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-09-24 09:41 - 2005-05-19 14:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-24 09:41 - 2004-08-10 13:59 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2013-09-24 09:41 - 2004-08-10 13:59 - 00000049 _____ C:\WINDOWS\WIASERVC.LOG
2013-09-24 09:40 - 2013-09-06 08:12 - 00000000 ____D C:\Program Files\wrapper_inst
2013-09-24 09:40 - 2005-05-23 21:27 - 00000178 ___SH C:\Documents and Settings\JACK\NTUSER.INI
2013-09-24 09:40 - 2005-05-19 14:01 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-23 23:53 - 2012-09-21 14:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006Core.job
2013-09-23 21:27 - 2013-09-23 21:27 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-23 21:27 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00002072 _____ C:\Documents and Settings\JACK\Desktop\Sophos Virus Removal Tool.lnk
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Program Files\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\JACK\Start Menu\Programs\Sophos
2013-09-23 21:25 - 2012-09-15 01:44 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-09-23 21:24 - 2005-06-02 15:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-23 20:15 - 2005-05-28 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB873333$
2013-09-23 20:04 - 2012-09-23 23:51 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Skype
2013-09-23 19:41 - 2013-09-23 19:41 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-23 14:28 - 2013-09-23 15:04 - 30687232 _____ C:\WINDOWS\system32\config\SOFTWARE - Copy
2013-09-23 12:50 - 2010-01-17 16:40 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI
2013-09-23 10:34 - 2005-05-19 13:58 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2013-09-21 21:10 - 2010-01-17 16:40 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-21 21:10 - 2005-05-23 21:27 - 00000000 ____D C:\Documents and Settings\JACK
2013-09-21 21:10 - 2005-05-19 13:44 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-21 21:03 - 2013-09-21 21:02 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2013-09-21 21:03 - 2005-05-19 13:44 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-09-21 13:12 - 2012-09-13 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-21 13:12 - 2011-05-21 23:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 07:34 - 2012-09-14 13:03 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-11 13:35 - 2004-08-10 14:08 - 00255064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 13:23 - 2013-09-11 13:22 - 00012015 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 13:23 - 2009-12-26 19:42 - 00628573 _____ C:\WINDOWS\setupapi.log
2013-09-11 13:23 - 2005-05-28 12:27 - 00333923 _____ C:\WINDOWS\updspapi.log
2013-09-11 13:23 - 2005-05-19 14:00 - 03050178 _____ C:\WINDOWS\FaxSetup.log
2013-09-11 13:23 - 2005-05-19 14:00 - 01463213 _____ C:\WINDOWS\OCGEN.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 01166655 _____ C:\WINDOWS\TSOC.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00903175 _____ C:\WINDOWS\COMSETUP.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00547235 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-11 13:23 - 2005-05-19 14:00 - 00482641 _____ C:\WINDOWS\IIS6.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00152384 _____ C:\WINDOWS\MSGSOCM.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00149333 _____ C:\WINDOWS\OCMSN.LOG
2013-09-11 13:23 - 1980-01-01 01:00 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 13:21 - 2013-09-11 12:27 - 00010441 _____ C:\WINDOWS\KB2876315.log
2013-09-11 13:21 - 2013-09-11 12:27 - 00009751 _____ C:\WINDOWS\KB2876217.log
2013-09-11 13:21 - 2013-09-11 12:26 - 00008748 _____ C:\WINDOWS\KB2864063.log
2013-09-11 13:21 - 1980-01-01 01:00 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 13:19 - 2013-09-01 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 13:14 - 2005-05-31 11:04 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-11 12:26 - 2013-09-11 12:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 15:14 - 2013-09-09 15:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini090913-01.dmp
2013-09-09 14:05 - 2013-09-06 12:24 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-08 13:05 - 2013-03-14 15:09 - 00000000 ___RD C:\Program Files\Skype
2013-09-08 13:04 - 2012-09-23 23:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-09-08 13:04 - 2011-05-20 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-08 07:38 - 2012-09-14 12:00 - 00002511 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2013-09-07 10:13 - 2013-09-07 10:13 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update (1).sit
2013-09-06 14:59 - 2013-09-06 14:59 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update.sit
2013-09-06 12:59 - 2011-05-20 21:17 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-09-06 12:50 - 2012-05-02 09:36 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-09-06 12:50 - 2011-05-20 21:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-06 12:23 - 2013-09-06 12:23 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\GoforFiles
2013-09-01 03:50 - 2010-01-18 14:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-01 03:34 - 2013-09-01 03:32 - 00135861 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00127972 _____ C:\WINDOWS\KB2834886.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-09-01 03:29 - 2013-09-01 03:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-09-01 03:29 - 2013-08-31 23:56 - 00136318 _____ C:\WINDOWS\KB2850851.log
2013-09-01 03:26 - 2005-05-19 13:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-01 03:20 - 2013-09-01 03:20 - 00126501 _____ C:\WINDOWS\KB2834904-v2.log
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-09-01 03:20 - 2013-08-31 23:55 - 00133960 _____ C:\WINDOWS\KB2845187.log
2013-09-01 03:19 - 2013-09-01 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-01 03:19 - 2013-08-31 23:55 - 00135323 _____ C:\WINDOWS\KB2850869.log
2013-09-01 03:18 - 2005-05-19 14:00 - 00504528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-01 03:13 - 2013-08-31 23:55 - 00134740 _____ C:\WINDOWS\KB2859537.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00126974 _____ C:\WINDOWS\KB2863058.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-01 03:12 - 2007-10-19 10:05 - 00758496 _____ C:\WINDOWS\system32\TZLog.log
2013-09-01 03:11 - 2013-09-01 03:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-09-01 03:08 - 2010-06-05 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-09-01 03:01 - 2010-01-18 14:46 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-08-31 23:45 - 2011-05-22 03:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
 
Some content of TEMP:
====================
C:\Documents and Settings\JACK\Local Settings\Temp\acsuninstall.exe
C:\Documents and Settings\JACK\Local Settings\Temp\AcsUninstallRes.dll
C:\Documents and Settings\JACK\Local Settings\Temp\EntitlementClientInstall.dll
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\JACK\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\JACK\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\JACK\Local Settings\Temp\MFC71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcp71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcr71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\PC-Registry-EXE-0808.exe
C:\Documents and Settings\JACK\Local Settings\Temp\pcc.dll
C:\Documents and Settings\JACK\Local Settings\Temp\qbinstal.dll
C:\Documents and Settings\JACK\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\JACK\Local Settings\Temp\stlport_vc746.dll
C:\Documents and Settings\JACK\Local Settings\Temp\toolbar58132828.exe
C:\Documents and Settings\JACK\Local Settings\Temp\uninst.dll
C:\Documents and Settings\JACK\Local Settings\Temp\uninstall59297671.exe
C:\Documents and Settings\JACK\Local Settings\Temp\vmpremov.exe
C:\Documents and Settings\JACK\Local Settings\Temp\xerces-c_2_5_0_qb.dll
C:\Documents and Settings\JACK\Local Settings\Temp\ytb_8.3.9.18_2.3.5_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_base_entice3.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is14.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is21.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_QuickBooks.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2013
Ran by JACK at 2013-09-24 11:15:30
Running from C:\Documents and Settings\JACK\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Banctec Service Agreement (Version: 1.10.0000)
Bonjour (Version: 3.0.0.10)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Desktop Doctor (Version: 2.5.5)
Google Chrome (HKCU Version: 29.0.1547.66)
HL-2240 (Version: 1.0.6.0)
Intel® 537EP V9x DF PCI Modem
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 11.0.2.26)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8089.726)
LibreOffice 4.0 Help Pack (English) (Version: 4.0.1.2)
LibreOffice 4.0.1.2 (Version: 4.0.1.2)
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper (Version: 2.25)
Modem On Hold (Version: 1.12)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
pdfsam enhanced (Version: 2.2.1e)
QuickTime (Version: 7.73.80.64)
Segoe UI (Version: 14.0.4327.805)
SIW 2011 Home Edition (Version: 2011.10.29)
Skype Click to Call (Version: 6.11.13348)
Skype™ 6.6 (Version: 6.6.106)
Sophos Virus Removal Tool (Version: 2.4)
Speccy (Version: 1.20)
TeamViewer 8 (Version: 8.0.19045)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5723.11)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.0.0.238)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
 
==================== Restore Points  =========================
 
27-06-2013 14:06:24 Software Distribution Service 3.0
28-06-2013 14:23:01 Software Distribution Service 3.0
01-07-2013 08:55:56 Software Distribution Service 3.0
31-08-2013 18:14:26 System Checkpoint
01-09-2013 06:49:02 Software Distribution Service 3.0
01-09-2013 07:00:23 Software Distribution Service 3.0
02-09-2013 06:56:52 Software Distribution Service 3.0
03-09-2013 06:34:35 Software Distribution Service 3.0
03-09-2013 21:44:58 Software Distribution Service 3.0
04-09-2013 06:33:32 Software Distribution Service 3.0
05-09-2013 18:36:12 System Checkpoint
06-09-2013 00:27:27 Software Distribution Service 3.0
06-09-2013 07:16:28 Software Distribution Service 3.0
06-09-2013 16:47:27 Software Distribution Service 3.0
07-09-2013 07:07:29 Software Distribution Service 3.0
07-09-2013 18:37:42 Software Distribution Service 3.0
08-09-2013 07:07:09 Software Distribution Service 3.0
08-09-2013 18:38:00 Software Distribution Service 3.0
09-09-2013 07:07:21 Software Distribution Service 3.0
10-09-2013 10:45:26 Software Distribution Service 3.0
11-09-2013 11:27:48 Software Distribution Service 3.0
11-09-2013 17:14:22 Software Distribution Service 3.0
12-09-2013 06:42:46 Software Distribution Service 3.0
12-09-2013 07:00:20 Software Distribution Service 3.0
12-09-2013 17:47:54 Software Distribution Service 3.0
13-09-2013 06:42:36 Software Distribution Service 3.0
13-09-2013 07:00:21 Software Distribution Service 3.0
14-09-2013 06:41:42 Software Distribution Service 3.0
14-09-2013 17:48:17 Software Distribution Service 3.0
15-09-2013 06:43:09 Software Distribution Service 3.0
21-09-2013 16:27:58 Software Distribution Service 3.0
22-09-2013 16:35:01 System Checkpoint
23-09-2013 15:44:46 Software Distribution Service 3.0
24-09-2013 01:26:00 Installed Sophos Virus Removal Tool.
 
