Something strange is happening.

Cranfield · December 13, 2013

This thread refers to my problem, but Admin have asked that I repost the logs in this section.

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.75.0.1300

Date Log Created: 12/13/13

Time Log Created: 15:43:37

User Account type: Administrator

32 bit Operating System

Product Name: REG_SZ Microsoft Windows XP

Current Build Number: 2600

Current Version Number: 5.1

Current CSDVersion: Service Pack 3

OS Product Info: Home Edition

Proxy Status: No proxy is Set

Proxy Override:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ *.local

LAN Settings:

=============

No Settings are Set <--NOT DETECTING SETTING AUTOMATICALLY

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ HH:mm:ss

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

TERMService:

==============

Type : 32

State : 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

TermService Start is set to: 2 (Automatic Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):

=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exeREG_SZ DisableNXShowUI

C:\WINDOWS\explorer.exe REG_SZ EnableNXShowUI

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:

==========================

MBAMProtector:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMService:

==============

Type : 16

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

MBAMScheduler:

==============

Type : 16

State : 4 (The service is running.)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

Type REG_DWORD 2

Start REG_DWORD 3

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ \??\C:\WINDOWS\system32\drivers\mbam.sys

Group REG_SZ FSFilter Anti-Virus

DependOnService REG_MULTI_SZ FltMgr

DependOnGroup REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances

DefaultInstance REG_SZ MBAMProtector Instance

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Instances\MBAMProtector Instance

Altitude REG_SZ 328800

Flags REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector\Enum

0 REG_SZ Root\LEGACY_MBAMPROTECTOR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMService Registry Values:

============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

DependOnService REG_MULTI_SZ MBAMProtector

DependOnGroup REG_DWORD 0

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService\Enum

0 REG_SZ Root\LEGACY_MBAMSERVICE\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAMScheduler Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler

Type REG_DWORD 16

Start REG_DWORD 2

ErrorControl REG_DWORD 1

ImagePath REG_EXPAND_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"

ObjectName REG_SZ LocalSystem

Description REG_SZ Malwarebytes Anti-Malware scheduler

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler\Enum

0 REG_SZ Root\LEGACY_MBAMSCHEDULER\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

MBAM DLL's and Runtime Files:

=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid

(Default): REG_SZ vbAccelerator Grid Control

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid

(Default): REG_SZ {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid

(Default): REG_SZ {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid

(Default): REG_SZ {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid

(Default): REG_SZ {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\mbam.script

(Default): REG_SZ Malwarebytes' Anti-Malware script

HKEY_CLASSES_ROOT\mbam.script\shell

HKEY_CLASSES_ROOT\mbam.script\shell\open

HKEY_CLASSES_ROOT\mbam.script\shell\open\command

(Default): REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" %1

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.ISubclass

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.GSubclass

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID

(Default): REG_SZ SSubTimer6.CTimer

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION

(Default): REG_SZ 1.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1

(Default): REG_SZ vbAccelerator VB6 SGrid Control 2.0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS

(Default): REG_SZ 2

HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0

(Default): REG_SZ vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ ISubclass

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}

(Default): REG_SZ CTimer

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib

(Default): REG_SZ {71A2702D-C7D8-11D2-BEF8-525400DFB47A}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}

(Default): REG_SZ vbalGrid

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32

(Default): REG_SZ {00020420-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib

(Default): REG_SZ {DE8CE233-DD83-481D-844C-C07B96589D3A}

Version REG_SZ 1.1

MBAM Registry Settings and License Info:

========================================

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

InstallPath REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

Affiliate REG_SZ https://www.cleverbridge.com/342/?scope=checkout&cart=29945

updating REG_DWORD 1

dbversion REG_SZ v2013.12.13.04

programversion REG_SZ 1.75.0.1300

hidereg REG_DWORD 0

startipdisabled REG_DWORD 0

useproxy REG_DWORD 0

useauthentication REG_DWORD 0

downloadprogram REG_DWORD 1

advancedheuristics REG_DWORD 1

dbdate REG_SZ Fri, 13 Dec 2013 12:06:25 GMT

detectpup REG_DWORD 2

detectpum REG_DWORD 1

detectp2p REG_DWORD 0

updatewarn REG_DWORD 1

updatewarndays REG_DWORD 7

notifyinstallprogram REG_DWORD 1

ID XXXXX-XXXXX This is hidden data.

Key XXXX-XXXX-XXXX-XXXX This is hidden data.

contextmenu REG_DWORD 1

reportthreats REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 1

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

autoquarantine REG_DWORD 1

autoquarantinenotify REG_DWORD 1

programbuild REG_SZ consumer

alwaysscanarchives REG_DWORD 1

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware\UUID

There is data here but it is hidden.

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware\UUID

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

language REG_SZ english.lng

firstrun REG_DWORD 1

defaultscan REG_DWORD 0

selectedrives REG_SZ C:\|

terminateie REG_DWORD 0

autosavelog REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

startminimized REG_DWORD 0

autoupdate REG_DWORD 0

autoscan REG_DWORD 0

updatetime REG_DWORD 1

scantime REG_DWORD 1

updating REG_DWORD 1

openlog REG_DWORD 1

alwaysscanstartups REG_DWORD 1

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles REG_DWORD 1

alwaysscanheuristics REG_DWORD 1

alwaysscanmemory REG_DWORD 1

alwaysscanregistry REG_DWORD 1

alwaysscanstartups REG_DWORD 1

autosavelog REG_DWORD 1

openlog REG_DWORD 1

contextmenu REG_DWORD 1

defaultscan REG_DWORD 0

reportthreats REG_DWORD 1

terminateie REG_DWORD 0

startwithwindows REG_DWORD 1

startfsdisabled REG_DWORD 0

silentipmode REG_DWORD 0

trialpromptshown REG_DWORD 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1

Inno Setup: Setup Version REG_SZ 5.5.3-dev (a)

Inno Setup: App Path REG_SZ C:\Program Files\Malwarebytes' Anti-Malware

InstallLocation REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

Inno Setup: Icon Group REG_SZ Malwarebytes' Anti-Malware

Inno Setup: User REG_SZ HP_Owner

Inno Setup: Selected Tasks REG_SZ desktopicon

Inno Setup: Deselected Tasks REG_SZ quicklaunchicon

Inno Setup: Language REG_SZ English

DisplayName REG_SZ Malwarebytes Anti-Malware version 1.75.0.1300

DisplayIcon REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

UninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

QuietUninstallString REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" /SILENT

DisplayVersion REG_SZ 1.75.0.1300

Publisher REG_SZ Malwarebytes Corporation

URLInfoAbout REG_SZ http://www.malwarebytes.org

NoModify REG_DWORD 1

NoRepair REG_DWORD 1

InstallDate REG_SZ 20130410

MajorVersion REG_DWORD 1

MinorVersion REG_DWORD 75

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Scheduler Queue:

================

Context Menu Entries:

=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID

(Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}

(Default): REG_SZ IMBAMShlExt

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32

(Default): REG_SZ {00020424-0000-0000-C000-000000000046}

HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

Version REG_SZ 1.0

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

(Default): REG_SZ MBAMShlExt Class

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

ThreadingModel REG_SZ Apartment

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID

(Default): REG_SZ MBAMExt.MBAMShlExt.1

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib

(Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID

(Default): REG_SZ MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0

(Default): REG_SZ MBAMExt 1.0 Type Library

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS

(Default): REG_SZ 0

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR

(Default): REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\

MBAM Drivers:

=============

C:\WINDOWS\system32\drivers\mbam.sys File Size: 22856 BYTES FileVersion: 1.60.2.0

Required Dependencies:

======================

fltmgr:

==============

Type : 2

State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0

SERVICE_EXIT_CODE : 0

CHECKPOINT : 0

WAIT_HINT : 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 1

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys File Size: 129792 BYTES FileVersion: 5.1.2600.5512

C:\WINDOWS\system32\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5

C:\WINDOWS\system32\mscomctl.ocx File Size: 1081616 BYTES FileVersion: 6.1.97.82

C:\WINDOWS\system32\olepro32.dll File Size: 84992 BYTES FileVersion: 5.1.2600.5512

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes' Anti-Malware

7z.dll File Size: 914432 BYTES FileVersion: 9.20.0.0

changes.rtf File Size: 785 BYTES

changes.txt File Size: 200 BYTES

license.rtf File Size: 17916 BYTES

license.txt File Size: 11141 BYTES

mbam.chm File Size: 474148 BYTES

mbam.dll File Size: 527944 BYTES FileVersion: 1.70.0.0

mbam.exe File Size: 887432 BYTES FileVersion: 1.75.0.1

mbamcore.dll File Size: 1127496 BYTES FileVersion: 1.70.0.0

mbamext.dll File Size: 79208 BYTES FileVersion: 1.70.0.0

mbamgui.exe File Size: 532040 BYTES FileVersion: 1.70.0.0

mbamnet.dll File Size: 2191944 BYTES FileVersion: 1.70.0.0

mbampt.exe File Size: 40008 BYTES FileVersion: 1.70.0.0

mbamscheduler.exe File Size: 418376 BYTES FileVersion: 1.70.0.0

mbamservice.exe File Size: 701512 BYTES FileVersion: 1.70.0.0

ssubtmr6.dll File Size: 44688 BYTES FileVersion: 1.1.0.3

unins000.dat File Size: 302803 BYTES

unins000.exe File Size: 712264 BYTES FileVersion: 51.52.0.0

unins000.msg File Size: 11277 BYTES

vbalsgrid6.ocx File Size: 495248 BYTES FileVersion: 2.0.0.40

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

chameleon.chm File Size: 186068 BYTES

firefox.com File Size: 218184 BYTES

firefox.exe File Size: 218184 BYTES

firefox.pif File Size: 218184 BYTES

firefox.scr File Size: 218184 BYTES

iexplore.exe File Size: 218184 BYTES

mbam-chameleon.com File Size: 218184 BYTES

mbam-chameleon.exe File Size: 218184 BYTES

mbam-chameleon.pif File Size: 218184 BYTES

mbam-chameleon.scr File Size: 218184 BYTES

mbam-killer.exe File Size: 984648 BYTES FileVersion: 1.60.0.47

rundll32.exe File Size: 218184 BYTES

svchost.exe File Size: 218184 BYTES

winlogon.exe File Size: 218184 BYTES

C:\Program Files\Malwarebytes' Anti-Malware\Languages

albanian.lng File Size: 13924 BYTES

arabic.lng File Size: 21894 BYTES

belarusian.lng File Size: 26884 BYTES

bosnian.lng File Size: 27108 BYTES

bulgarian.lng File Size: 27574 BYTES

catalan.lng File Size: 28252 BYTES

chineseSI.lng File Size: 11024 BYTES

chineseTR.lng File Size: 11952 BYTES

croatian.lng File Size: 26670 BYTES

czech.lng File Size: 24874 BYTES

danish.lng File Size: 26582 BYTES

dutch.lng File Size: 28342 BYTES

english.lng File Size: 24542 BYTES

estonian.lng File Size: 25146 BYTES

finnish.lng File Size: 25950 BYTES

french.lng File Size: 29830 BYTES

german.lng File Size: 29894 BYTES

greek.lng File Size: 29300 BYTES

hebrew.lng File Size: 19362 BYTES

hungarian.lng File Size: 28666 BYTES

indonesian.lng File Size: 26854 BYTES

italian.lng File Size: 28194 BYTES

japanese.lng File Size: 16266 BYTES

korean.lng File Size: 14188 BYTES

latvian.lng File Size: 27100 BYTES

lithuanian.lng File Size: 27838 BYTES

macedonian.lng File Size: 28864 BYTES

norwegian.lng File Size: 25116 BYTES

polish.lng File Size: 26644 BYTES

portugueseBR.lng File Size: 28654 BYTES

portuguesePT.lng File Size: 29062 BYTES

romanian.lng File Size: 28290 BYTES

russian.lng File Size: 27302 BYTES

serbian.lng File Size: 26804 BYTES

slovak.lng File Size: 25644 BYTES

slovenian.lng File Size: 24852 BYTES

spanish.lng File Size: 30060 BYTES

swedish.lng File Size: 25992 BYTES

thai.lng File Size: 26092 BYTES

turkish.lng File Size: 25876 BYTES

ukrainian.lng File Size: 13097 BYTES

vietnamese.lng File Size: 29528 BYTES

C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

mbam-log-2012-05-31 (15-32-07).txt File Size: 1972 BYTES

mbam-log-2012-06-24 (19-16-33).txt File Size: 1930 BYTES

mbam-log-2012-07-13 (11-00-21).txt File Size: 2216 BYTES

mbam-log-2012-08-06 (17-50-11).txt File Size: 2072 BYTES

mbam-log-2012-10-04 (10-11-48).txt File Size: 1976 BYTES

mbam-log-2012-10-21 (13-24-59).txt File Size: 1972 BYTES

mbam-log-2012-10-24 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-10-30 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-10-31 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-01 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-02 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2012-11-03 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-11-05 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2012-11-06 (10-00-10).txt File Size: 1932 BYTES

mbam-log-2012-11-07 (10-00-09).txt File Size: 1936 BYTES

mbam-log-2012-11-08 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-11-09 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-11-10 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-11 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-11-12 (10-00-09).txt File Size: 1932 BYTES

mbam-log-2012-11-13 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-11-14 (10-00-18).txt File Size: 1934 BYTES

mbam-log-2012-11-15 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-16 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-17 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-18 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-19 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-20 (10-00-11).txt File Size: 1932 BYTES

mbam-log-2012-11-21 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2012-11-22 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-11-23 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2012-11-25 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-26 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-11-27 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-11-28 (10-00-09).txt File Size: 1932 BYTES

mbam-log-2012-11-29 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-01 (10-00-11).txt File Size: 1932 BYTES

mbam-log-2012-12-02 (10-00-19).txt File Size: 1912 BYTES

mbam-log-2012-12-03 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-12-06 (10-00-09).txt File Size: 1934 BYTES

mbam-log-2012-12-07 (10-00-10).txt File Size: 1936 BYTES

mbam-log-2012-12-08 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2012-12-10 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-11 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-12 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-13 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-14 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-15 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2012-12-16 (22-34-43).txt File Size: 1936 BYTES

mbam-log-2012-12-17 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2012-12-18 (10-00-10).txt File Size: 1910 BYTES

mbam-log-2012-12-19 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-12-20 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2012-12-21 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-22 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-24 (10-00-10).txt File Size: 1932 BYTES

mbam-log-2012-12-25 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-12-26 (10-00-10).txt File Size: 1936 BYTES

mbam-log-2012-12-27 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2012-12-28 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2012-12-29 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2012-12-30 (10-00-19).txt File Size: 1932 BYTES

mbam-log-2012-12-31 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-02 (10-00-11).txt File Size: 1936 BYTES

mbam-log-2013-01-03 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2013-01-04 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-05 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-07 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-08 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-09 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-10 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2013-01-11 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2013-01-12 (10-00-19).txt File Size: 1934 BYTES

mbam-log-2013-01-14 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-01-16 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-01-17 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-01-18 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-19 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-01-20 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2013-01-21 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-01-22 (10-00-10).txt File Size: 1934 BYTES

mbam-log-2013-01-23 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-01-24 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-25 (10-00-12).txt File Size: 1932 BYTES

mbam-log-2013-01-26 (10-00-19).txt File Size: 1952 BYTES

mbam-log-2013-01-27 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-01-28 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-01-29 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-01-30 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2013-01-31 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-02-01 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-02-02 (10-00-11).txt File Size: 1932 BYTES

mbam-log-2013-02-03 (10-03-51).txt File Size: 1936 BYTES

mbam-log-2013-02-04 (10-00-12).txt File Size: 1942 BYTES

mbam-log-2013-02-05 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-02-06 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-02-07 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-02-08 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-02-08 (20-12-58).txt File Size: 2066 BYTES

mbam-log-2013-02-09 (10-12-08).txt File Size: 1936 BYTES

mbam-log-2013-02-11 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-02-12 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-14 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-02-15 (10-00-12).txt File Size: 7302 BYTES

mbam-log-2013-02-16 (10-01-31).txt File Size: 1934 BYTES

mbam-log-2013-02-17 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-18 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-02-19 (10-00-11).txt File Size: 1934 BYTES

mbam-log-2013-02-20 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-21 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-22 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-23 (10-00-12).txt File Size: 1932 BYTES

mbam-log-2013-02-24 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2013-02-25 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-02-27 (10-00-11).txt File Size: 1932 BYTES

mbam-log-2013-02-28 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-03-02 (10-00-24).txt File Size: 1936 BYTES

mbam-log-2013-03-04 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-05 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-06 (10-00-12).txt File Size: 1932 BYTES

mbam-log-2013-03-07 (10-00-26).txt File Size: 1936 BYTES

mbam-log-2013-03-08 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-03-09 (10-00-12).txt File Size: 1936 BYTES

mbam-log-2013-03-10 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-11 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-03-12 (10-00-13).txt File Size: 1910 BYTES

mbam-log-2013-03-13 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-03-14 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-15 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-03-16 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-03-17 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-03-18 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-19 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-03-20 (10-00-13).txt File Size: 1932 BYTES

mbam-log-2013-03-21 (10-00-13).txt File Size: 1932 BYTES

mbam-log-2013-03-23 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-24 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-03-25 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-26 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-03-27 (10-00-19).txt File Size: 1934 BYTES

mbam-log-2013-03-28 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-03-29 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-03-30 (10-00-20).txt File Size: 1934 BYTES

mbam-log-2013-04-01 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-04-02 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-03 (10-00-20).txt File Size: 1932 BYTES

mbam-log-2013-04-04 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-04-05 (10-00-12).txt File Size: 1932 BYTES

mbam-log-2013-04-06 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-07 (10-00-14).txt File Size: 1942 BYTES

mbam-log-2013-04-08 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-09 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-04-10 (10-00-20).txt File Size: 1920 BYTES

mbam-log-2013-04-11 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-04-12 (10-00-15).txt File Size: 1932 BYTES

mbam-log-2013-04-13 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-14 (10-00-17).txt File Size: 1934 BYTES

mbam-log-2013-04-15 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-16 (10-00-14).txt File Size: 1932 BYTES