==================== Hosts content: ==========================
 
2004-08-04 06:00 - 2004-08-04 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoforFilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006Core.job => C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006UA.job => C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C6F3201-8111-4274-8D8D-B93708ED8D5A}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-23 11:44 - 2013-09-05 01:02 - 07328304 _____ (Microsoft Corporation) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{30878584-1AB3-4E42-AA7D-6DBC54ECC89E}\mpengine.dll
2004-08-04 06:00 - 2008-04-13 20:12 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wbemcons.dll
2010-01-18 14:45 - 2008-07-06 08:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-28 01:23 - 2013-02-28 01:23 - 00314544 _____ (The Document Foundation) C:\Program Files\LibreOffice 4.0\program\shlxthdl\shlxthdl.dll
1980-01-01 01:00 - 2004-09-23 08:55 - 00311296 _____ (Analog Devices Incorporated) C:\WINDOWS\system32\EDCrypt.DLL
2011-12-26 13:30 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2007-02-13 18:29 - 2007-02-13 18:29 - 00116224 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAgnt.dll
2007-01-31 10:42 - 2007-01-31 10:42 - 00211456 _____ (Gteko Ltd.) C:\Program Files\DellSupport\CfgData.DLL
2006-10-05 13:42 - 2006-10-05 13:42 - 00150528 _____ (Gteko Ltd.) C:\Program Files\DellSupport\ActMgr.dll
2007-02-14 17:54 - 2007-02-14 17:54 - 00119808 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\brkrsvch.dll
2006-10-05 13:52 - 2006-10-05 13:52 - 00145408 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\grouph.dll
2007-02-06 14:57 - 2007-02-06 14:57 - 00164864 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\pnph.dll
2006-10-05 13:52 - 2006-10-05 13:52 - 00120320 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\qdiagh.dll
2006-10-05 13:53 - 2006-10-05 13:53 - 00250368 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\trgloadh.dll
2006-10-05 13:53 - 2006-10-05 13:53 - 00179200 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\handlers\trgregh.dll
2006-10-05 14:44 - 2006-10-05 14:44 - 00168960 _____ (Gteko Ltd.) C:\Program Files\DellSupport\TrgMgr.DLL
2007-02-07 18:26 - 2007-02-07 18:26 - 02125312 _____ (Gteko Ltd.) C:\Program Files\DellSupport\gdql_d.dll
2006-10-05 16:21 - 2006-10-05 16:21 - 00136192 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\triggers\timert.dll
2006-10-23 16:10 - 2006-10-23 16:10 - 00131072 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\triggers\DSproct.dll
2006-11-14 13:08 - 2006-11-14 13:08 - 00199168 _____ (Gteko Ltd.) C:\Program Files\DellSupport\GTAction\triggers\DSWnHnt.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-06-21 09:53 - 2013-06-21 09:53 - 00088680 ____R (Skype Technologies) C:\Program Files\Skype\Updater\Updater.dll
2013-09-05 20:59 - 2013-09-02 16:34 - 47074256 _____ (Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-05 20:59 - 2013-09-02 16:35 - 09962960 _____ (The ICU Project) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-05 20:59 - 2013-09-02 16:35 - 04053456 _____ () C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 20:59 - 2013-09-02 16:35 - 00410576 _____ () C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 20:59 - 2013-09-02 16:35 - 02110928 _____ (Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-05 20:59 - 2013-09-02 16:35 - 01604560 _____ () C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2013 07:41:31 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/23/2013 07:41:31 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/23/2013 07:41:31 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/07/2013 05:49:40 AM) (Source: Chrome) (User: FIJAN)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=0;upload=1;minidump=C:\Documents and Settings\JACK\Local Settings\Application Data\Google\CrashReports\86973699-3ed3-4958-aa35-cb83c54f5ec5.dmp
 
Error: (09/05/2013 03:45:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2013 07:22:13 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2013 07:21:40 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2013 07:21:36 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2013 07:19:48 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2013 06:51:41 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (09/24/2013 09:41:59 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error: (09/24/2013 09:28:58 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.5 for the Network Card with network address 0013203890CC has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/24/2013 02:41:58 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.159.510.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/23/2013 08:15:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
abp480n5
adpu160m
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
Error: (09/23/2013 07:12:03 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.16 for the Network Card with network address 0013203890CC has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/23/2013 03:33:29 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf9571fe, parameter3 a80aec00, parameter4 00000000.
 
Error: (09/23/2013 11:39:47 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.3 for the Network Card with network address 0013203890CC has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/23/2013 10:44:32 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.159.423.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/22/2013 08:41:48 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.159.423.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/22/2013 03:00:30 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.159.423.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.3.0215.00
 
Source Path: 4.3.0215.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
 
Microsoft Office Sessions:
=========================
Error: (09/23/2013 07:41:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/23/2013 07:41:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/23/2013 07:41:31 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/07/2013 05:49:40 AM) (Source: Chrome)(User: FIJAN)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.66;lang=;id=;is_machine=0;upload=1;minidump=C:\Documents and Settings\JACK\Local Settings\Application Data\Google\CrashReports\86973699-3ed3-4958-aa35-cb83c54f5ec5.dmp
 
Error: (09/05/2013 03:45:58 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/02/2013 07:22:13 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/02/2013 07:21:40 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/02/2013 07:21:36 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/02/2013 07:19:48 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/02/2013 06:51:41 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 63%
Total physical RAM: 1526.07 MB
Available physical RAM: 554.11 MB
Total Pagefile: 1747.13 MB
Available Pagefile: 874.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:34.06 GB) (Free:8.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=34 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
==================== End Of Log ============================
 
see next message:
Link to post
Share on other sites

The FRST.txt from this morning::

 

-------------------------------------------------------------------------------------------------------------------
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2013
Ran by JACK (administrator) on FIJAN on 25-09-2013 11:20:49
Running from C:\Documents and Settings\JACK\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\wrapper_inst\file_to_run.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(SupportSoft, Inc.) C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Google Inc.) C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [OSCD_Creator] - c:\Dell\MediaExe\PreODM.EXE [107520 2005-03-18] ()
HKLM\...\Run: [intelMeM] - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [221184 2003-09-03] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [ATT-SST_McciTrayApp] - "C:\Program Files\ATT-SST\McciTrayApp.exe"
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [ddoctorv2] - "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
HKLM\...\Run: [] - [x]
HKLM\...\Run: [brStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [OSCD_Creator] - c:\Dell\MediaExe\PreODM.EXE /2 [107520 2005-03-18] ()
HKLM\...\RunOnce: [ (A0)] - cmd /c "C:\Documents and Settings\JACK\Desktop\mbar\mbar.exe" /rdv /s [1178424 2013-08-13] (Malwarebytes Corporation)
HKCU\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKCU\...\Run: [Download] - "C:\Documents and Settings\JACK\Local Settings\Application Data\SupportSoft\ddoctorv2\JACK\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
HKCU\...\Run: [Google Update] - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-09-21] (Google Inc.)
HKCU\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
SearchScopes: HKCU - Comcast URL = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\j2re1.4.2_03\bin\ssv.dll No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\j2re1.4.2_03\bin\jp2ssv.dll No File
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM -  No Name - {BA52B914-B692-46c4-B683-905236F6F655} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FB472956-BB1C-4407-9574-362EA4CFC2A9} http://as400.namcocy.com/Symtnet.ocx
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\JACK\Application Data\Mozilla\Firefox\Profiles\j5amn9uk.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
Chrome: 
=======
CHR DefaultSearchURL: (Bing) - http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultSuggestURL: (Bing) - http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\JACK\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Floorplanner) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0
CHR Extension: (Your Second Phone) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo\4.1_0
CHR Extension: (Angry Birds) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Turn Off the Lights) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.22_0
CHR Extension: (QRreader beta) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic\0.4_0
CHR Extension: (Facebook) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0
CHR Extension: (Adblock Plus) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Add to Amazon Wish List) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0
CHR Extension: (Email this page (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0
CHR Extension: (Google Tasks (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0
CHR Extension: (Craigslist\u2122) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ehooohheckbjmjbemknmiinpkjbibklb\2.0.3_0
CHR Extension: (IE Tab Multi (Enhance)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0
CHR Extension: (Pastebin.com) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ghipmampnddcpdlppkkamoankmkmcbmh\2.4_0
CHR Extension: (TweetDeck by Twitter) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.2.5_0
CHR Extension: (Simple Highlighter) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hljnlfolmbmibdjaikiaepgepgnldclj\2.1.7.2_0
CHR Extension: (mysms - Text anywhere) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb\3.3.1_0
CHR Extension: (bitly | \u2665  your bitmarks) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_0
CHR Extension: (Adobe Edge Inspect CC) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem\1.0.424.1_0
CHR Extension: (DataJog) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jdjbfenehinjhopphkdodhkamhikjmij\1.1.1_0
CHR Extension: (Craigslist) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfhkdighkjbghfkkelkgdlmbkjopoali\0.1_0
CHR Extension: (DirecTV Remote) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jmddglkclmpiamakgjafoikngbphdfnm\2.0_0
CHR Extension: (Google Voice (by Google)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (eBay Extension for Google Chrome\u2122 (by eBay)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.5_0
CHR Extension: (Webcam Toy) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0
CHR Extension: (Cloud9) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp\1.9.9_0
CHR Extension: (Pocket (formerly Read It Later)) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.6_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Chrome to Phone) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: (Postponer Adder) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pggmlienkcoenodbjpkbidlmmedgonai\0.4_0
CHR Extension: (Evernote Web Clipper) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Tapatalk Notifier) - C:\DOCUME~1\JACK\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\plfhcjljnfjpfcbjpgnflfofmahljkjj\2.1_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
========================== Services (Whitelisted) =================
 
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
R2 pcregservice; C:\Program Files\wrapper_inst\file_to_run.exe [31344 2013-09-06] ()
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3291008 2013-08-14] (Skype Technologies S.A.)
R2 sprtsvc_ddoctorv2; C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [202560 2008-04-24] (SupportSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
R2 fssfltr; C:\Windows\System32\DRIVERS\fssfltr_tdi.sys [54752 2009-08-05] (Microsoft Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-05] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-05] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-15] (Intel Corporation)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-25] (MalwareBytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsl6900d989; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB63FE53-1C2C-480F-8F14-23F32032DDB1}\MpKsl6900d989.sys [40392 2013-09-25] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2009-10-22] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [9040 2010-01-18] (Microsoft Corporation)
S3 RDPVDD; C:\Windows\System32\DRIVERS\rdpvmp.sys [19408 2010-01-18] (Microsoft Corporation)
R3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
S3 bvrp_pci; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL; 
U3 mbr; \??\C:\DOCUME~1\JACK\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-25 10:48 - 2013-09-25 10:48 - 00042944 _____ C:\Documents and Settings\JACK\Desktop\malwarebytes.txt
2013-09-25 09:02 - 2013-09-25 09:02 - 00027884 _____ C:\Documents and Settings\JACK\Desktop\attach.txt
2013-09-25 09:02 - 2013-09-25 09:02 - 00014109 _____ C:\Documents and Settings\JACK\Desktop\dds.txt
2013-09-25 02:48 - 2013-09-25 02:49 - 00688992 ____R (Swearware) C:\Documents and Settings\JACK\Desktop\dds.scr
2013-09-25 02:43 - 2013-09-25 02:43 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-25 02:43 - 2013-09-25 02:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-25 02:42 - 2013-09-25 10:44 - 00000000 ____D C:\Documents and Settings\JACK\Desktop\mbar
2013-09-24 10:06 - 2013-09-24 10:06 - 00000000 ____D C:\FRST
2013-09-23 21:27 - 2013-09-23 21:27 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-23 21:26 - 2013-09-23 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00002072 _____ C:\Documents and Settings\JACK\Desktop\Sophos Virus Removal Tool.lnk
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Program Files\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\JACK\Start Menu\Programs\Sophos
2013-09-23 19:41 - 2013-09-23 19:41 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-23 15:04 - 2013-09-23 14:28 - 30687232 _____ C:\WINDOWS\system32\config\SOFTWARE - Copy
2013-09-21 21:02 - 2013-09-21 21:03 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2013-09-11 13:22 - 2013-09-11 13:23 - 00012015 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 12:27 - 2013-09-11 13:21 - 00010441 _____ C:\WINDOWS\KB2876315.log
2013-09-11 12:27 - 2013-09-11 13:21 - 00009751 _____ C:\WINDOWS\KB2876217.log
2013-09-11 12:26 - 2013-09-11 13:21 - 00008748 _____ C:\WINDOWS\KB2864063.log
2013-09-11 12:26 - 2013-09-11 12:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 15:14 - 2013-09-09 15:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini090913-01.dmp
2013-09-07 10:13 - 2013-09-07 10:13 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update (1).sit
2013-09-06 14:59 - 2013-09-06 14:59 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update.sit
2013-09-06 12:24 - 2013-09-09 14:05 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-06 12:23 - 2013-09-06 12:23 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\GoforFiles
2013-09-06 08:12 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\wrapper_inst
2013-09-01 03:32 - 2013-09-01 03:34 - 00135861 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00127972 _____ C:\WINDOWS\KB2834886.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-09-01 03:29 - 2013-09-01 03:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-09-01 03:21 - 2013-09-11 13:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-01 03:20 - 2013-09-01 03:20 - 00126501 _____ C:\WINDOWS\KB2834904-v2.log
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-09-01 03:19 - 2013-09-01 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-01 03:12 - 2013-09-01 03:12 - 00126974 _____ C:\WINDOWS\KB2863058.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-01 03:11 - 2013-09-01 03:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-31 23:56 - 2013-09-01 03:29 - 00136318 _____ C:\WINDOWS\KB2850851.log
2013-08-31 23:55 - 2013-09-01 03:20 - 00133960 _____ C:\WINDOWS\KB2845187.log
2013-08-31 23:55 - 2013-09-01 03:19 - 00135323 _____ C:\WINDOWS\KB2850869.log
2013-08-31 23:55 - 2013-09-01 03:13 - 00134740 _____ C:\WINDOWS\KB2859537.log
 