mbam-log-2013-04-16 (12-22-20).txt File Size: 2186 BYTES

mbam-log-2013-04-17 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-04-18 (10-00-12).txt File Size: 1934 BYTES

mbam-log-2013-04-19 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-04-21 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2013-04-22 (10-00-14).txt File Size: 1932 BYTES

mbam-log-2013-04-23 (10-00-14).txt File Size: 1932 BYTES

mbam-log-2013-04-24 (10-00-19).txt File Size: 1938 BYTES

mbam-log-2013-04-26 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-04-27 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-04-28 (10-00-15).txt File Size: 1932 BYTES

mbam-log-2013-04-29 (10-00-16).txt File Size: 1934 BYTES

mbam-log-2013-04-30 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-05-01 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-03 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-05-04 (10-00-33).txt File Size: 1936 BYTES

mbam-log-2013-05-05 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-05-06 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-05-08 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-05-09 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-10 (10-00-14).txt File Size: 1932 BYTES

mbam-log-2013-05-11 (10-00-17).txt File Size: 1934 BYTES

mbam-log-2013-05-13 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-15 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-16 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-05-17 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-05-18 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-05-19 (10-00-22).txt File Size: 1936 BYTES

mbam-log-2013-05-20 (10-00-21).txt File Size: 1936 BYTES

mbam-log-2013-05-21 (10-00-27).txt File Size: 1936 BYTES

mbam-log-2013-05-22 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-05-23 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-05-24 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-05-25 (10-00-15).txt File Size: 1944 BYTES

mbam-log-2013-05-26 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-05-27 (10-00-15).txt File Size: 1938 BYTES

mbam-log-2013-05-28 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2013-05-29 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-30 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-05-31 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-06-02 (10-00-21).txt File Size: 1934 BYTES

mbam-log-2013-06-03 (10-00-38).txt File Size: 1936 BYTES

mbam-log-2013-06-04 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-06-05 (10-00-28).txt File Size: 1934 BYTES

mbam-log-2013-06-06 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-06-07 (10-00-14).txt File Size: 1934 BYTES

mbam-log-2013-06-09 (10-00-17).txt File Size: 1934 BYTES

mbam-log-2013-06-10 (10-00-16).txt File Size: 1934 BYTES

mbam-log-2013-06-11 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-06-12 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-06-13 (10-00-17).txt File Size: 1922 BYTES

mbam-log-2013-06-14 (10-00-15).txt File Size: 1934 BYTES

mbam-log-2013-06-15 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-06-16 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-06-16 (19-54-11).txt File Size: 1934 BYTES

mbam-log-2013-06-17 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-06-18 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2013-06-19 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-06-20 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-06-21 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-06-22 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-06-23 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-06-24 (10-00-19).txt File Size: 1936 BYTES

mbam-log-2013-06-25 (10-00-16).txt File Size: 1936 BYTES

mbam-log-2013-06-27 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-06-28 (10-00-26).txt File Size: 1936 BYTES

mbam-log-2013-06-29 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-06-30 (10-00-30).txt File Size: 1936 BYTES

mbam-log-2013-07-01 (10-00-14).txt File Size: 1936 BYTES

mbam-log-2013-07-05 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-07-06 (10-00-15).txt File Size: 1936 BYTES

mbam-log-2013-07-06 (19-41-25).txt File Size: 1968 BYTES

mbam-log-2013-07-07 (10-00-22).txt File Size: 1912 BYTES

mbam-log-2013-07-08 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-07-09 (10-00-13).txt File Size: 1932 BYTES

mbam-log-2013-07-10 (10-00-13).txt File Size: 1934 BYTES

mbam-log-2013-07-12 (10-00-17).txt File Size: 1936 BYTES

mbam-log-2013-07-13 (10-00-13).txt File Size: 1936 BYTES

mbam-log-2013-07-14 (10-00-19).txt File Size: 1936 BYTES

mbam-log-2013-07-15 (10-00-19).txt File Size: 1940 BYTES

mbam-log-2013-07-16 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-07-16 (21-21-00).txt File Size: 2100 BYTES

mbam-log-2013-07-17 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-07-18 (10-00-18).txt File Size: 1934 BYTES