==================== One Month Modified Files and Folders =======
 
2013-09-25 11:21 - 2009-12-26 20:37 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{0C6F3201-8111-4274-8D8D-B93708ED8D5A}.job
2013-09-25 11:12 - 2012-09-13 00:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-25 10:53 - 2012-09-21 14:44 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006UA.job
2013-09-25 10:48 - 2013-09-25 10:48 - 00042944 _____ C:\Documents and Settings\JACK\Desktop\malwarebytes.txt
2013-09-25 10:44 - 2013-09-25 02:42 - 00000000 ____D C:\Documents and Settings\JACK\Desktop\mbar
2013-09-25 09:02 - 2013-09-25 09:02 - 00027884 _____ C:\Documents and Settings\JACK\Desktop\attach.txt
2013-09-25 09:02 - 2013-09-25 09:02 - 00014109 _____ C:\Documents and Settings\JACK\Desktop\dds.txt
2013-09-25 04:45 - 2005-05-19 14:01 - 01670690 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-25 02:54 - 2013-03-07 23:35 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-09-25 02:49 - 2013-09-25 02:48 - 00688992 ____R (Swearware) C:\Documents and Settings\JACK\Desktop\dds.scr
2013-09-25 02:43 - 2013-09-25 02:43 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-25 02:43 - 2013-09-25 02:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-25 00:26 - 2012-09-23 23:51 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Skype
2013-09-24 23:53 - 2012-09-21 14:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3337739571-885387914-971965087-1006Core.job
2013-09-24 23:45 - 2010-01-18 14:39 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-09-24 23:30 - 2005-05-19 14:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-24 23:30 - 2004-08-10 13:59 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2013-09-24 23:30 - 2004-08-10 13:59 - 00000049 _____ C:\WINDOWS\WIASERVC.LOG
2013-09-24 10:06 - 2013-09-24 10:06 - 00000000 ____D C:\FRST
2013-09-24 09:41 - 2011-04-22 11:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2508429$
2013-09-24 09:40 - 2013-09-06 08:12 - 00000000 ____D C:\Program Files\wrapper_inst
2013-09-24 09:40 - 2005-05-23 21:27 - 00000178 ___SH C:\Documents and Settings\JACK\NTUSER.INI
2013-09-24 09:40 - 2005-05-19 14:01 - 00032372 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-23 21:27 - 2013-09-23 21:27 - 00000000 ____D C:\WINDOWS\LastGood
2013-09-23 21:27 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00002072 _____ C:\Documents and Settings\JACK\Desktop\Sophos Virus Removal Tool.lnk
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Program Files\Sophos
2013-09-23 21:26 - 2013-09-23 21:26 - 00000000 ____D C:\Documents and Settings\JACK\Start Menu\Programs\Sophos
2013-09-23 21:25 - 2012-09-15 01:44 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-09-23 21:24 - 2005-06-02 15:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-23 20:15 - 2005-05-28 12:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB873333$
2013-09-23 19:41 - 2013-09-23 19:41 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\Malwarebytes
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 19:41 - 2013-09-23 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-23 14:28 - 2013-09-23 15:04 - 30687232 _____ C:\WINDOWS\system32\config\SOFTWARE - Copy
2013-09-23 12:50 - 2010-01-17 16:40 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI
2013-09-23 10:34 - 2005-05-19 13:58 - 00002206 _____ C:\WINDOWS\system32\WPA.DBL
2013-09-21 21:10 - 2010-01-17 16:40 - 00000000 ____D C:\Documents and Settings\Administrator
2013-09-21 21:10 - 2005-05-23 21:27 - 00000000 ____D C:\Documents and Settings\JACK
2013-09-21 21:10 - 2005-05-19 13:44 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-09-21 21:03 - 2013-09-21 21:02 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2013-09-21 21:03 - 2005-05-19 13:44 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-09-21 13:12 - 2012-09-13 00:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-21 13:12 - 2011-05-21 23:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 07:34 - 2012-09-14 13:03 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-11 13:35 - 2004-08-10 14:08 - 00255064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 13:23 - 2013-09-11 13:22 - 00012015 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 13:23 - 2009-12-26 19:42 - 00628573 _____ C:\WINDOWS\setupapi.log
2013-09-11 13:23 - 2005-05-28 12:27 - 00333923 _____ C:\WINDOWS\updspapi.log
2013-09-11 13:23 - 2005-05-19 14:00 - 03050178 _____ C:\WINDOWS\FaxSetup.log
2013-09-11 13:23 - 2005-05-19 14:00 - 01463213 _____ C:\WINDOWS\OCGEN.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 01166655 _____ C:\WINDOWS\TSOC.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00903175 _____ C:\WINDOWS\COMSETUP.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00547235 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-11 13:23 - 2005-05-19 14:00 - 00482641 _____ C:\WINDOWS\IIS6.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00152384 _____ C:\WINDOWS\MSGSOCM.LOG
2013-09-11 13:23 - 2005-05-19 14:00 - 00149333 _____ C:\WINDOWS\OCMSN.LOG
2013-09-11 13:23 - 1980-01-01 01:00 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 13:21 - 2013-09-11 13:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 13:21 - 2013-09-11 12:27 - 00010441 _____ C:\WINDOWS\KB2876315.log
2013-09-11 13:21 - 2013-09-11 12:27 - 00009751 _____ C:\WINDOWS\KB2876217.log
2013-09-11 13:21 - 2013-09-11 12:26 - 00008748 _____ C:\WINDOWS\KB2864063.log
2013-09-11 13:21 - 1980-01-01 01:00 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 13:19 - 2013-09-01 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 13:14 - 2005-05-31 11:04 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-11 12:26 - 2013-09-11 12:26 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-09 15:15 - 2013-09-09 15:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-09-09 15:14 - 2013-09-09 15:14 - 00090112 _____ C:\WINDOWS\Minidump\Mini090913-01.dmp
2013-09-09 14:05 - 2013-09-06 12:24 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-08 13:05 - 2013-03-14 15:09 - 00000000 ___RD C:\Program Files\Skype
2013-09-08 13:04 - 2012-09-23 23:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-09-08 13:04 - 2011-05-20 22:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-08 07:38 - 2012-09-14 12:00 - 00002511 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
2013-09-07 10:13 - 2013-09-07 10:13 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update (1).sit
2013-09-06 14:59 - 2013-09-06 14:59 - 03073173 _____ C:\Documents and Settings\JACK\My Documents\tpw-2.1.4-update.sit
2013-09-06 12:59 - 2011-05-20 21:17 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-09-06 12:50 - 2012-05-02 09:36 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-09-06 12:50 - 2011-05-20 21:16 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-06 12:23 - 2013-09-06 12:23 - 00000000 ____D C:\Documents and Settings\JACK\Application Data\GoforFiles
2013-09-01 03:50 - 2010-01-18 14:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-01 03:34 - 2013-09-01 03:32 - 00135861 _____ C:\WINDOWS\KB2862772-IE8.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00127972 _____ C:\WINDOWS\KB2834886.log
2013-09-01 03:30 - 2013-09-01 03:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-09-01 03:29 - 2013-09-01 03:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-09-01 03:29 - 2013-08-31 23:56 - 00136318 _____ C:\WINDOWS\KB2850851.log
2013-09-01 03:26 - 2005-05-19 13:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-09-01 03:20 - 2013-09-01 03:20 - 00126501 _____ C:\WINDOWS\KB2834904-v2.log
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-09-01 03:20 - 2013-09-01 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2013-09-01 03:20 - 2013-08-31 23:55 - 00133960 _____ C:\WINDOWS\KB2845187.log
2013-09-01 03:19 - 2013-09-01 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-09-01 03:19 - 2013-08-31 23:55 - 00135323 _____ C:\WINDOWS\KB2850869.log
2013-09-01 03:18 - 2005-05-19 14:00 - 00504528 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-01 03:13 - 2013-09-01 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-09-01 03:13 - 2013-08-31 23:55 - 00134740 _____ C:\WINDOWS\KB2859537.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00126974 _____ C:\WINDOWS\KB2863058.log
2013-09-01 03:12 - 2013-09-01 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-09-01 03:12 - 2007-10-19 10:05 - 00758496 _____ C:\WINDOWS\system32\TZLog.log
2013-09-01 03:11 - 2013-09-01 03:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-09-01 03:08 - 2010-06-05 21:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-09-01 03:01 - 2010-01-18 14:46 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-08-31 23:45 - 2011-05-22 03:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
 
Some content of TEMP:
====================
C:\Documents and Settings\JACK\Local Settings\Temp\acsuninstall.exe
C:\Documents and Settings\JACK\Local Settings\Temp\AcsUninstallRes.dll
C:\Documents and Settings\JACK\Local Settings\Temp\EntitlementClientInstall.dll
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\JACK\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\JACK\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\JACK\Local Settings\Temp\MFC71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcp71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcr71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\PC-Registry-EXE-0808.exe
C:\Documents and Settings\JACK\Local Settings\Temp\pcc.dll
C:\Documents and Settings\JACK\Local Settings\Temp\qbinstal.dll
C:\Documents and Settings\JACK\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\JACK\Local Settings\Temp\stlport_vc746.dll
C:\Documents and Settings\JACK\Local Settings\Temp\toolbar58132828.exe
C:\Documents and Settings\JACK\Local Settings\Temp\uninst.dll
C:\Documents and Settings\JACK\Local Settings\Temp\uninstall59297671.exe
C:\Documents and Settings\JACK\Local Settings\Temp\vmpremov.exe
C:\Documents and Settings\JACK\Local Settings\Temp\xerces-c_2_5_0_qb.dll
C:\Documents and Settings\JACK\Local Settings\Temp\ytb_8.3.9.18_2.3.5_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_base_entice3.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is14.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is21.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_QuickBooks.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Junkware Removal tool from this link:

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Save to your desktop.

 

  • Shut down your Security Protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come.
  • The tool will open and start scanning your system. (Press any key when prompted to continue)
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post JRT.txt to your next message.

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

The log will be excessive so attach it to your next reply…

 

Also zip up and attach this file: C:\WINDOWS\Minidump\Mini090913-01.dmp

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Here are the fixlog.txt & jrt.txt files.  Getting ready to start the Dr. Web now.

 

Thanks,

John Campanale

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2013
Ran by JACK at 2013-09-25 12:44:00 Run:1
Running from C:\Documents and Settings\JACK\My Documents\Downloads
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
C:\Documents and Settings\JACK\Local Settings\Temp\acsuninstall.exe
C:\Documents and Settings\JACK\Local Settings\Temp\AcsUninstallRes.dll
C:\Documents and Settings\JACK\Local Settings\Temp\EntitlementClientInstall.dll
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\JACK\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\JACK\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\JACK\Local Settings\Temp\MFC71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcp71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\msvcr71.dll
C:\Documents and Settings\JACK\Local Settings\Temp\PC-Registry-EXE-0808.exe
C:\Documents and Settings\JACK\Local Settings\Temp\pcc.dll
C:\Documents and Settings\JACK\Local Settings\Temp\qbinstal.dll
C:\Documents and Settings\JACK\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\JACK\Local Settings\Temp\stlport_vc746.dll
C:\Documents and Settings\JACK\Local Settings\Temp\toolbar58132828.exe
C:\Documents and Settings\JACK\Local Settings\Temp\uninst.dll
C:\Documents and Settings\JACK\Local Settings\Temp\uninstall59297671.exe
C:\Documents and Settings\JACK\Local Settings\Temp\vmpremov.exe
C:\Documents and Settings\JACK\Local Settings\Temp\xerces-c_2_5_0_qb.dll
C:\Documents and Settings\JACK\Local Settings\Temp\ytb_8.3.9.18_2.3.5_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_base_entice3.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_entice2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is1.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is14.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is2.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_is21.exe
C:\Documents and Settings\JACK\Local Settings\Temp\_QuickBooks.exe
End
 
*****************
 
C:\Documents and Settings\JACK\Local Settings\Temp\acsuninstall.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\AcsUninstallRes.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\EntitlementClientInstall.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe-1.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\htmlayout.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\MFC71.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\msvcp71.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\msvcr71.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\PC-Registry-EXE-0808.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\pcc.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\qbinstal.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\stlport_vc746.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\toolbar58132828.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\uninst.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\uninstall59297671.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\vmpremov.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\xerces-c_2_5_0_qb.dll => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\ytb_8.3.9.18_2.3.5_ysp_2.0.2.12_mail_bts_pub_us_setup_.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_base_entice3.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_entice1.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_entice2.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_is1.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_is14.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_is2.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_is21.exe => Moved successfully.
C:\Documents and Settings\JACK\Local Settings\Temp\_QuickBooks.exe => Moved successfully.
 