mbam-log-2013-08-03 (22-15-16).txt File Size: 2096 BYTES

mbam-log-2013-08-04 (10-00-19).txt File Size: 1938 BYTES

mbam-log-2013-08-05 (10-00-19).txt File Size: 1940 BYTES

mbam-log-2013-08-07 (10-00-19).txt File Size: 1940 BYTES

mbam-log-2013-08-09 (10-00-20).txt File Size: 1934 BYTES

mbam-log-2013-08-10 (10-00-18).txt File Size: 1936 BYTES

mbam-log-2013-08-11 (10-00-19).txt File Size: 9044 BYTES

mbam-log-2013-08-12 (10-00-18).txt File Size: 9044 BYTES

mbam-log-2013-08-13 (10-00-20).txt File Size: 1952 BYTES

mbam-log-2013-08-14 (10-00-19).txt File Size: 11914 BYTES

mbam-log-2013-08-15 (10-00-48).txt File Size: 11890 BYTES

mbam-log-2013-08-20 (10-00-17).txt File Size: 11914 BYTES

mbam-log-2013-08-21 (10-00-19).txt File Size: 11620 BYTES

mbam-log-2013-08-22 (10-00-20).txt File Size: 11616 BYTES

mbam-log-2013-08-22 (21-31-47).txt File Size: 2082 BYTES

mbam-log-2013-08-23 (10-00-22).txt File Size: 5630 BYTES

mbam-log-2013-08-24 (10-00-22).txt File Size: 5620 BYTES

mbam-log-2013-08-25 (10-00-19).txt File Size: 5946 BYTES

mbam-log-2013-08-26 (10-00-18).txt File Size: 5948 BYTES

mbam-log-2013-09-09 (16-48-02).txt File Size: 2070 BYTES

mbam-log-2013-10-10 (13-14-26).txt File Size: 7894 BYTES

mbam-log-2013-10-10 (13-51-34).txt File Size: 4788 BYTES

mbam-log-2013-10-10 (16-04-21).txt File Size: 1936 BYTES

mbam-log-2013-10-11 (08-37-05).txt File Size: 1936 BYTES

mbam-log-2013-10-23 (10-52-36).txt File Size: 1924 BYTES

mbam-log-2013-10-25 (15-58-22).txt File Size: 1936 BYTES

mbam-log-2013-11-13 (13-12-26).txt File Size: 1966 BYTES

mbam-log-2013-11-17 (15-07-50).txt File Size: 2200 BYTES

mbam-log-2013-11-19 (19-36-33).txt File Size: 1958 BYTES

mbam-log-2013-12-10 (13-28-34).txt File Size: 1958 BYTES

mbam-log-2013-12-13 (13-30-20).txt File Size: 1922 BYTES

C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine

0038647681.data File Size: 813 BYTES

0038647681.quar File Size: 4609760 BYTES

0651521125.data File Size: 759 BYTES

0651521125.quar File Size: 278 BYTES

0731186435.data File Size: 819 BYTES

0731186435.quar File Size: 56458 BYTES

0931215662.data File Size: 837 BYTES

0931215662.quar File Size: 1903392 BYTES

0939592836.data File Size: 820 BYTES

0939592836.quar File Size: 610200 BYTES

1019493571.data File Size: 819 BYTES

1019493571.quar File Size: 57054 BYTES

1175195383.data File Size: 808 BYTES

1175195383.quar File Size: 11804 BYTES

1749822383.data File Size: 820 BYTES

1749822383.quar File Size: 331160 BYTES

1841443864.data File Size: 820 BYTES

1841443864.quar File Size: 314264 BYTES

1993228940.data File Size: 828 BYTES

1993228940.quar File Size: 1294848 BYTES

2105041077.data File Size: 764 BYTES

2105041077.quar File Size: 322 BYTES

2247741859.data File Size: 754 BYTES

2247741859.quar File Size: 2268 BYTES

2291357412.data File Size: 832 BYTES

2291357412.quar File Size: 622 BYTES

2292095819.data File Size: 810 BYTES

2292095819.quar File Size: 56969 BYTES

2884870464.data File Size: 824 BYTES

2884870464.quar File Size: 10320 BYTES

3083333418.data File Size: 814 BYTES

3083333418.quar File Size: 84040 BYTES

3125733331.data File Size: 832 BYTES

3125733331.quar File Size: 622 BYTES

3189525865.data File Size: 829 BYTES

3189525865.quar File Size: 650 BYTES

3476773018.data File Size: 828 BYTES

3476773018.quar File Size: 427088 BYTES

3691024792.data File Size: 812 BYTES

3691024792.quar File Size: 57532 BYTES

3756913806.data File Size: 1238 BYTES

3933078132.data File Size: 846 BYTES

3933078132.quar File Size: 427088 BYTES

3993251111.data File Size: 840 BYTES

3993251111.quar File Size: 10320 BYTES

4331365837.data File Size: 815 BYTES

4331365837.quar File Size: 54629 BYTES

4371138638.data File Size: 806 BYTES

4371138638.quar File Size: 53600 BYTES

4843155219.data File Size: 809 BYTES

4843155219.quar File Size: 54153 BYTES

5663099805.data File Size: 806 BYTES

5663099805.quar File Size: 57679 BYTES

6024193207.data File Size: 829 BYTES

6024193207.quar File Size: 650 BYTES

6271365737.data File Size: 812 BYTES

6271365737.quar File Size: 57409 BYTES

6664023643.data File Size: 820 BYTES

6664023643.quar File Size: 300952 BYTES

6779283973.data File Size: 817 BYTES

6779283973.quar File Size: 56766 BYTES

6883356938.data File Size: 809 BYTES

6883356938.quar File Size: 54128 BYTES

7080560417.data File Size: 768 BYTES

7080560417.quar File Size: 346720 BYTES

7332512395.data File Size: 809 BYTES

7332512395.quar File Size: 56978 BYTES

7513693949.data File Size: 812 BYTES

7513693949.quar File Size: 54166 BYTES

7811950253.data File Size: 846 BYTES

7811950253.quar File Size: 146432 BYTES

8181846466.data File Size: 868 BYTES

8288174058.data File Size: 820 BYTES

8288174058.quar File Size: 397208 BYTES

8397165351.data File Size: 841 BYTES

8397165351.quar File Size: 132096 BYTES

8655016524.data File Size: 821 BYTES

8655016524.quar File Size: 1676480 BYTES

8796301638.data File Size: 844 BYTES

8796301638.quar File Size: 159232 BYTES

9167883649.data File Size: 805 BYTES

9167883649.quar File Size: 54073 BYTES

9618172911.data File Size: 815 BYTES

9618172911.quar File Size: 52963 BYTES

9631825260.data File Size: 824 BYTES

9631825260.quar File Size: 1078591 BYTES

9649073146.data File Size: 812 BYTES

9649073146.quar File Size: 54174 BYTES

9912540099.data File Size: 811 BYTES

9912540099.quar File Size: 54101 BYTES

9992646722.data File Size: 762 BYTES

9992646722.quar File Size: 276 BYTES

===============================================================

END OF FILE

Cranfield · December 13, 2013

The last three "Protection Module logs" (I think).

2013/12/13 08:55:59 GMT YOUR-C94F920E24 MESSAGE Starting protection

2013/12/13 08:55:59 GMT YOUR-C94F920E24 MESSAGE Protection started successfully

2013/12/13 08:55:59 GMT YOUR-C94F920E24 MESSAGE Starting IP protection

2013/12/13 08:56:53 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/13 13:29:26 GMT YOUR-C94F920E24 HP_Owner MESSAGE Starting database refresh

2013/12/13 13:29:27 GMT YOUR-C94F920E24 HP_Owner MESSAGE Stopping IP protection

2013/12/13 13:29:27 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection stopped successfully

2013/12/13 13:29:54 GMT YOUR-C94F920E24 HP_Owner MESSAGE Database refreshed successfully

2013/12/13 13:29:54 GMT YOUR-C94F920E24 HP_Owner MESSAGE Starting IP protection

2013/12/13 13:30:19 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/12 07:43:55 GMT YOUR-C94F920E24 HP_Owner MESSAGE Starting protection

2013/12/12 07:43:56 GMT YOUR-C94F920E24 HP_Owner MESSAGE Protection started successfully

2013/12/12 07:43:56 GMT YOUR-C94F920E24 HP_Owner MESSAGE Starting IP protection

2013/12/12 07:45:29 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/12 13:11:47 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 13:11:50 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 13:11:56 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 13:12:08 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 13:12:11 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 13:12:17 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/12 22:27:57 GMT YOUR-C94F920E24 MESSAGE Starting protection

2013/12/12 22:27:58 GMT YOUR-C94F920E24 MESSAGE Protection started successfully

2013/12/12 22:27:58 GMT YOUR-C94F920E24 MESSAGE Starting IP protection

2013/12/12 22:29:22 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/11 08:42:35 GMT YOUR-C94F920E24 MESSAGE Starting protection

2013/12/11 08:42:35 GMT YOUR-C94F920E24 MESSAGE Protection started successfully

2013/12/11 08:42:35 GMT YOUR-C94F920E24 MESSAGE Starting IP protection

2013/12/11 08:44:13 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/11 10:37:18 GMT YOUR-C94F920E24 MESSAGE Starting protection

2013/12/11 10:37:19 GMT YOUR-C94F920E24 MESSAGE Protection started successfully

2013/12/11 10:37:20 GMT YOUR-C94F920E24 HP_Owner MESSAGE Starting IP protection

2013/12/11 10:38:28 GMT YOUR-C94F920E24 HP_Owner MESSAGE IP Protection started successfully

2013/12/11 19:35:41 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 19:35:44 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 19:35:50 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 19:36:02 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 19:36:05 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 19:36:11 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:48:58 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:01 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:07 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:19 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:22 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:28 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:40 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:43 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:48 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:49 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:51 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:49:57 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:01 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:04 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:09 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:10 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:12 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:17 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:18 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:19 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:20 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:22 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:25 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:26 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:31 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:37 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:38 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:41 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:43 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:46 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:47 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:52 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:58 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:50:59 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:01 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:02 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:07 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:08 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:19 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:20 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:23 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:28 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

2013/12/11 20:51:29 GMT YOUR-C94F920E24 HP_Owner IP-BLOCK 94.242.214.83 (Type: outgoing)

Cranfield · December 13, 2013

Here are the dds logs.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 23/11/2006 11:58:36

System Uptime: 13/12/2013 08:51:27 (8 hours ago)

.

Motherboard: MSI | | AMETHYST-M

Processor: AMD Sempron™ Processor 3000+ | Socket 939 | 1790/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 227 GiB total, 78.292 GiB free.

D: is FIXED (FAT32) - 5 GiB total, 0.498 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP2910: 15/09/2013 10:59:49 - System Checkpoint

RP2911: 16/09/2013 11:41:16 - System Checkpoint

RP2912: 17/09/2013 13:24:24 - System Checkpoint

RP2913: 18/09/2013 14:18:10 - System Checkpoint

RP2914: 19/09/2013 14:58:39 - System Checkpoint

RP2915: 20/09/2013 15:55:56 - System Checkpoint

RP2916: 21/09/2013 16:09:32 - System Checkpoint

RP2917: 22/09/2013 16:23:15 - System Checkpoint

RP2918: 23/09/2013 16:56:27 - System Checkpoint

RP2919: 24/09/2013 17:33:46 - System Checkpoint

RP2920: 25/09/2013 19:21:33 - System Checkpoint

RP2921: 26/09/2013 19:51:13 - System Checkpoint

RP2922: 27/09/2013 21:27:14 - System Checkpoint

RP2923: 28/09/2013 23:11:06 - System Checkpoint

RP2924: 30/09/2013 10:34:44 - System Checkpoint

RP2925: 01/10/2013 11:04:13 - System Checkpoint

RP2926: 02/10/2013 13:32:00 - System Checkpoint

RP2927: 03/10/2013 13:43:47 - System Checkpoint

RP2928: 04/10/2013 14:04:28 - System Checkpoint

RP2929: 05/10/2013 17:54:51 - System Checkpoint

RP2930: 06/10/2013 19:58:15 - System Checkpoint

RP2931: 07/10/2013 22:38:26 - System Checkpoint

RP2932: 09/10/2013 10:41:09 - System Checkpoint

RP2933: 09/10/2013 22:46:34 - Software Distribution Service 3.0

RP2934: 11/10/2013 08:09:53 - System Checkpoint

RP2935: 12/10/2013 08:39:50 - System Checkpoint

RP2936: 12/10/2013 23:20:22 - Removed Apple Software Update

RP2937: 12/10/2013 23:21:19 - Removed Apple Application Support

RP2938: 13/10/2013 12:56:28 - Installed iTunes

RP2939: 13/10/2013 21:13:04 - Software Distribution Service 3.0

RP2940: 14/10/2013 21:25:32 - System Checkpoint

RP2941: 16/10/2013 11:42:04 - System Checkpoint

RP2942: 17/10/2013 11:43:12 - System Checkpoint

RP2943: 18/10/2013 13:09:21 - System Checkpoint

RP2944: 19/10/2013 13:46:10 - System Checkpoint

RP2945: 20/10/2013 16:53:52 - System Checkpoint

RP2946: 21/10/2013 08:50:16 - Installed Java 7 Update 45

RP2947: 21/10/2013 22:49:50 - avast! antivirus system restore point

RP2948: 23/10/2013 00:24:12 - System Checkpoint

RP2949: 24/10/2013 11:22:11 - System Checkpoint

RP2950: 25/10/2013 12:45:23 - System Checkpoint

RP2951: 25/10/2013 13:17:47 - avast! antivirus system restore point

RP2952: 26/10/2013 08:35:42 - avast! antivirus system restore point

RP2953: 26/10/2013 08:37:17 - avast! antivirus system restore point

RP2954: 27/10/2013 08:19:12 - System Checkpoint

RP2955: 28/10/2013 08:44:04 - System Checkpoint

RP2956: 29/10/2013 10:57:41 - System Checkpoint

RP2957: 30/10/2013 11:48:14 - System Checkpoint

RP2958: 31/10/2013 12:30:12 - System Checkpoint

RP2959: 01/11/2013 15:25:39 - System Checkpoint

RP2960: 02/11/2013 16:36:47 - System Checkpoint

RP2961: 03/11/2013 17:32:19 - System Checkpoint

RP2962: 04/11/2013 19:44:31 - System Checkpoint

RP2963: 05/11/2013 20:31:44 - System Checkpoint

RP2964: 07/11/2013 11:40:31 - System Checkpoint

RP2965: 08/11/2013 13:31:47 - System Checkpoint

RP2966: 09/11/2013 14:10:44 - System Checkpoint

RP2967: 09/11/2013 15:21:14 - Removed OpenOffice.org 3.3

RP2968: 09/11/2013 15:23:18 - Installed OpenOffice 4.0.1

RP2969: 10/11/2013 15:35:11 - System Checkpoint

RP2970: 11/11/2013 19:26:15 - System Checkpoint

RP2971: 12/11/2013 19:48:14 - System Checkpoint

RP2972: 13/11/2013 13:51:15 - Software Distribution Service 3.0

RP2973: 13/11/2013 15:56:30 - Software Distribution Service 3.0

RP2974: 14/11/2013 09:24:05 - Installed MailWasherPro

RP2975: 15/11/2013 11:57:51 - System Checkpoint

RP2976: 16/11/2013 13:23:54 - System Checkpoint

RP2977: 17/11/2013 18:37:49 - System Checkpoint

RP2978: 18/11/2013 19:08:28 - System Checkpoint

RP2979: 19/11/2013 20:15:48 - System Checkpoint

RP2980: 20/11/2013 11:54:57 - Removed Skype™ 6.10

RP2981: 20/11/2013 11:56:15 - Removed Skype Click to Call

RP2982: 21/11/2013 15:02:25 - System Checkpoint

RP2983: 22/11/2013 16:03:29 - System Checkpoint

RP2984: 23/11/2013 17:31:12 - System Checkpoint

RP2985: 24/11/2013 18:49:22 - System Checkpoint

RP2986: 25/11/2013 19:07:36 - System Checkpoint

RP2987: 26/11/2013 21:30:58 - System Checkpoint

RP2988: 27/11/2013 22:22:29 - System Checkpoint

RP2989: 29/11/2013 10:55:20 - System Checkpoint

RP2990: 30/11/2013 11:12:36 - System Checkpoint

RP2991: 01/12/2013 12:04:53 - System Checkpoint

RP2992: 02/12/2013 12:28:22 - System Checkpoint

RP2993: 03/12/2013 12:32:51 - System Checkpoint

RP2994: 04/12/2013 13:07:11 - System Checkpoint

RP2995: 05/12/2013 14:16:53 - System Checkpoint

RP2996: 06/12/2013 14:43:27 - System Checkpoint

RP2997: 07/12/2013 15:27:48 - System Checkpoint

RP2998: 08/12/2013 16:20:12 - System Checkpoint

RP2999: 09/12/2013 16:35:38 - System Checkpoint

RP3000: 10/12/2013 17:53:30 - System Checkpoint

RP3001: 11/12/2013 09:49:01 - Software Distribution Service 3.0

RP3002: 12/12/2013 10:39:38 - System Checkpoint

RP3003: 12/12/2013 22:16:58 - Removed RegHunter

RP3004: 12/12/2013 22:17:59 - Removed SpyHunter

RP3005: 12/12/2013 22:47:19 - Installed SpyHunter

RP3006: 13/12/2013 09:02:06 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoBase 3

ArcSoft PhotoStudio 5

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

avast! Internet Security

BBC iPlayer Desktop

Belkin F5D8053 N Wireless USB Adapter

Bonjour

Canon CanoScan Toolbox 4.1

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDisplay 1.8

Critical Update for Windows Media Player 11 (KB959772)

Customer Experience Enhancement

DivX Setup

DocumentViewer

DocumentViewerQFolder

DownloadX ActiveX Download Control 1.6.5

Enhanced Multimedia Keyboard Solution

EPSON PhotoQuicker3.4

EPSON PRINT Image Framer Tool2.0

EPSON Printer Software

Foxit PDF Editor

Free File Viewer 2011

Google Chrome

Google Earth

Google Earth Plug-in

Google Gmail Notifier

Google Update Helper

Haali Media Splitter

Hewlett-Packard ACLM.NET v1.1.0.0

High Definition Audio Driver Package - KB888111

HijackThis 1.99.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Deskjet Printer Preload

HP Document Viewer 5.3

HP DVD Play 1.0

HP Product Assistant

HP Product Detection

HP Update

HPProductAssistant

HpSdpAppCoreApp

Internet Download Manager

Internet Services

IrfanView (remove only)

iTunes

J2SE Runtime Environment 5.0 Update 5

Java 7 Update 45

Java Auto Updater

Java™ 6 Update 22

LightScribe 1.4.62.1

MailWasher Pro

MailWasherPro

Malwarebytes Anti-Malware version 1.75.0.1300

Manual CanoScan LiDE 80

Matroska Pack - Lazy Man's MKV 0.9.9

MediaStore PlayFLV

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft LifeCam

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OmniPage SE

OpenOffice 4.0.1

PC-Doctor 5 for Windows

PC Wizard 2008.1.871

PerformanceTest v6.1

PIF DESIGNER2.0

PowerISO

Presto! PageManager 6.03

PS2

Recuva

Samsung_MonSetup

ScanToWeb

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Serif PagePlus SE 1.0

Skins

Skype Click to Call

Skype™ 6.1

SopCast 3.2.4

SpeedTouch USB Software

Spotify

Spybot - Search & Destroy

SpyHunter

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB2904266)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.4053

Veetle TV

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.1.2

WebFldrs XP

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell™ 1.0

Windows XP Service Pack 3

WinRAR archiver

YapPhone

.

==== Event Viewer Messages From Past Week ========

.

12/12/2013 22:17:08, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/12/2013 08:43:44, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype C2C Service service to connect.

09/12/2013 07:44:23, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

09/12/2013 07:44:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

08/12/2013 22:17:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

08/12/2013 09:05:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

08/12/2013 09:05:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.

08/12/2013 09:05:09, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Cranfield · December 13, 2013

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2

Run by HP_Owner at 16:51:32 on 2013-12-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3006.1919 [GMT 0:00]

.

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Enabled*

FW: AVG Firewall *Disabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - <orphaned>

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: {B56A7D7D-6927-48C8-A975-17DF180C71AC} - <orphaned>

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\3796a166-ea42-4ca3-83a7-5b2bd79ff5dd.exe /check

StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher\MailWasherPro.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{01C79DFE-6A25-48C0-B0C4-B8881E914877} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

TCP: Interfaces\{E45BEAE8-2621-4757-97A5-480F92005260} : DHCPNameServer = 192.168.2.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-7-13 12112]

R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [2013-7-13 247192]

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-7-13 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-7-13 178304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-2 64288]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-7-13 26136]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-13 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-7-13 403440]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-23 121184]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-28 101720]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-13 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-13 70384]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-13 50344]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2013-7-13 179088]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-3 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-7 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]

R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-7 22856]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-5-22 36608]

S3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]

S3 w7lf_.sys;w7lf_.sys;\??\c:\windows\system32\drivers\w7lf_.sys --> c:\windows\system32\drivers\w7lf_.sys [?]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S3 YapLoad;Y@pPhone;c:\windows\system32\drivers\YapLoad.Sys [2008-7-8 19656]

.

=============== Created Last 30 ================

.

2013-12-12 22:47:27 110080 ----a-r- c:\documents and settings\hp_owner\application data\microsoft\installer\{34949bb0-08bb-4407-882f-164eb49e335b}\IconF7A21AF7.exe

2013-12-12 22:47:27 110080 ----a-r- c:\documents and settings\hp_owner\application data\microsoft\installer\{34949bb0-08bb-4407-882f-164eb49e335b}\IconD7F16134.exe

2013-12-12 22:47:27 110080 ----a-r- c:\documents and settings\hp_owner\application data\microsoft\installer\{34949bb0-08bb-4407-882f-164eb49e335b}\IconCAE74F08.exe

2013-12-12 22:47:21 -------- d-----w- C:\sh4ldr

2013-12-12 22:47:21 -------- d-----w- c:\program files\Enigma Software Group

2013-12-12 22:16:36 -------- d-----w- c:\windows\CD27142034CF47DC80B7C409B6CD0DD8.TMP

2013-11-30 21:17:25 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Spotify

2013-11-30 21:16:29 -------- d-----w- c:\documents and settings\hp_owner\application data\Spotify

.

==================== Find3M ====================

.

2013-12-10 22:21:44 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-12-10 22:21:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-07 23:41:38 121184 ----a-w- c:\windows\system32\drivers\idmtdi.sys

2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec

2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll

2013-10-21 21:55:49 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-10-21 21:55:49 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-10-21 21:55:49 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-10-21 21:55:49 43152 ----a-w- c:\windows\avastSS.scr

2013-10-21 21:55:49 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-10-21 21:55:35 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-10-21 21:55:32 247192 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-10-14 17:41:58 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-08 06:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-08 06:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl

2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8AC48AB8]

3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\00000072[0x8ABE9F18]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8AC43D98]

kernel: MBR read successfully

_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }

user != kernel MBR !!!

.