==== End of Fixlog ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Microsoft Windows XP x86
Ran by JACK on Wed 09/25/2013 at 12:47:21.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\JACK\Application Data\goforfiles"
Successfully deleted: [Folder] "C:\Documents and Settings\JACK\Application Data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\JACK\Local Settings\Application Data\visi_coupon"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Documents and Settings\JACK\Application Data\mozilla\firefox\profiles\j5amn9uk.default\prefs.js
 
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Documents and Settings\JACK\Application Data\mozilla\firefox\profiles\j5amn9uk.default\minidumps [5 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/25/2013 at 13:03:07.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

Kevin,

 

The log seems to long to include in the reply so I've attached it with the minidump log zip.  Hope that this will be ok for you.

 

Thanks agian for all your help!

John Campanale

see attached

 

=============================================================================
Dr.Web Scanner SE for Windows v8.2.0.07100
© Doctor Web, Ltd., 1992-2013
Scan session started 2013/09/25 13:13:45 
Module location : c:\documents and settings\jack\local settings\temp\A5583C6-1ED013A8-E20659B8-2628C6A4\
=============================================================================
OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [use Sound Alerts] NO
OPTION [block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO
Using language: "English"
OPTION [Automatic Apply Actions] YES
Available instances: 3
Instances used: 3
Platform: Windows XP Home x86 (Build 2600), Service Pack 3
API Version: 2.2
Scanning Engine version: 8.1.0.7100
Virus Finding Engine version: 7.0.5.6250
Total 138 virus bases are loaded from c:\documents and settings\jack\local settings\temp\A5583C6-1ED013A8-E20659B8-2628C6A4
eyys7do7 7.0 799d2817006ff6d1243426b86e7debf303ddad41 2013/09/25 10:30:37 4035 records - OK
sql7ok4j 7.0 215c2d42a54f5188e8159bfd122292450d16f29b 2011/07/25 10:20:03 2 records - OK
3srmsd47 7.0 016f574d23951e203e45774b23550685ad3624c4 2013/09/24 15:03:22 5581 records - OK
jrsvmq5f 7.0 e679853ff1af1082b1982cf226785128a26e1099 2013/09/22 23:07:56 18453 records - OK
vll023ct 7.0 690d8b937e4edb8176c3d466585662a6014e3d0e 2013/09/15 23:08:41 19662 records - OK
naomgt61 7.0 cf5d32d1091e0c33523e8c6f9697c32ef2bf4f29 2013/09/08 23:07:53 11289 records - OK
ta9f2970 7.0 8f8258337f82d1dd4434e9b71f2e481f06baf7c2 2013/09/01 23:08:50 16486 records - OK
1dd5vy2f 7.0 f806ed4628669b46da54d1f2eb12aa9bcef603a6 2013/08/25 23:08:46 18051 records - OK
ywtppp8w 7.0 b453f2d6f8659d9dd5b9aa92f2a4cfa16cbfa1db 2013/08/18 23:07:38 30970 records - OK
9e78npmf 7.0 99da1df207839fb44ae24c23590c827a78b79624 2013/08/11 23:07:21 36983 records - OK
praa161y 7.0 f00c8b50a0012e8c42c6739e1326d23df1894610 2013/08/04 23:06:47 34115 records - OK
noc6ax25 7.0 896fcf8d5d0cd958da3891b65648d2dc1592338b 2013/07/28 23:07:44 19463 records - OK
dgpcr48o 7.0 d690513befab3ea86af2fe671a7f24cc05c9feaa 2013/07/21 23:08:15 35067 records - OK
lxjq8jjw 7.0 5d7d11b0edc97be077b0771339ba3dc0c75de9e0 2013/07/14 23:08:05 29822 records - OK
feay22k6 7.0 67683402b8212ef4da87f649878865c52e5dc113 2013/07/07 23:08:35 39172 records - OK
oab8u0xp 7.0 613a3e4bae38b4e00a7432c24a9cd916fb1c654f 2013/06/30 23:06:34 24654 records - OK
11ezb8nw 7.0 b81132c4abffd4d2949531a1219b6bb1c3bad6f7 2013/06/23 23:06:30 14062 records - OK
z73c94zk 7.0 9aab251475626c658b193cfa2b5f91da471bf8f2 2013/06/16 23:05:57 13350 records - OK
7f8xyw8p 7.0 e1f8aca88745fcdd49dc7ae75e142c41e1faf178 2013/06/09 23:08:13 26371 records - OK
yo1uwfi5 7.0 4e8627555a073f6bad5218bad3e69ebc4b93069f 2013/06/02 23:07:47 25525 records - OK
dsbrncwu 7.0 f562371c5115143824efde38c9567c34ccbe5d1a 2013/05/26 23:16:19 33200 records - OK
81c34hhk 7.0 eccb30ec8ed44456f9b88fe96d9fe0de40e4fa51 2013/05/19 23:11:05 46384 records - OK
1wow82vs 7.0 9b481fbfbe1f564a84f21552da1d30d24e7b01db 2013/05/12 23:07:01 34270 records - OK
0fypex3k 7.0 1bf754dd720727b5d6803e081c16ff7f4ba7b40b 2013/05/05 23:08:46 41611 records - OK
niudg8mu 7.0 4e883c92513c2d991968fb3e4f27910a63d9a2df 2013/04/28 23:06:36 36105 records - OK
rztlsee9 7.0 b047d178295ecde53c3cf1c34e4361004569fa33 2013/04/21 23:07:26 31319 records - OK
5h0o7o2y 7.0 9207e55a924e4aa989dfde4d8d219cf5cc200ce2 2013/04/14 23:07:56 28216 records - OK
1d13ukef 7.0 78855cfb9fbc063889c5405a577fe73188f08789 2013/04/07 23:05:35 23589 records - OK
pbb5m18k 7.0 cec6d34c79d50608520e81b90a23d91f39df0b27 2013/03/31 23:07:37 26946 records - OK
4521kknn 7.0 fd3c78d78ea4dae4e252a7f7d76db22e1a679be9 2013/03/24 23:05:37 34778 records - OK
179enn6a 7.0 268e71b1123ab5e60fd2f38d269fe5f3d22b3697 2013/03/17 23:06:19 11271 records - OK
zk66ox7s 7.0 d196879775b0dc0ee8286f2e4def9adedb5b88df 2013/03/10 23:05:36 12046 records - OK
fcs1cs0l 7.0 0db61d4e3235481da8493523538ced712db362c2 2013/03/03 22:05:18 21747 records - OK
tweaebgs 7.0 65f99faf227b51883c9f1c854a3f76806b60affb 2013/02/24 22:06:28 11540 records - OK
rzxycsqg 7.0 17bd7383b9c4b214c5c9029171db8ae1455984a0 2013/02/17 22:06:38 15568 records - OK
14sjr0zt 7.0 cbe8774953ae403e49370d552b522a5839aa9fdb 2013/02/10 22:06:00 18805 records - OK
7qrrga17 7.0 fb6865c02a3680338e4ee0603579107227313b2b 2013/02/03 22:06:01 32488 records - OK
kpss0b1d 7.0 95fcd2e24cd9b2ec2610656ffa70b8bf46e86a8b 2013/01/27 22:04:52 15470 records - OK
s2j0bwpw 7.0 3d710b3dd4580a7eca8c74d2c886d48f5b8b5172 2013/01/20 22:06:27 30093 records - OK
z8xnyqny 7.0 bddde0b5426b7e5bebd61e1239ca529c87ae6e36 2013/01/13 22:04:41 16158 records - OK
gap7oous 7.0 bc40bd9330301e8d7796f489d03357fb711b3121 2013/01/06 22:04:45 19597 records - OK
pp51716a 7.0 805b6089c867549c75f843eac96b759c3f8d101f 2012/12/30 22:05:41 18184 records - OK
owu8zy60 7.0 c680da06ac6ec011d130e7ac765e33da89e2820a 2012/12/23 22:05:33 29945 records - OK
67yemvam 7.0 33def496782eb5b7b1cc93fdb036a1b62fa6a2fd 2012/12/16 22:06:21 25519 records - OK
3ol24bnk 7.0 422abae03c588822f412aa9aae50578a1d61737e 2012/12/09 22:05:04 20358 records - OK
9xh4azmt 7.0 a4f0d0ecad4fb6e0afdb1925f4e0b7863b9d03fa 2012/12/02 22:06:19 20133 records - OK
acz62jn0 7.0 86daa918ee3de1e4c1e5dea6f9b5f63544cf8814 2012/11/25 22:05:22 27311 records - OK
zm5eguz4 7.0 6556881c748e1f894eb9c7943ebae67017e1aec2 2012/11/18 22:06:09 29434 records - OK
055h7ney 7.0 559141ef34f9e6226bb58560e9b52e4cc5165150 2012/11/11 22:06:22 26900 records - OK
eyq808zp 7.0 cc55013e63ff89319ec772e34d77056c7108cd3b 2012/11/04 22:05:22 25164 records - OK
3pcqveck 7.0 f477dc247d9b562bb64fd4f46a7dcbdf7124eb60 2012/10/28 23:06:37 30226 records - OK
rdny7582 7.0 abaf5f7fda7308fcf7573b193bbf2116723e9802 2012/10/21 23:04:37 16441 records - OK
gmmw9l3y 7.0 5adc85528fb49e201d4bc61eca580d6839cc4a4c 2012/10/14 23:05:04 26289 records - OK
z9x6fxub 7.0 da8cf3fbd81206bb3d8103347a439f920a74bbe2 2012/10/07 23:05:51 27278 records - OK
lsignyfh 7.0 5988744d3cb357f1a013427d466e2d79ab5f8907 2012/09/30 23:05:11 17444 records - OK
fudhg0bh 7.0 d4a0dabf4a4df0f79805c6ccdc025f796765e786 2012/09/23 23:06:30 21205 records - OK
cbgul715 7.0 82ed005784d9e258213070a0cd8bfceff345018d 2012/09/16 23:05:43 11686 records - OK
cyesbd5o 7.0 a95ae63004b8d857c2db055f4e47c15bfc97f626 2012/09/09 23:04:34 12677 records - OK
23euyx10 7.0 c39bf233d25242ae9ed8cf204b9b788c8f45ab79 2012/09/02 23:05:28 10118 records - OK
2pel7nhk 7.0 d37b5484b009947b7cdd3837dafe8148615401c2 2012/08/26 23:05:26 12602 records - OK
ri52ne50 7.0 41bf1347794ab7060dec7aaecc1d1d95cf6fecb5 2012/08/19 23:04:05 18298 records - OK
zens4hy8 7.0 1a997511e5892aaeb69b3db70e06676af36382e3 2012/08/12 23:05:19 17126 records - OK
6giszbiy 7.0 f7226c59914e3683e538e668c3b664af3232654d 2012/08/05 23:03:53 20539 records - OK
310ijzgt 7.0 4035c8d3b617bf935a317a8c57efaa8e835a61f4 2012/07/29 23:05:26 19330 records - OK
4zzlk5fj 7.0 09b55bc000f184ed426f1d8b9665669346fe5e71 2012/07/22 23:05:34 19692 records - OK
svia51hs 7.0 f746c097f298e94faa9db94e6f64ef9fd4a7b010 2012/07/15 23:05:43 14727 records - OK
i20r6l4b 7.0 792a6a25a17e764390440cd4c2c6ca5a97ab162f 2012/07/08 23:04:33 19485 records - OK
e26984d5 7.0 ca9905c39e3d93428a4db65a192debe9fbd7acf7 2012/07/01 23:04:55 22898 records - OK
839duokz 7.0 dc29c610b866c66ba5327e7830452b2460149a35 2012/06/24 23:05:17 20551 records - OK
tth9qlnf 7.0 c28739bea153508d12942ac9a61abd475d0a0404 2012/06/17 23:03:35 9661 records - OK
jhxv9ez7 7.0 e5b5835a7c512120c5348e31483a4caa2a845d28 2012/06/10 23:04:32 23632 records - OK
5oizk62w 7.0 61853ce89026ef0ebbd80174f1b7dd5d25bbc63a 2012/06/03 23:04:41 12423 records - OK
vj82i3dp 7.0 4e6c9897e153b47ca97b7da48ceed23e555a7761 2012/05/27 23:04:26 15493 records - OK
bj2ex716 7.0 35f4c105cecd8ec1fd01714abebf30f8f3efb96e 2012/05/20 23:03:29 13065 records - OK
nbxutjm3 7.0 3522aa84677411aa7d67796bb05ea3ab62f02a71 2012/05/13 23:04:24 16238 records - OK
w75sjt3s 7.0 7597333540eda537bd42c0a17d4a6526ad247a2e 2012/05/06 23:04:33 11570 records - OK
g61vvobc 7.0 867814380363bc6ad605acf4b96e02c54dbd60f7 2012/04/29 23:03:28 15478 records - OK
bradelny 7.0 3c04f402d91a19039cb9c223c435dc4ea1bb3da4 2012/04/22 23:05:05 11881 records - OK
3v6o5qwq 7.0 8d0220a2a50b367e61a51d3b29c2659cde41bb7f 2012/04/15 23:03:29 13578 records - OK
t52dw5rf 7.0 b79dc6f5832ad390108d1880694ec538e8b34bb0 2012/04/08 23:05:02 14292 records - OK
12unmejy 7.0 8ff7cc095c43c2154275b7a54a89bf365e8daf4a 2012/04/01 23:03:24 14084 records - OK
5sorm9jk 7.0 9502a428b32be4ad08556134e271c9ba03195398 2012/03/25 23:04:43 19126 records - OK
zz3qee93 7.0 28c2fabbc645aff41baac12b911a8499ea163536 2012/03/18 23:03:23 14920 records - OK
3a9r830t 7.0 86de597ff06e58206f94263f2eef33cb41b2530c 2012/03/11 23:03:25 19017 records - OK
0fl1489a 7.0 5bd1d666e7c9ca70c34e591dc6c55314ce4b11af 2012/03/04 22:04:32 19691 records - OK
pbidq7s5 7.0 15a9d10c451d2fcf124700f29f557d9bf338e671 2012/02/26 22:03:21 23605 records - OK
nlv4t1py 7.0 5647d941e5358105ca6558dce78873f06c48d5dc 2012/02/19 22:03:45 19067 records - OK
l4y1jr7g 7.0 c9b2600cb665ce34e0ccd0f19e0a88cd44437f51 2012/02/12 22:04:49 19019 records - OK
e9qzjyg3 7.0 9df2e129e78a9d9ab491186da1329c1dd1190e17 2012/02/05 22:05:25 28028 records - OK
s02vjnxg 7.0 b69b9504a51b8777b8e95a4680dc8ac1d8d8c25d 2012/01/29 22:08:41 29444 records - OK
aamtnvwi 7.0 3d7431bdee1a22d6329e017f348db7760f2645ac 2012/01/23 03:22:13 19353 records - OK
480c6p97 7.0 e04570f78fb00d758abdf77c534a460980e102c0 2012/01/15 22:12:31 20747 records - OK
82qdocse 7.0 2de2479b112c4416e2375343f57ca789b042aecc 2012/01/08 22:04:30 28052 records - OK
p8z0a2bm 7.0 c4bd9612ff1f71d8bd23b4f1bc114eed1ae2ee6b 2012/01/01 22:04:40 12183 records - OK
i4cr7ims 7.0 28b1d218ade8f05fdc8550c7456ac3b74f705208 2011/12/25 22:03:33 19984 records - OK
vtvz763j 7.0 539e41e8f3d97a6f347600c7cef903d9f34e0518 2011/12/18 22:08:45 22627 records - OK
tgostf44 7.0 f8e81968965f555bce0d02fc9933fee840b97aaf 2011/12/12 15:20:22 49580 records - OK
xm28f3na 7.0 14751e0f442bba3efc08ee12d82a2815c61cfeb6 2011/12/04 03:00:00 45195 records - OK
4s893jka 7.0 1a1e6cb9b3096a2cbba2c31d05e11914c0357d52 2011/12/04 02:00:00 165532 records - OK
6jdx7g9p 7.0 0f948a7d416c556bfc8a8be2c2c39f998fee6d9e 2011/12/04 01:00:00 170820 records - OK
a4gxyumz 7.0 9357c3cc73a4a374346a678f197daa22496c7ae5 2011/12/04 00:00:00 171279 records - OK
4ha7cqpw 7.0 ae56b06b3d6f1e13c5f10cce4ed68f2cccbf3298 2011/12/03 23:00:00 170253 records - OK
baihvxbc 7.0 fdaab5c1079d02c94f20d07c39d638cad79d8771 2011/12/03 22:00:00 170291 records - OK
xygplb4u 7.0 b59d8841e65d7670b2aae7f2b65734269f6c4fe3 2011/12/03 21:00:00 170501 records - OK
k51v1xii 7.0 3946b1d195434cf7a70d144da71c87559475c58f 2011/12/03 20:00:00 353582 records - OK
2ktwavbf 7.0 8df4695f74ea5949551df6044720694e204b13d7 2011/12/03 19:00:00 852776 records - OK
ogqccdxs 7.0 c3c478f5d4712dbf2bc4f38c85315399c842feb0 2013/09/25 10:31:11 457 records - OK
vjrqd7v0 7.0 6ede5b37423910c2f3ffff6d90fef6a16e565e5e 2013/09/01 23:14:42 1327 records - OK
pfdd7sh6 7.0 c1d53c2aef72dfab36a8045897938e7a31f279ac 2013/07/14 23:15:07 1590 records - OK
10lule10 7.0 0cb77ee7a3e6545553585eb6df267a86d4fecbe4 2013/04/21 23:14:29 1680 records - OK
25hamei6 7.0 6cb68b8fab821702ef054f864ff44917414e50fa 2013/02/03 22:13:43 2078 records - OK
aezygepc 7.0 cfbe9cf43615f7856e4c35f0fc02e2baf12e39e7 2012/12/16 22:14:14 1725 records - OK
nzcs0h0g 7.0 047694e79b1a8d295f27ea9c6565062404f84a57 2012/11/11 22:12:52 2050 records - OK
17atjycn 7.0 f3413603f4ee1c88018a78c1f6faf2abeb8fa8c1 2012/09/23 23:13:14 1456 records - OK
lcc2jf2e 7.0 8871f579eeb7e5e7b70c6dd898afd27391d7daf4 2012/06/24 23:12:36 1421 records - OK
xx67g65l 7.0 3ee43130fe7fec4b367a791892a444d0a791b29b 2012/03/25 23:12:30 1385 records - OK
q87prqlx 7.0 fddc5d687537580c7166dbf117d591593bc62261 2012/01/22 23:56:09 1653 records - OK
qjtqcn78 7.0 b05feab13643d9ebd3558c62bc2068e70c6c9d90 2013/09/25 10:30:59 412 records - OK
2j44shui 7.0 cc2fc58477a41d340f63e6d3d228133c927a9810 2013/09/15 23:25:22 3440 records - OK
hg1ifxrp 7.0 63ff62f7b5aa956912f6c29e7ad7be26569416ff 2013/08/18 23:25:05 1485 records - OK
ila21drw 7.0 d95d1ab4adf9a869001802f64960356e903dd478 2013/07/21 23:24:06 2214 records - OK
7wz7pp0k 7.0 45cdfad530697916adbfea43a8763a4ab0c95beb 2013/05/19 23:24:48 1426 records - OK
186ioua0 7.0 bd9fd948b79e07c8676018e17a43ee81f5335e36 2013/04/21 23:24:10 1641 records - OK
tpii1fcw 7.0 c7f70566b9bae9fd3f5a8d0b56d961f890a55508 2013/03/17 23:23:44 1742 records - OK
ewkwvtgq 7.0 8893c0d254eb40c78b5c78ea17fbc3be60ea6304 2013/01/20 22:24:33 2016 records - OK
gc49ldl6 7.0 cdf3a9d2dcab57f90c378d9eefacbfd358a42699 2012/12/09 22:23:23 1620 records - OK
p12o5on7 7.0 c0726ba000e840272f0810b89051e6daa8799084 2012/11/04 22:23:16 1658 records - OK
ktlc1yts 7.0 216611859de0125bf130d6324d43c9115cb05def 2012/10/07 23:23:20 1465 records - OK
gke26yfp 7.0 264c14ad60c4423ec292f5f8b182e4448504dfa9 2012/09/09 23:23:14 1588 records - OK
z4ww276t 7.0 33197bfe9efefa9db33725d240757103c625b601 2012/07/22 23:22:36 1702 records - OK
qlz5249x 7.0 74d8e114edb84b95bc09d5a2a36191d15a61e2cb 2012/06/10 23:22:36 1659 records - OK
gxgjb2ut 7.0 79ca8239f310688d2b9c314fa3d738a34985cce3 2012/04/29 23:22:34 1670 records - OK
7wjizdbw 7.0 aac27e986e3731e5260cb76f5b14558e36660dec 2012/03/11 23:22:28 1729 records - OK
668zao0d 7.0 fa5c96b8be693a20c2a295e3545419e6f117fdc4 2012/01/29 22:23:00 1523 records - OK
oeycc5jc 7.0 e9b21e0a3578ef2e2067f4876309671ddc78f65f 2011/12/18 22:22:29 1805 records - OK
fl1jxskx 7.0 8f7a8f6f55130f6becc5331ab38dc2108746b8aa 2011/12/03 18:00:00 26456 records - OK
w2em9npq 7.0 e6d52b11d2f7d405ccd31347da3b6fde69825168 2011/12/03 17:00:00 74279 records - OK
o74vrl2y 7.0 e20ffde4bbc58e0585b0b3b2f324bc91272c2360 2011/12/03 16:00:00 1 record - OK
Total records count: 4500294
Anti-rootkit module version ( ver: 8.6.201308190, api: 5.01/5.01 )
 
Using c:\documents and settings\jack\local settings\temp\A5583C6-1ED013A8-E20659B8-2628C6A4\j2ezczu8.key as Dr.Web ® Key file
This Dr.Web ® Key is for 1 computer (A User)
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\67CDE591F2 -rpcpr:np /protmode 
 
Object(s) to scan:
 - Scan processes in memory
 - Scan boot sectors
 - Scan system restore points
 - Scanning for rootkits 
 - C:\aolconnfix.exe
 - C:\aolconnfix.txt
 - C:\AUTOEXEC.BAT
 - C:\BOOT.INI
 - C:\CONFIG.SYS
 - C:\DELL.SDR
 - C:\INFCACHE.1
 - C:\IO.SYS
 - C:\IO96BC~.TMP
 - C:\MSDOS.SYS
 - C:\NTDETECT.COM
 - C:\NTLDR
 - C:\pagefile.sys
 - C:\SystemInfo.ini
 - C:\VETlog.dmp
 - C:\VETlog.txt
 - C:\WINDOWS\system32\
 - C:\Documents and Settings\JACK\My Documents\
 - C:\WINDOWS\TEMP\
 - C:\DOCUME~1\JACK\LOCALS~1\Temp\
.
.
.
.
Total 9512232230 bytes in 10702 files scanned (30927 objects)
Total 10687 files (30907 objects) are clean
Total 3 files are infected
Total 3 files are neutralized
Total 16 files are raised error condition
Scan time is 00:44:04.812

 

cureit-092513-113pm.log

Mini090913-01.zip

Link to post
Share on other sites

How is the system responding now, any issues or concerns?

 

download SystemLook from the following link below and save it to your Desktop.

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

  • Double-click SystemLook.exe to run it.

     

     

  • Copy the content of the following codebox into the main textfield:
    :filefindWin32k.sys
  • Click the Look button to start the scan.

     

     

  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

     

     

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

Kevin,

 

Here are the results of the SystemLook test.  Don't know if I trust it yet, but if y'all say it's clean that is good enough for me!!