============= FINISH: 16:52:39.75 ===============

Cranfield · December 14, 2013

I trust this is all the information required, but if I have missed anything out, can someone please tell me.

AdvancedSetup · December 14, 2013

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Cranfield · December 14, 2013

ComboFix 13-12-13.01 - HP_Owner 14/12/2013 13:44:13.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3006.2295 [GMT 0:00]

Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\Programs\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Guest\WINDOWS

c:\documents and settings\HP_Owner\Application Data\Toolbar4

c:\documents and settings\HP_Owner\WINDOWS

C:\install.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\ps2.bat

c:\windows\system32\SET57.tmp

c:\windows\system32\SET86.tmp

c:\windows\system32\SET92.tmp

c:\windows\system32\SET9B.tmp

c:\windows\system32\SET9D.tmp

c:\windows\system32\SETA0.tmp

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_xcpip

-------\Service_xpsec

.

((((((((((((((((((((((((( Files Created from 2013-11-14 to 2013-12-14 )))))))))))))))))))))))))))))))

.

2013-12-12 22:47 . 2013-12-12 22:47 110080 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{34949BB0-08BB-4407-882F-164EB49E335B}\IconF7A21AF7.exe

2013-12-12 22:47 . 2013-12-12 22:47 110080 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{34949BB0-08BB-4407-882F-164EB49E335B}\IconD7F16134.exe

2013-12-12 22:47 . 2013-12-12 22:47 110080 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{34949BB0-08BB-4407-882F-164EB49E335B}\IconCAE74F08.exe

2013-12-12 22:47 . 2013-12-12 22:47 -------- d-----w- C:\sh4ldr

2013-12-12 22:47 . 2013-12-12 22:47 -------- d-----w- c:\program files\Enigma Software Group

2013-12-12 22:16 . 2013-12-12 22:17 -------- d-----w- c:\windows\CD27142034CF47DC80B7C409B6CD0DD8.TMP

2013-11-30 21:17 . 2013-12-12 21:42 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Spotify

2013-11-30 21:16 . 2013-12-12 22:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Spotify

2013-11-20 12:05 . 2013-11-20 12:05 -------- d-----w- c:\program files\Common Files\Skype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-12-10 22:21 . 2012-10-11 18:38 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-12-10 22:21 . 2012-10-11 18:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-11-13 02:59 . 2004-08-04 11:00 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-08 21:03 . 2013-07-13 13:14 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys

2013-11-07 23:41 . 2010-12-23 19:00 121184 ----a-w- c:\windows\system32\drivers\idmtdi.sys

2013-11-07 05:38 . 2004-08-04 11:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll

2013-11-06 01:03 . 2009-04-15 07:39 7168 ----a-w- c:\windows\system32\xpsp4res.dll

2013-10-30 02:26 . 2004-08-04 11:00 1879040 ----a-w- c:\windows\system32\win32k.sys

2013-10-29 07:57 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-10-29 07:57 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-10-29 07:57 . 2004-08-04 11:00 18944 ----a-w- c:\windows\system32\corpol.dll

2013-10-29 07:57 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-10-29 00:45 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec

2013-10-23 23:45 . 2004-08-04 11:00 172032 ----a-w- c:\windows\system32\scrrun.dll

2013-10-21 21:55 . 2013-07-13 13:14 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-10-21 21:55 . 2013-07-13 13:13 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-10-21 21:55 . 2013-07-13 13:13 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-10-21 21:55 . 2013-07-13 13:13 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-10-21 21:55 . 2013-07-13 13:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-10-21 21:55 . 2013-07-13 13:13 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-10-21 21:55 . 2013-07-13 13:13 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-10-21 21:55 . 2013-07-13 13:13 269216 ----a-w- c:\windows\system32\aswBoot.exe

2013-10-21 21:55 . 2013-07-13 13:11 43152 ----a-w- c:\windows\avastSS.scr

2013-10-21 21:55 . 2013-07-13 13:13 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-10-21 21:55 . 2013-07-13 13:13 247192 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-10-14 17:41 . 2013-07-13 13:13 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-10-12 15:56 . 2004-08-04 11:00 278528 ----a-w- c:\windows\system32\oakley.dll

2013-10-09 13:12 . 2004-08-04 11:00 287744 ----a-w- c:\windows\system32\gdi32.dll

2013-10-08 06:50 . 2013-10-21 07:51 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-08 06:29 . 2012-01-16 14:21 145408 ----a-w- c:\windows\system32\javacpl.cpl

2013-10-07 10:59 . 2004-08-04 11:00 603136 ----a-w- c:\windows\system32\crypt32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-10-21 21:55 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 21904 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-10-22 3567800]

.

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\

MailWasherPro.lnk - c:\program files\FireTrust\MailWasher\MailWasherPro.exe -nosplash [2013-10-31 5759816]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE c:\hp\bin\PinToStart.bat [2006-4-29 27136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin F5D8053 N Wireless USB Adapter Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin F5D8053 N Wireless USB Adapter Utility.lnk

backup=c:\windows\pss\Belkin F5D8053 N Wireless USB Adapter Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MailWasherPro.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MailWasherPro.lnk

backup=c:\windows\pss\MailWasherPro.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]

path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk

backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MailWasherPro.lnk]

path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MailWasherPro.lnk

backup=c:\windows\pss\MailWasherPro.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\N2PDialr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2013-09-13 18:51 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-11-10 00:29 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2013-10-01 01:23 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2005-02-02 16:44 61440 ----a-w- c:\hp\KBD\kbd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

2007-05-17 21:45 279912 -c--a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]

2002-06-03 11:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2013-01-08 12:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]

2004-01-26 11:38 866816 -c--a-w- c:\program files\Thomson\SpeedTouch USB\dragdiag.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

2013-10-18 18:45 6430080 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2013-08-27 15:57 248208 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

2007-04-10 21:46 709992 ----a-w- c:\windows\vVX1000.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=

"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=

"c:\\Program Files\\HP\\Common\\HPDeviceDetection3.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\HP_Owner\\Application Data\\Spotify\\spotify.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [13/07/2013 13:11 12112]

R0 aswNdis2;avast! Firewall NDIS Driver;c:\windows\system32\drivers\aswNdis2.sys [13/07/2013 13:13 247192]

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [13/07/2013 13:13 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [13/07/2013 13:13 178304]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [02/05/2010 18:38 64288]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [13/07/2013 13:13 26136]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [13/07/2013 13:13 774392]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [13/07/2013 13:14 403440]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [23/12/2010 19:00 121184]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 08:31 101720]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/07/2013 13:14 35656]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [13/07/2013 13:13 70384]

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [13/07/2013 13:11 179088]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/10/2012 21:48 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/01/2009 09:06 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22/11/2012 10:29 3290304]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2013 15:57 93072]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/01/2009 09:06 22856]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536]

S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\Drivers\Aldebaran.sys --> c:\windows\system32\Drivers\Aldebaran.sys [?]

S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 16:57 13904]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [22/05/2009 15:15 36608]

S3 w7lf_.sys;w7lf_.sys;\??\c:\windows\system32\drivers\w7lf_.sys --> c:\windows\system32\drivers\w7lf_.sys [?]

S3 YapLoad;Y@pPhone;c:\windows\system32\drivers\YapLoad.Sys [08/07/2008 15:15 19656]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 13:57 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 22:21]

.

2013-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2013-12-14 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-13 21:55]

.

2013-12-14 c:\windows\Tasks\FreeFileViewerUpdateChecker.job

- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-05-13 13:24]

.

2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 22:40]

.

2013-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-17 22:40]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\www

Trusted Zone: microsoft.com\www.update

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Spotify Web Helper - c:\program files\Spotify\Data\SpotifyWebHelper.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-12-14 13:59

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

c:\windows\TEMP\_avast_\unp149590777.tmp 261652 bytes

C:\avast! sandbox

.

scan completed successfully

hidden files: 2

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):a3,d2,7f,04,5f,e5,cb,c8,1b,3a,b6,6f,be,c7,21,a4,1e,4f,c4,11,51,

88,0c,9a,fd,7b,b4,8b,d6,11,2b,24,c8,79,fc,92,34,d0,c1,52,00,00,00,00,00,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fab9a636-dacc-4cc9-bb60-322c2b2ee7de}]

@Denied: (Full) (Everyone)

"Model"=dword:000000c7

"Therad"=dword:0000001e

"MData"=hex(0):ee,92,e9,d3,ea,9e,d4,13,f2,18,2e,ed,42,10,ff,b7,25,e9,20,8b,c2,

56,b0,93,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1116)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3756)

c:\windows\system32\WININET.dll

c:\program files\Internet Download Manager\IDMShellExt.dll

c:\program files\Internet Download Manager\IDMNetMon.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

.

**************************************************************************

.

Completion time: 2013-12-14 14:06:34 - machine was rebooted

ComboFix-quarantined-files.txt 2013-12-14 14:06

.

Pre-Run: 86,027,321,344 bytes free

Post-Run: 86,333,825,024 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - BC2350A784D5A1980B92AF37708EB51A

D11C727E03BB7318DCDA069B06E652F0

Cranfield · December 14, 2013

Hopefully this all makes sense to someone. :wacko:

Cranfield · December 15, 2013

I cannot edit my first post to include the text of my original "complaint", so here is the text;

"I have Anti-Malware (PRO) installed and I also have SpyHunter installed, this was done some months ago by a techie friend to remove a specific trojan.