 

Thanks,

John Campanale

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:06 on 25/09/2013 by JACK
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "Win32k.sys"
C:\I386\win32k.sys --a---- 1836288 bytes [18:20 30/05/2005] [01:06 02/03/2005] D9228D813D601BA27AF486D4D167C83E
C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys --a---- 1861120 bytes [02:14 24/06/2010] [02:14 24/06/2010] C0B2DA12C5CB448F9EA3AF16416745CB
C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys --a---- 1862272 bytes [13:27 26/10/2010] [13:27 26/10/2010] ED970A04FDAEAB9D9A5FA9B25E9196A8
C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys --a---- 1864064 bytes [13:14 31/12/2010] [13:14 31/12/2010] 62FC2280FBEA1DCC64A276BCF71709D9
C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys --a---- 1866880 bytes [13:27 03/03/2011] [13:27 03/03/2011] D302C0D9ADC931B598405D2C953B334B
C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys --a---- 1867904 bytes [14:07 02/06/2011] [14:07 02/06/2011] BE79F0A0273DEF353BA5D1F43CBAD858
C:\WINDOWS\$hf_mig$\KB2567053\SP3QFE\win32k.sys --a---- 1867904 bytes [13:25 06/09/2011] [13:25 06/09/2011] C30AAF3B63F3BE3B515B50FB7292EA9F
C:\WINDOWS\$hf_mig$\KB2639417\SP3QFE\win32k.sys --a---- 1868544 bytes [13:29 23/11/2011] [13:29 23/11/2011] 679592ECA1DAEBC7D912AFF21F68A682
C:\WINDOWS\$hf_mig$\KB2641653\SP3QFE\win32k.sys --a---- 1869184 bytes [15:15 16/03/2012] [09:26 03/02/2012] 44CA80C67F0D97921C1E9AA3B4F78549
C:\WINDOWS\$hf_mig$\KB2660465\SP3QFE\win32k.sys --a---- 1869056 bytes [16:54 12/01/2012] [16:54 12/01/2012] 8BA29CE11D73CC2C1C42FD00854C398B
C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\win32k.sys --a---- 1871360 bytes [13:23 11/04/2012] [13:23 11/04/2012] E61826863010CD45C4682731F6E4D232
C:\WINDOWS\$hf_mig$\KB2709162\SP3QFE\win32k.sys --a---- 1872128 bytes [13:27 15/05/2012] [13:27 15/05/2012] D7F261E01473BD2C7DF9BC37FF1DB6AA
C:\WINDOWS\$hf_mig$\KB2718523\SP3QFE\win32k.sys --a---- 1875072 bytes [12:01 11/07/2012] [13:29 13/06/2012] 2EBAAFEF08BD9C0521DB300FE20E26CF
C:\WINDOWS\$hf_mig$\KB2731847\SP3QFE\win32k.sys --a---- 1875072 bytes [11:48 16/08/2012] [13:40 03/07/2012] EB77EAB8BD8BB38F78F493CC3592708A
C:\WINDOWS\$hf_mig$\KB2778344\SP3QFE\win32k.sys --a---- 1876224 bytes [01:32 04/01/2013] [01:32 04/01/2013] B57F6110AC77DFE6BA7E58A0FF699915
C:\WINDOWS\$hf_mig$\KB2779030\SP3QFE\win32k.sys --a---- 1875456 bytes [11:20 13/11/2012] [11:20 13/11/2012] 719C5A45036DF9BE7B9F0D8D147DB4C3
C:\WINDOWS\$hf_mig$\KB2808735\SP3QFE\win32k.sys --a---- 1876224 bytes [01:31 02/03/2013] [01:31 02/03/2013] DC4F6FBAB1E0F57AECDCAE613FD2643C
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys --a---- 1836160 bytes [01:11 02/03/2005] [01:11 02/03/2005] F92DA2BB088A56B3A5FB8151E58F2964
C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys --a---- 1839360 bytes [00:10 06/10/2005] [00:10 06/10/2005] 98D0393AEBA65F52FE5B66845C5F3A6A
C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys --a---- 1843968 bytes [13:49 08/03/2007] [13:49 08/03/2007] B9D8F5E6D1A7AC9977CC50ECE7C7FF74
C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys --a---- 1845888 bytes [09:40 19/03/2008] [09:40 19/03/2008] 86E966164A647BE68EC6941B84BEF123
C:\WINDOWS\$hf_mig$\KB954211\SP2QFE\win32k.sys --a---- 1846912 bytes [02:53 15/11/2008] [12:17 15/09/2008] 88D9ED62433A8C3F1F8D20E97F20A1AD
C:\WINDOWS\$hf_mig$\KB954211\SP3GDR\win32k.sys --a---- 1846400 bytes [02:53 15/11/2008] [12:12 15/09/2008] D21A189185D3A74512CC8E68F16E3FCF
C:\WINDOWS\$hf_mig$\KB954211\SP3QFE\win32k.sys --a---- 1846912 bytes [02:53 15/11/2008] [12:25 15/09/2008] 692E8FC363300FA7951594A1A7A1F193
C:\WINDOWS\$hf_mig$\KB958690\SP2QFE\win32k.sys --a---- 1847424 bytes [10:20 09/02/2009] [10:20 09/02/2009] EC24AD3CDA5F04A4F76FE2659B5E6CBE
C:\WINDOWS\$hf_mig$\KB958690\SP3GDR\win32k.sys --a---- 1846784 bytes [11:13 09/02/2009] [11:13 09/02/2009] 16B961A0552BC09B9E3A338FC816FFE5
C:\WINDOWS\$hf_mig$\KB958690\SP3QFE\win32k.sys --a---- 1847552 bytes [11:08 09/02/2009] [11:08 09/02/2009] 1D20198F208006C3BB5ACB50D32CFC66
C:\WINDOWS\$hf_mig$\KB969947\SP2QFE\win32k.sys --a---- 1859328 bytes [11:22 14/08/2009] [11:22 14/08/2009] 7428D506B9251429DA313D6AAE59188B
C:\WINDOWS\$hf_mig$\KB969947\SP3GDR\win32k.sys --a---- 1850624 bytes [13:21 14/08/2009] [13:21 14/08/2009] 716ED09D8D9A9E1E4A03549B32B68186
C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys --a---- 1859712 bytes [12:19 14/08/2009] [12:19 14/08/2009] F6B54A56F02D24BF43E72662D44A6B14
C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys --a---- 1860352 bytes [06:34 02/05/2010] [06:34 02/05/2010] A3D4A7B714D4A74B7CD4296302F1A9FA
C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys --a---- 1861888 bytes [13:38 31/08/2010] [13:38 31/08/2010] 51420D569A883CC13D656783B2C86D8E
C:\WINDOWS\$NtServicePackUninstall$\win32k.sys -----c- 1850112 bytes [23:21 26/12/2009] [12:19 14/08/2009] 1EFBC43B33B83FD7376E63A71830CC69
C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys -----c- 1851264 bytes [07:03 17/08/2010] [05:22 02/05/2010] B9D41312F6D9FFA8D1D80488D9FDE849
C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys -----c- 1852800 bytes [08:04 16/12/2010] [13:42 31/08/2010] A77B5764CD2106D36148CB5E5DDF6BC6
C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys -----c- 1853312 bytes [08:05 10/02/2011] [13:25 26/10/2010] E40E572FD5DA970921A893B05FB217D9
C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys -----c- 1854976 bytes [15:40 22/04/2011] [13:10 31/12/2010] 4F404415E13DDC541CB34294D266B65C
C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys -----c- 1857920 bytes [19:59 12/07/2011] [13:21 03/03/2011] 4F97E6BAAA847EA90EBBCD90A3FFA8E5
C:\WINDOWS\$NtUninstallKB2567053$\win32k.sys -----c- 1858944 bytes [17:35 14/10/2011] [14:02 02/06/2011] E97153BE7D053976348554EFD71C53A8
C:\WINDOWS\$NtUninstallKB2639417$\win32k.sys -----c- 1858944 bytes [18:39 15/12/2011] [13:20 06/09/2011] BFE37C3B420D2CA00D83554182130D32
C:\WINDOWS\$NtUninstallKB2641653$\win32k.sys -----c- 1859968 bytes [15:38 16/03/2012] [16:53 12/01/2012] 5820A858AB8F413E86707C2E54F28265
C:\WINDOWS\$NtUninstallKB2660465$\win32k.sys -----c- 1859584 bytes [20:04 15/02/2012] [13:25 23/11/2011] A3952692FE63986981A54AEB7BCC39C8
C:\WINDOWS\$NtUninstallKB2676562$\win32k.sys -----c- 1860096 bytes [02:35 14/05/2012] [09:22 03/02/2012] 4C1CA2B98543ADF66C032E301F936D54
C:\WINDOWS\$NtUninstallKB2709162$\win32k.sys -----c- 1862272 bytes [13:59 14/06/2012] [13:12 11/04/2012] DD2D2198857A2140EFCE4171CA0635F1
C:\WINDOWS\$NtUninstallKB2718523$\win32k.sys -----c- 1863168 bytes [12:35 11/07/2012] [13:20 15/05/2012] C39711FE4E2829092026D07E3ED08D43
C:\WINDOWS\$NtUninstallKB2731847$\win32k.sys -----c- 1866112 bytes [12:28 16/08/2012] [13:19 13/06/2012] DFF851C4D8977A26F95B929A0B89BB5D
C:\WINDOWS\$NtUninstallKB2778344$\win32k.sys -----c- 1866368 bytes [14:03 13/02/2013] [01:25 13/11/2012] F984CAE54E536681B209F7816D8F68DA
C:\WINDOWS\$NtUninstallKB2779030$\win32k.sys -----c- 1866112 bytes [16:32 04/01/2013] [13:40 03/07/2012] D6F934A361D7F0BE8271673988D4E7FD
C:\WINDOWS\$NtUninstallKB2808735$\win32k.sys -----c- 1867264 bytes [14:52 05/05/2013] [01:20 04/01/2013] BD39EC6064A1B5DFDABCF312A38A37EE
C:\WINDOWS\$NtUninstallKB2829361$\win32k.sys -----c- 1867264 bytes [12:53 28/05/2013] [01:25 02/03/2013] 860AC2E4711D2DACF12D98A42105A611
C:\WINDOWS\$NtUninstallKB2850851$\win32k.sys -----c- 1876352 bytes [07:29 01/09/2013] [01:31 10/04/2013] FC8A1F72A8097910A11D5184BC3F887B
C:\WINDOWS\$NtUninstallKB2876315$\win32k.sys -----c- 1876736 bytes [17:21 11/09/2013] [01:40 04/06/2013] A1886BEBC12536FE2FA8464B7FA6F0FC
C:\WINDOWS\$NtUninstallKB890859$\win32k.sys -----c- 1835904 bytes [21:24 28/05/2005] [10:00 04/08/2004] B74C69A810949E7A54DC688CAE662206
C:\WINDOWS\$NtUninstallKB896424$\win32k.sys -----c- 1836288 bytes [17:37 15/11/2005] [01:06 02/03/2005] D9228D813D601BA27AF486D4D167C83E
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys -----c- 1839488 bytes [07:00 05/06/2007] [00:05 06/10/2005] AD247B4B1EB5FA17C73908CFAE001237
C:\WINDOWS\$NtUninstallKB941693$\win32k.sys -----c- 1843584 bytes [22:24 10/05/2008] [13:47 08/03/2007] 5B5AD4F40BE00F56F51F286BE72C0376
C:\WINDOWS\$NtUninstallKB954211$\win32k.sys -----c- 1845632 bytes [23:45 26/12/2009] [19:30 13/04/2008] DE01D79A607C7B9AE7FF88E934D0FFB2
C:\WINDOWS\$NtUninstallKB954211_0$\win32k.sys -----c- 1845248 bytes [08:02 15/11/2008] [09:47 19/03/2008] E0F718290D19531FD10328EFB09808EC
C:\WINDOWS\$NtUninstallKB958690$\win32k.sys -----c- 1846400 bytes [23:49 26/12/2009] [12:12 15/09/2008] D21A189185D3A74512CC8E68F16E3FCF
C:\WINDOWS\$NtUninstallKB958690_0$\win32k.sys -----c- 1846016 bytes [14:00 29/03/2009] [11:57 15/09/2008] B34375E53CDEDF4BDFE3EB2A271FB398
C:\WINDOWS\$NtUninstallKB969947$\win32k.sys -----c- 1846784 bytes [23:51 26/12/2009] [11:13 09/02/2009] 16B961A0552BC09B9E3A338FC816FFE5
C:\WINDOWS\$NtUninstallKB969947_0$\win32k.sys -----c- 1846272 bytes [20:48 17/12/2009] [10:19 09/02/2009] CBE3C46513AE586C6AFEE810DDDD122D
C:\WINDOWS\$NtUninstallKB979559$\win32k.sys -----c- 1850624 bytes [07:11 11/06/2010] [13:21 14/08/2009] 716ED09D8D9A9E1E4A03549B32B68186
C:\WINDOWS\$NtUninstallKB981957$\win32k.sys -----c- 1851904 bytes [07:01 14/10/2010] [13:44 23/06/2010] 2F2D6B7515363E855EE44D88199ADD5F
C:\WINDOWS\ServicePackFiles\i386\win32k.sys ------- 1845632 bytes [16:31 25/01/2009] [19:30 13/04/2008] DE01D79A607C7B9AE7FF88E934D0FFB2
C:\WINDOWS\SYSTEM32\win32k.sys --a---- 1877760 bytes [10:00 04/08/2004] [01:27 08/08/2013] 63FA0F8D9CC1F24DC5D93FA8806228CD
C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys ------- 1877760 bytes [02:53 15/11/2008] [01:27 08/08/2013] 63FA0F8D9CC1F24DC5D93FA8806228CD
 
-= EOF =-
Link to post
Share on other sites

Go to http://www.virustotal.com/


Click the Choose file button
Navigate to the file C:\WINDOWS\SYSTEM32\win32k.sys or just copy/paste it in.
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

 

Also want an Online AV scan by ESET, this is very thorough so may take a several hours:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Kevin...

Link to post
Share on other sites

Here are the results from the virustotal.com scan:

 

Thanks,

John Campanale

 

=============================

Community

Statistics

Documentation

FAQ

About

Join our community

Sign in

 English

 VirusTotal

SHA256: 0c9c02393f159571be58b1517d4809ab5f263bb8a04828463eeb50e8a949c421

SHA1: 09102d54ed7131bf09faddc8b7fceeff085ab704

MD5: 63fa0f8d9cc1f24dc5d93fa8806228cd

File size: 1.8 MB ( 1877760 bytes )

File name: win32k.sys

File type: Win32 EXE

Detection ratio: 0 / 48

Analysis date: 2013-09-25 21:35:08 UTC ( 0 minutes ago ) 

0 0

Less details

 Analysis

 File detail

 Additional information

 Comments

 Votes

Antivirus Result Update

Agnitum 20130925

AhnLab-V3 20130925

AntiVir 20130925

Antiy-AVL 20130925

Avast 20130925

AVG 20130925

Baidu-International 20130925

BitDefender 20130925

Bkav 20130925

ByteHero 20130925

CAT-QuickHeal 20130925

ClamAV 20130925

Commtouch 20130925

Comodo 20130925

DrWeb 20130925

Emsisoft 20130925

ESET-NOD32 20130925

F-Prot 20130925

F-Secure 20130925

Fortinet 20130925

GData 20130925

Ikarus 20130925

Jiangmin 20130903

K7AntiVirus 20130925

K7GW 20130925

Kaspersky 20130925

Kingsoft 20130829

Malwarebytes 20130925

McAfee 20130925

McAfee-GW-Edition 20130925

Microsoft 20130925

MicroWorld-eScan 20130925

NANO-Antivirus 20130925

Norman 20130925

nProtect 20130925

Panda 20130925

PCTools 20130925

Rising 20130925

Sophos 20130925

SUPERAntiSpyware 20130925

Symantec 20130925

TheHacker 20130924

TotalDefense 20130925

TrendMicro 20130925

TrendMicro-HouseCall 20130925

VBA32 20130925

VIPRE 20130925

ViRobot 20130925

 Blog |  Twitter |  contact@virustotal.com |  Google groups |  ToS |  Privacy policy

Link to post
Share on other sites

Thanks for the update, ok continue:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\Documents and Settings\JACK\My Documents\Downloads\siw-setup.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Finally:

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin....

Link to post
Share on other sites

Kevin,

 

I cannot get the OTM to run in regular mode.  In safe mode I was able to run it and got a logfile.  The first time I ran it in safe mode and then ran it again in safe mode with networking.  I then ran the Security Check in regular mode. I've included the info below as well.  I do have Microsoft Security Essentials set for real-time protection off as well as scanning off.  When I try to run the OTM is regular mode, MSE comes up and asks to turn on, but I don't and then the system locks up.  The only way to get control back is the hard boot the system as even ctrl-alt-del will not work.

 

Thanks,

John

 

First run in safe mode for OTM

==============================

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.
 
Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\JACK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JACK\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\JACK\My Documents\Downloads\siw-setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 65756 bytes
->Temporary Internet Files folder emptied: 1559285 bytes
->Flash cache emptied: 492 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes
 
User: JACK
->Temp folder emptied: 214358828 bytes
->Temporary Internet Files folder emptied: 109389496 bytes
->Java cache emptied: 12942254 bytes
->FireFox cache emptied: 243967922 bytes
->Google Chrome cache emptied: 20689832 bytes
->Flash cache emptied: 3179105 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33036 bytes
 
User: NetworkService
->Temp folder emptied: 3087204 bytes
->Temporary Internet Files folder emptied: 119999181 bytes
 
%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113082596 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 311823860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 34976648 bytes
 
Total Files Cleaned = 1,134.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09262013_210633
 
Files moved on Reboot...
File C:\WINDOWS\temp\__skype_toolbar_v5_logs\html\c2c_service.exe.3216.html not found!
File C:\WINDOWS\temp\__skype_toolbar_v5_logs\html\script.js not found!
File C:\WINDOWS\temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log not found!
File C:\WINDOWS\temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-wrapper.log not found!
File C:\WINDOWS\temp\Low\MSI\SkypeToolbars.msi not found!
 
Registry entries deleted on Reboot...
 
Second run of OTM in safe mode with networking
=============================================
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\JACK\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JACK\Desktop\cmd.txt deleted successfully.
File/Folder C:\Documents and Settings\JACK\My Documents\Downloads\siw-setup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: JACK
->Temp folder emptied: 52554 bytes
->Temporary Internet Files folder emptied: 60910 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 33096 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09262013_224245
 
 
Results of the Security Check
==============================
 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86 (UAC is disabled!)  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Sophos Virus Removal Tool   
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 17  
 Java 2 Runtime Environment, SE v1.4.2_03 
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox 15.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Thanks for the update, do the following:

 

Adobe and Java Updates...

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system...

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure the following are removed:

 

Java 7 Update 17  

 Java 2 Runtime Environment, SE v1.4.2_03
 
Next,
 
Firefox is outdated, get the latest version here:  http://www.mozilla.org/en-GB/firefox/update/
 
Next,
 
The hard drive requires defragging, use these instructions if required:  http://support.microsoft.com/kb/314848
 
Let me know if those steps complete, alos if any remaining issues or concerns...
 
Kevin
Link to post
Share on other sites

Kevin,

 

Updated Java, removed the requested files, removed FireFox as not being used on this computer.  Have done the defrag as well. I still see this in the registry and wanted to ask you about it.

 

see attached for a screenshot of the regedit

 

 It is in the following keys:

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcregservice]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcregservice]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\pcregservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcregservice]

 

All the keys look similar to the following when I export them:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcregservice]
"Type"=dword:00000010
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,\
  20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,77,00,72,00,61,00,70,00,70,00,65,\
  00,72,00,5f,00,69,00,6e,00,73,00,74,00,5c,00,66,00,69,00,6c,00,65,00,5f,00,\
  74,00,6f,00,5f,00,72,00,75,00,6e,00,2e,00,65,00,78,00,65,00,00,00
"DisplayName"="pcregservice Service"
"ObjectName"="LocalSystem"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcregservice\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

 

 

post-146044-0-38843100-1380335197_thumb.

Link to post
Share on other sites

Kevin,

 

This is also in the registry, sophos removed the file program files\wrapper_init\service.exe but the reference is still in the registry in 2 places:

 

Thanks,

John Campanale

 

 

Windows Registry Editor Version 5.00
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID"=hex:09,04
"@C:\\WINDOWS\\system32\\SHELL32.dll,-9216"="My Computer"
"@netcfgx.dll,-50001"="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."
"C:\\Dell\\rearr.exe"="rearr"
"C:\\WINDOWS\\system32\\grpconv.exe"="Windows Progman Group Converter"
"@shell32.dll,-21774"="Local Settings"
"@netcfgx.dll,-50003"="Allows other computers to access resources on your computer using a Microsoft network."
"@netcfgx.dll,-50015"="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."
"@netcfgx.dll,-50002"="Allows your computer to access resources on a Microsoft network."
"@C:\\WINDOWS\\inf\\unregmp2.exe,-161"="Sample Playlists"
"@C:\\WINDOWS\\inf\\unregmp2.exe,-162"="Sync Playlists"
"@xpsp3res.dll,-20000"="Network Diagnostics for Windows XP"
"C:\\WINDOWS\\regedit.exe"="Registry Editor"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50524.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50826.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50917.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.51204.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60129.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60310.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60531.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60831.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"@%SystemRoot%\\system32\\shell32.dll,-22553"="Enlarges selected text and other on-screen items for easier viewing."
"@%SystemRoot%\\system32\\shell32.dll,-22560"="Reads on-screen text, dialog boxes, menus, and buttons aloud if speakers or a sound output device is installed."
"@%SystemRoot%\\system32\\shell32.dll,-22564"="Displays a keyboard that is controlled by a mouse or switch input device."
"@%SystemRoot%\\system32\\shell32.dll,-22577"="Starts and configures accessibility tools from one window."
"@%SystemRoot%\\system32\\shell32.dll,-22529"="Manages your contacts and finds people and businesses using directory services. "
"@%SystemRoot%\\system32\\shell32.dll,-22534"="Performs text-based (command-line) functions."
"@%SystemRoot%\\inf\\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"@%SystemRoot%\\system32\\shell32.dll,-22563"="Creates and edits text files using basic text formatting."
"@%SystemRoot%\\system32\\shell32.dll,-22574"="Updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages."
"@%SystemRoot%\\system32\\tourstart.exe,-2"="Opens the Windows Experience Tour that guides you through the exciting, new features of Windows XP."
"@%SystemRoot%\\system32\\shell32.dll,-22579"="Displays the files and folders on your computer."
"@xpsp1res.dll,-11002"="Finds and displays information and Web sites on the Internet."
"@xpsp1res.dll,-11005"="Sends and receives e-mail and newsgroup messages."
"@%systemroot%\\system32\\rcbdyctl.dll,-151"="Lets you invite a friend to connect to your computer and help you with problems."
"@%SystemRoot%\\system32\\shell32.dll,-22528"="Use the Accessibility Wizard to configure your system to meet your vision, hearing, and mobility needs."
"@%SystemRoot%\\system32\\shell32.dll,-22531"="Performs basic arithmetic tasks with an on-screen calculator."
"@%systemroot%\\system32\\fxsres.dll,-115"="Displays incoming and outgoing faxes and enables you to view and manage these faxes"
"@%systemroot%\\system32\\fxsres.dll,-113"="Creates and edits cover pages used when sending faxes"
"@%systemroot%\\system32\\fxsres.dll,-111"="Sends a fax that consists only of a cover page"
"@%SystemRoot%\\system32\\shell32.dll,-22543"="Connects to other computers, Internet telnet sites, bulletin board systems, online services, and host computers using either a modem or a null-modem cable."
"@%systemroot%\\system32\\netshell.dll,-1201"="Connects to other computers, networks, and the Internet."
"@%systemroot%\\system32\\hnetwiz.dll,-3086"="Helps you set up a network for your home or small office."
"@%systemroot%\\system32\\netshell.dll,-1011"="Helps you set up an Internet connection, connect to a private network, or set up a network for your home or small office."
"@%SystemRoot%\\system32\\xpsp2res.dll,-16202"="Set up or add to a wireless network for your home or office"
"@%SystemRoot%\\system32\\shell32.dll,-22573"="Records sounds if a microphone and sound card are installed."
"@%SystemRoot%\\system32\\shell32.dll,-22578"="Controls the volume level of recorded and play-back sounds."
"@%SystemRoot%\\system32\\shell32.dll,-22566"="Creates and edits drawings, and displays and edits scanned photos."
"@%SystemRoot%\\system32\\shell32.dll,-22533"="Selects special characters and copies them to your document."
"@%SystemRoot%\\system32\\shell32.dll,-22538"="Enables you to clear your disk of unnecessary files."
"@%SystemRoot%\\system32\\shell32.dll,-22539"="Defragments your volumes so that your computer runs faster and more efficiently."
"@%SystemRoot%\\system32\\usmt\\migwiz.exe,-203"="Migrates files and settings from one computer to another."
"@%SystemRoot%\\system32\\shell32.dll,-22570"="Use Task Scheduler to schedule computer tasks to run automatically."
"@%SystemRoot%\\system32\\shell32.dll,-22575"="Display current System Information."
"@%systemroot%\\system32\\restore\\rstrui.exe,-2078"="Restores system to chosen restore point"
"@%SystemRoot%\\system32\\shell32.dll,-22581"="Creates and edits text documents with complex formatting."
"@C:\\WINDOWS\\system32\\comres.dll,-662"="Configures and manages COM+ applications"
"@%SystemRoot%\\system32\\shell32.dll,-22535"="Manages disks and provides access to other tools to manage local and remote computers."
"@%SystemRoot%\\system32\\shell32.dll,-22537"="Adds, removes, and configures Open Database Connectivity (ODBC) data sources and drivers."
"@%SystemRoot%\\system32\\shell32.dll,-22541"="Displays monitoring and troubleshooting messages from Windows and other programs."
"@%SystemRoot%\\system32\\shell32.dll,-22567"="Displays graphs of system performance and configures data logs and alerts."
"@%SystemRoot%\\system32\\shell32.dll,-22571"="Starts and stop services."
"@%SystemRoot%\\system32\\shell32.dll,-22542"="Begins the Freecell card game."
"@%SystemRoot%\\system32\\mshearts.exe,-414"="Begins the Hearts card game."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\bckgres.dll,-1213"="Play the board game Backgammon with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\chkrres.dll,-1213"="Play the board game Checkers with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzres.dll,-1213"="Play the card game Hearts with other people from around the world."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\rvseres.dll,-1213"="Play the board game Reversi with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlres.dll,-1213"="Play the card game Spades with other people from around the world."
"@%SystemRoot%\\system32\\shell32.dll,-22557"="Begins a game of Minesweeper."
"@%SystemRoot%\\system32\\shell32.dll,-22569"="Begins a game of 3-D Pinball."
"@%SystemRoot%\\system32\\shell32.dll,-22572"="Begins the Solitaire card game."
"@%SystemRoot%\\system32\\spider.exe,-57"="Begins the Spider Solitaire card game."
"@C:\\Program Files\\Movie Maker\\wmm2res.dll,-63096"="Capture and edit digital media on your computer and then share your saved movies by e-mail, the Internet, recordable CD, or on a DV video tape."
"C:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\WINDOWS\\system32\\cmd.exe"="Windows Command Processor"
"C:\\Documents and Settings\\All Users\\Application Data\\188F1432-103A-4ffb-80F1-36B633C5C9E1\\x86\\DIFxINST32.exe"="DIFx Based Driver Installer"
"@C:\\WINDOWS\\system32\\sti_ci.dll,-11"="Scanner and Camera Wizard"
"@C:\\WINDOWS\\system32\\sti_ci.dll,-13"="Allows you to capture pictures from a scanner or digital camera"
"@C:\\WINDOWS\\inf\\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"C:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\WINDOWS\\System32\\rundll32.exe"="Run a DLL as an App"
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"c:\\program files\\wrapper_inst\\service.exe"="service"
"C:\\WINDOWS\\system32\\msiexec.exe"="Windows® installer"
 