I am running Windows XP and GoogleChrome browser.

If I run Malwarebytes quick scan I find no problems.

If I then immediately run SpyHunter quick scan I find infections when scanning my Registry from, "Findwide.com", "ImminentSearchtheWeb" and "StartsearHyjacker".

I then press "remove threats" on SpyHunter and quick scan again and the "threats" are still there, but if I run a quick scan by Malwarebytes there are no "threats".

I have contacted SpyHunter Support and have been advised to do a reinstall of SpyHunter, which I have done and the situation remains the same.

I am not a technical minded person and I would appreciate some help as to what is going on and should I be doing something about it. "

Cranfield · December 16, 2013

Someone please read these logs, it took me ages to download them all. :wub:

If thats not possible, a quick answer please.

If Malwarebytes Anti-Malware is not detecting these "threats" is it possible that SpyHunter is inventing them ?

Should I just uninstall SpyHunter and stop worrying ?

AdvancedSetup · December 17, 2013

I'm assisting you but it is the Holiday Season and the site has quite a few users looking for help so please try to be patient.

Not so sure of the current version of SpyHunter but older versions were indicated as not being legit as I recall. I would recommend uninstalling it at this time.

Combofix was able to find and remove quite a bit of this stuff for us but let me have you run the following which should clean up most of the rest of anything else that might be found.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Cranfield · December 17, 2013

Step3 logs.

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

Database version: v2013.12.17.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Owner :: YOUR-C94F920E24 [administrator]

17/12/2013 10:57:27

mbar-log-2013-12-17 (10-57-27).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 242526

Time elapsed: 42 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

--------------

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_22

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.790000 GHz

Memory total: 3152527360, free: 2118782976

Downloaded database version: v2013.12.17.03

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

12/17/2013 10:57:10

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

viaide.sys

intelide.sys

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

iaStor.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

Lbd.sys

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

aswNdis2.sys

aswNdis.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

Mup.sys

aswVmm.sys

aswRvrt.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\AmdK8.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\System32\Drivers\AFS2K.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Rtnicxp.sys

\SystemRoot\system32\drivers\ALCXWDM.SYS

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\SBREdrv.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\??\C:\WINDOWS\system32\drivers\aswKbd.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\??\C:\WINDOWS\system32\drivers\aswTdi.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\??\C:\WINDOWS\system32\drivers\aswRdr.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\System32\Drivers\SCDEmu.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\idmtdi.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\WINDOWS\system32\drivers\aswSP.sys

\??\C:\WINDOWS\system32\drivers\aswSnx.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\atiok3x2.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys

\??\C:\WINDOWS\system32\drivers\mbam.sys

\??\C:\WINDOWS\system32\drivers\aswFsBlk.sys

\SystemRoot\system32\DRIVERS\AegisP.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\TDTCP.SYS

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\system32\DRIVERS\ipfltdrv.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR6

Upper Device Object: 0xffffffff8aaaaab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000096\

Lower Device Object: 0xffffffff8aaa68e8

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR5

Upper Device Object: 0xffffffff8aa176b0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000095\

Lower Device Object: 0xffffffff8aa182c0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR4

Upper Device Object: 0xffffffff8aa098a0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000094\

Lower Device Object: 0xffffffff8a9deea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR3

Upper Device Object: 0xffffffff8aa0c798

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000093\

Lower Device Object: 0xffffffff8aa07890

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8ac91ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8abe5d98

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8ac91ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8ac40900, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8ac91ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8ac57f18, DeviceName: \Device\00000074\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8abe5d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CAB10BEE

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 476960337

Partition file system is NTFS

Partition is bootable

Partition 1 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 476960463 Numsec = 11430657

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff8aa0c798, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa09e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aa0c798, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8aa07890, DeviceName: \Device\00000093\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff8aa098a0, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa17c18, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aa098a0, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a9deea0, DeviceName: \Device\00000094\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff8aa176b0, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa17488, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aa176b0, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8aa182c0, DeviceName: \Device\00000095\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff8aaaaab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa17270, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aaaaab8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8aaa68e8, DeviceName: \Device\00000096\, DriverName: \Driver\usbstor\

------------ End ----------

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\HP_Owner\Cookies\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Cookies\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

Scan finished

=======================================

Removal queue found; removal started

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

Cranfield · December 17, 2013

Step 5 logs, Nothing appeared in the body of the scan window and as I didn't quite understand what to remove via the log files, I haven't removed, or cleaned anything.

----------

# AdwCleaner v3.015 - Report created 17/12/2013 at 16:04:16

# Updated 10/12/2013 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : HP_Owner - YOUR-C94F920E24

# Running from : C:\Documents and Settings\HP_Owner\My Documents\Downloads\Programs\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\9012spcs.default\.autoreg

File Found : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\9012spcs.default\searchplugins\Mysearchdial.xml

File Found : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\9012spcs.default\user.js

Folder Found : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\9012spcs.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}

Key Found : HKCU\Software\Uniblue

Key Found : HKCU\Software\vShare.tv

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Found : HKLM\Software\ParetoLogic

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4225 octets] - [17/12/2013 16:01:41]

AdwCleaner[R1].txt - [4145 octets] - [17/12/2013 16:04:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4205 octets] ##########

Cranfield · December 17, 2013

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.17.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Owner :: YOUR-C94F920E24 [administrator]

Protection: Enabled

17/12/2013 16:13:52

mbam-log-2013-12-17 (16-13-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 238690

Time elapsed: 15 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Cranfield · December 17, 2013

Step 6. The scan found two items, which it cleaned, one was "OpenCandy" ? and the other was "possibly a variant on Bobby ??/", I saved the result as a text, but I can't find where it is saved on my PC.

Cranfield · December 17, 2013

Step 7 logs;

------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2013 01

Ran by HP_Owner (administrator) on YOUR-C94F920E24 on 17-12-2013 18:29:02

Running from C:\Documents and Settings\HP_Owner\My Documents\Downloads\Programs

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Google Inc.) C:\Program Files\Google\Gmail Notifier\gnotify.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Recguard] - C:\WINDOWS\SMINST\Recguard.exe [237568 2005-07-22] ()

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] - C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)

Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)

Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk

ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\MailWasherPro.lnk

ShortcutTarget: MailWasherPro.lnk -> C:\Program Files\FireTrust\MailWasher\MailWasherPro.exe (Firetrust)

BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP97&ocid=UP97DHP

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - CE08DFE975FF4E4BA3E354E3B1C088AD URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCyCtCyByD0AzytB0A0B0F0EyBtBtN0D0Tzu0CyDzzyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=442652722&ir=

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

BHO: No Name - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: No Name - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - No File

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome:

=======

CHR HomePage: https://www.google.co.uk/webhp?source=search_app

CHR RestoreOnStartup: "https://www.google.co.uk/webhp?source=search_app"

CHR DefaultSearchKeyword: google.com

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs

CHR DefaultNewTabURL:

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Google Docs) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (AdBlock) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (IDM Integration Module) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_0

CHR Extension: (Skype Click to Call) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Google Wallet) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [179088 2013-10-21] (AVAST Software)

R2 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [94208 2002-07-17] (SEIKO EPSON CORPORATION)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2010-09-17] (Cisco Systems, Inc.)

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-08] (Oak Technology Inc.)

S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON)

S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2004-02-17] (THOMSON)

R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3644928 2005-08-29] (Realtek Semiconductor Corp.)

R1 AmdK8; C:\Windows\System32\DRIVERS\AmdK8.sys [36352 2005-03-09] (Advanced Micro Devices)

R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-10-21] (AVAST Software)

R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26136 2013-10-21] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-10-21] (AVAST Software)

R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-03-13] (ALWIL Software)

R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [247192 2013-10-21] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-10-21] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-21] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-10-21] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-10-21] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-21] ()

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2008-12-13] ()

R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [121184 2013-11-07] (Tonec Inc.)

R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64288 2010-06-03] (Lavasoft AB)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [517632 2007-07-28] (Ralink Technology, Corp.)