==================================================
 
Windows Registry Editor Version 5.00
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID"=hex:09,04
"@C:\\WINDOWS\\system32\\SHELL32.dll,-9216"="My Computer"
"@netcfgx.dll,-50001"="Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks."
"C:\\Dell\\rearr.exe"="rearr"
"C:\\WINDOWS\\system32\\grpconv.exe"="Windows Progman Group Converter"
"@shell32.dll,-21774"="Local Settings"
"@netcfgx.dll,-50003"="Allows other computers to access resources on your computer using a Microsoft network."
"@netcfgx.dll,-50015"="Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services."
"@netcfgx.dll,-50002"="Allows your computer to access resources on a Microsoft network."
"@C:\\WINDOWS\\inf\\unregmp2.exe,-161"="Sample Playlists"
"@C:\\WINDOWS\\inf\\unregmp2.exe,-162"="Sync Playlists"
"@xpsp3res.dll,-20000"="Network Diagnostics for Windows XP"
"C:\\WINDOWS\\regedit.exe"="Registry Editor"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50524.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50826.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.50917.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.51204.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60129.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60310.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60531.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.0.60831.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"@%SystemRoot%\\system32\\shell32.dll,-22553"="Enlarges selected text and other on-screen items for easier viewing."
"@%SystemRoot%\\system32\\shell32.dll,-22560"="Reads on-screen text, dialog boxes, menus, and buttons aloud if speakers or a sound output device is installed."
"@%SystemRoot%\\system32\\shell32.dll,-22564"="Displays a keyboard that is controlled by a mouse or switch input device."
"@%SystemRoot%\\system32\\shell32.dll,-22577"="Starts and configures accessibility tools from one window."
"@%SystemRoot%\\system32\\shell32.dll,-22529"="Manages your contacts and finds people and businesses using directory services. "
"@%SystemRoot%\\system32\\shell32.dll,-22534"="Performs text-based (command-line) functions."
"@%SystemRoot%\\inf\\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"@%SystemRoot%\\system32\\shell32.dll,-22563"="Creates and edits text files using basic text formatting."
"@%SystemRoot%\\system32\\shell32.dll,-22574"="Updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages."
"@%SystemRoot%\\system32\\tourstart.exe,-2"="Opens the Windows Experience Tour that guides you through the exciting, new features of Windows XP."
"@%SystemRoot%\\system32\\shell32.dll,-22579"="Displays the files and folders on your computer."
"@xpsp1res.dll,-11002"="Finds and displays information and Web sites on the Internet."
"@xpsp1res.dll,-11005"="Sends and receives e-mail and newsgroup messages."
"@%systemroot%\\system32\\rcbdyctl.dll,-151"="Lets you invite a friend to connect to your computer and help you with problems."
"@%SystemRoot%\\system32\\shell32.dll,-22528"="Use the Accessibility Wizard to configure your system to meet your vision, hearing, and mobility needs."
"@%SystemRoot%\\system32\\shell32.dll,-22531"="Performs basic arithmetic tasks with an on-screen calculator."
"@%systemroot%\\system32\\fxsres.dll,-115"="Displays incoming and outgoing faxes and enables you to view and manage these faxes"
"@%systemroot%\\system32\\fxsres.dll,-113"="Creates and edits cover pages used when sending faxes"
"@%systemroot%\\system32\\fxsres.dll,-111"="Sends a fax that consists only of a cover page"
"@%SystemRoot%\\system32\\shell32.dll,-22543"="Connects to other computers, Internet telnet sites, bulletin board systems, online services, and host computers using either a modem or a null-modem cable."
"@%systemroot%\\system32\\netshell.dll,-1201"="Connects to other computers, networks, and the Internet."
"@%systemroot%\\system32\\hnetwiz.dll,-3086"="Helps you set up a network for your home or small office."
"@%systemroot%\\system32\\netshell.dll,-1011"="Helps you set up an Internet connection, connect to a private network, or set up a network for your home or small office."
"@%SystemRoot%\\system32\\xpsp2res.dll,-16202"="Set up or add to a wireless network for your home or office"
"@%SystemRoot%\\system32\\shell32.dll,-22573"="Records sounds if a microphone and sound card are installed."
"@%SystemRoot%\\system32\\shell32.dll,-22578"="Controls the volume level of recorded and play-back sounds."
"@%SystemRoot%\\system32\\shell32.dll,-22566"="Creates and edits drawings, and displays and edits scanned photos."
"@%SystemRoot%\\system32\\shell32.dll,-22533"="Selects special characters and copies them to your document."
"@%SystemRoot%\\system32\\shell32.dll,-22538"="Enables you to clear your disk of unnecessary files."
"@%SystemRoot%\\system32\\shell32.dll,-22539"="Defragments your volumes so that your computer runs faster and more efficiently."
"@%SystemRoot%\\system32\\usmt\\migwiz.exe,-203"="Migrates files and settings from one computer to another."
"@%SystemRoot%\\system32\\shell32.dll,-22570"="Use Task Scheduler to schedule computer tasks to run automatically."
"@%SystemRoot%\\system32\\shell32.dll,-22575"="Display current System Information."
"@%systemroot%\\system32\\restore\\rstrui.exe,-2078"="Restores system to chosen restore point"
"@%SystemRoot%\\system32\\shell32.dll,-22581"="Creates and edits text documents with complex formatting."
"@C:\\WINDOWS\\system32\\comres.dll,-662"="Configures and manages COM+ applications"
"@%SystemRoot%\\system32\\shell32.dll,-22535"="Manages disks and provides access to other tools to manage local and remote computers."
"@%SystemRoot%\\system32\\shell32.dll,-22537"="Adds, removes, and configures Open Database Connectivity (ODBC) data sources and drivers."
"@%SystemRoot%\\system32\\shell32.dll,-22541"="Displays monitoring and troubleshooting messages from Windows and other programs."
"@%SystemRoot%\\system32\\shell32.dll,-22567"="Displays graphs of system performance and configures data logs and alerts."
"@%SystemRoot%\\system32\\shell32.dll,-22571"="Starts and stop services."
"@%SystemRoot%\\system32\\shell32.dll,-22542"="Begins the Freecell card game."
"@%SystemRoot%\\system32\\mshearts.exe,-414"="Begins the Hearts card game."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\bckgres.dll,-1213"="Play the board game Backgammon with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\chkrres.dll,-1213"="Play the board game Checkers with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzres.dll,-1213"="Play the card game Hearts with other people from around the world."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\rvseres.dll,-1213"="Play the board game Reversi with another person over the Internet."
"@C:\\Program Files\\MSN Gaming Zone\\Windows\\shvlres.dll,-1213"="Play the card game Spades with other people from around the world."
"@%SystemRoot%\\system32\\shell32.dll,-22557"="Begins a game of Minesweeper."
"@%SystemRoot%\\system32\\shell32.dll,-22569"="Begins a game of 3-D Pinball."
"@%SystemRoot%\\system32\\shell32.dll,-22572"="Begins the Solitaire card game."
"@%SystemRoot%\\system32\\spider.exe,-57"="Begins the Spider Solitaire card game."
"@C:\\Program Files\\Movie Maker\\wmm2res.dll,-63096"="Capture and edit digital media on your computer and then share your saved movies by e-mail, the Internet, recordable CD, or on a DV video tape."
"C:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\WINDOWS\\system32\\cmd.exe"="Windows Command Processor"
"C:\\Documents and Settings\\All Users\\Application Data\\188F1432-103A-4ffb-80F1-36B633C5C9E1\\x86\\DIFxINST32.exe"="DIFx Based Driver Installer"
"@C:\\WINDOWS\\system32\\sti_ci.dll,-11"="Scanner and Camera Wizard"
"@C:\\WINDOWS\\system32\\sti_ci.dll,-13"="Allows you to capture pictures from a scanner or digital camera"
"@C:\\WINDOWS\\inf\\unregmp2.exe,-155"="Play digital media including music, videos, CDs, and DVDs."
"C:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"C:\\WINDOWS\\System32\\rundll32.exe"="Run a DLL as an App"
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\coregen.exe"="Microsoft Common Language Runtime native compiler"
"c:\\program files\\wrapper_inst\\service.exe"="service"
"C:\\WINDOWS\\system32\\msiexec.exe"="Windows® installer"
 
Link to post
Share on other sites

Make registry back up:

 

  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.


erunt.png

 

Next,

 

Open an elevated command prompt,

 

at the command prompt.  either type or copy/paste the following, hit enter after each one...

sc stop "pcregservice"
sc config "pcregservice" start= disabled

exit

 

Re-boot your PC,

 

from the command prompt again, either type or copy/paste the following, hit enter

 

sc delete "pcregservice"

exit

 

Reboot your PC.

 

Open regedit as you done previously and navigate to pcregservice folder, right click on it and select Delete....

 

Let me know if any remaining issues or concerns....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.