S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)

R1 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [101720 2011-06-28] (Sunbelt Software)

S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)

S3 YapLoad; C:\Windows\System32\DRIVERS\YapLoad.sys [19656 2000-09-26] (anchor chips)

S3 Aldebaran; \??\C:\WINDOWS\system32\Drivers\Aldebaran.sys [x]

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

S0 ftsata2; system32\DRIVERS\ftsata2.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

S3 w7lf_.sys; \??\C:\WINDOWS\system32\drivers\w7lf_.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-17 18:28 - 2013-12-17 18:28 - 00000000 ____D C:\FRST

2013-12-17 16:37 - 2013-12-17 16:37 - 00000000 ____D C:\Program Files\ESET

2013-12-17 16:01 - 2013-12-17 16:05 - 00000000 ____D C:\AdwCleaner

2013-12-17 13:11 - 2013-12-17 13:11 - 00003261 _____ C:\Documents and Settings\HP_Owner\Desktop\JRT.txt

2013-12-17 12:57 - 2013-12-17 12:57 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-17 11:59 - 2013-12-17 11:59 - 00000795 _____ C:\WINDOWS\setupapi.log

2013-12-17 11:58 - 2013-12-17 11:58 - 00000000 ____D C:\WINDOWS\34949BB008BB4407882F164EB49E335B.TMP

2013-12-17 10:57 - 2013-12-17 11:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-17 10:56 - 2013-12-17 11:44 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\mbar

2013-12-17 10:56 - 2013-12-17 10:56 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-14 14:06 - 2013-12-14 14:06 - 00026982 _____ C:\ComboFix.txt

2013-12-14 13:54 - 2013-12-14 13:54 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG

2013-12-14 13:41 - 2013-12-14 13:42 - 00000000 _RSHD C:\cmdcons

2013-12-14 13:37 - 2013-12-14 14:06 - 00000000 ____D C:\Qoobox

2013-12-14 13:37 - 2011-06-26 06:45 - 00256000 _____ C:\WINDOWS\PEV.exe

2013-12-14 13:37 - 2010-11-07 17:20 - 00208896 _____ C:\WINDOWS\MBR.exe

2013-12-14 13:37 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00098816 _____ C:\WINDOWS\sed.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00080412 _____ C:\WINDOWS\grep.exe

2013-12-14 13:37 - 2000-08-31 00:00 - 00068096 _____ C:\WINDOWS\zip.exe

2013-12-14 13:36 - 2013-12-14 14:04 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

2013-12-13 16:56 - 2013-12-13 16:56 - 00014748 _____ C:\Documents and Settings\HP_Owner\My Documents\dds 2.txt

2013-12-13 16:55 - 2013-12-13 16:55 - 00027403 _____ C:\Documents and Settings\HP_Owner\My Documents\dds.txt

2013-12-13 15:46 - 2013-12-13 15:46 - 00052628 _____ C:\Documents and Settings\HP_Owner\My Documents\CheckResults.txt

2013-12-12 22:47 - 2013-12-17 12:02 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-12-12 22:16 - 2013-12-12 22:17 - 00000000 ____D C:\WINDOWS\CD27142034CF47DC80B7C409B6CD0DD8.TMP

2013-12-11 09:57 - 2013-12-11 09:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-11 09:57 - 2013-12-11 09:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-11-30 21:17 - 2013-12-12 21:42 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Spotify

2013-11-30 21:17 - 2013-11-30 21:17 - 00001876 _____ C:\Documents and Settings\HP_Owner\Start Menu\Programs\Spotify.lnk

2013-11-30 21:17 - 2013-11-30 21:17 - 00001870 _____ C:\Documents and Settings\HP_Owner\Desktop\Spotify.lnk

2013-11-30 21:16 - 2013-12-12 22:15 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Spotify

2013-11-20 12:05 - 2013-11-21 14:16 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2013-11-20 12:05 - 2013-11-20 12:05 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-11-20 12:05 - 2013-11-20 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

2013-11-19 23:28 - 2013-11-17 11:22 - 00445930 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131119-232837.backup

2013-11-17 11:19 - 2013-03-10 11:23 - 00445930 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131117-111910.backup

==================== One Month Modified Files and Folders =======

2013-12-17 18:28 - 2013-12-17 18:28 - 00000000 ____D C:\FRST

2013-12-17 18:21 - 2012-10-11 18:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-17 18:10 - 2008-07-23 15:12 - 00000000 ____D C:\Program Files\YapPhone

2013-12-17 17:56 - 2009-12-17 22:41 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-17 16:37 - 2013-12-17 16:37 - 00000000 ____D C:\Program Files\ESET

2013-12-17 16:05 - 2013-12-17 16:01 - 00000000 ____D C:\AdwCleaner

2013-12-17 13:11 - 2013-12-17 13:11 - 00003261 _____ C:\Documents and Settings\HP_Owner\Desktop\JRT.txt

2013-12-17 12:57 - 2013-12-17 12:57 - 00000000 ____D C:\WINDOWS\ERUNT

2013-12-17 12:56 - 2009-12-17 22:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-17 12:53 - 2010-12-11 12:11 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\vlc

2013-12-17 12:02 - 2013-12-12 22:47 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-12-17 12:00 - 2005-12-05 23:49 - 01970599 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-17 11:59 - 2013-12-17 11:59 - 00000795 _____ C:\WINDOWS\setupapi.log

2013-12-17 11:58 - 2013-12-17 11:58 - 00000000 ____D C:\WINDOWS\34949BB008BB4407882F164EB49E335B.TMP

2013-12-17 11:44 - 2013-12-17 10:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-12-17 11:44 - 2013-12-17 10:56 - 00000000 ____D C:\Documents and Settings\HP_Owner\Desktop\mbar

2013-12-17 10:56 - 2013-12-17 10:56 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-12-17 09:49 - 2013-07-13 13:13 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2013-12-17 09:03 - 2012-05-13 17:33 - 00000384 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job

2013-12-17 09:02 - 2005-12-05 23:27 - 00000159 _____ C:\WINDOWS\wiadebug.log

2013-12-17 09:02 - 2005-12-05 23:27 - 00000050 _____ C:\WINDOWS\wiaservc.log

2013-12-17 09:00 - 2005-12-05 23:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-17 08:59 - 2009-02-02 08:30 - 00391192 _____ C:\aaw7boot.log

2013-12-16 23:56 - 2013-10-13 23:03 - 01754536 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2013-12-16 23:56 - 2011-02-23 00:02 - 00239646 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2013-12-16 23:56 - 2005-12-05 23:49 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt

2013-12-16 23:55 - 2009-03-17 08:20 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\DMCache

2013-12-16 23:55 - 2006-11-23 11:59 - 00000178 ___SH C:\Documents and Settings\HP_Owner\ntuser.ini

2013-12-15 23:57 - 2011-02-23 00:02 - 00858460 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1204338572-3486657494-2385282498-1008-0.dat

2013-12-15 23:57 - 2011-01-27 16:54 - 00196608 _____ C:\WINDOWS\system32\config\ACEEvent.evt

2013-12-15 22:21 - 2012-11-01 20:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2013-12-14 14:20 - 2005-12-05 23:35 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl

2013-12-14 14:17 - 2006-04-29 18:19 - 00000000 __SHD C:\Documents and Settings\NetworkService

2013-12-14 14:06 - 2013-12-14 14:06 - 00026982 _____ C:\ComboFix.txt

2013-12-14 14:06 - 2013-12-14 13:37 - 00000000 ____D C:\Qoobox

2013-12-14 14:04 - 2013-12-14 13:36 - 00000000 ____D C:\WINDOWS\erdnt

2013-12-14 13:57 - 2005-12-05 23:24 - 00000227 _____ C:\WINDOWS\system.ini

2013-12-14 13:54 - 2013-12-14 13:54 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\system.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\software.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG

2013-12-14 13:54 - 2013-12-14 13:54 - 00000000 ____H C:\WINDOWS\system32\config\default.tmp.LOG

2013-12-14 13:54 - 2005-12-05 23:49 - 39845888 _____ C:\WINDOWS\system32\config\software.bak

2013-12-14 13:54 - 2005-12-05 23:49 - 08126464 _____ C:\WINDOWS\system32\config\system.bak

2013-12-14 13:54 - 2005-12-05 23:49 - 05242880 _____ C:\WINDOWS\system32\config\default.bak

2013-12-14 13:54 - 2005-12-05 23:49 - 00094208 _____ C:\WINDOWS\system32\config\SECURITY.bak

2013-12-14 13:54 - 2005-12-05 23:49 - 00024576 _____ C:\WINDOWS\system32\config\SAM.bak

2013-12-14 13:53 - 2006-11-23 11:59 - 00000000 ____D C:\Documents and Settings\HP_Owner

2013-12-14 13:42 - 2013-12-14 13:41 - 00000000 _RSHD C:\cmdcons

2013-12-14 13:42 - 2005-12-06 19:57 - 00000327 __RSH C:\boot.ini

2013-12-14 13:31 - 2009-03-17 08:20 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\IDM

2013-12-13 19:38 - 2013-12-13 19:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth

2013-12-13 16:56 - 2013-12-13 16:56 - 00014748 _____ C:\Documents and Settings\HP_Owner\My Documents\dds 2.txt

2013-12-13 16:55 - 2013-12-13 16:55 - 00027403 _____ C:\Documents and Settings\HP_Owner\My Documents\dds.txt

2013-12-13 15:46 - 2013-12-13 15:46 - 00052628 _____ C:\Documents and Settings\HP_Owner\My Documents\CheckResults.txt

2013-12-12 22:46 - 2006-11-23 13:40 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-12-12 22:17 - 2013-12-12 22:16 - 00000000 ____D C:\WINDOWS\CD27142034CF47DC80B7C409B6CD0DD8.TMP

2013-12-12 22:17 - 2013-08-22 21:57 - 00000000 ____D C:\WINDOWS\471D8B37C5B344579FA1B3C693334F4F.TMP

2013-12-12 22:15 - 2013-11-30 21:16 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Spotify

2013-12-12 21:42 - 2013-11-30 21:17 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Spotify

2013-12-11 23:38 - 2013-10-13 11:36 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2013-12-11 10:35 - 2005-12-05 23:34 - 00268600 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-11 09:58 - 2012-07-11 16:37 - 00000000 ____D C:\WINDOWS\ie8updates

2013-12-11 09:57 - 2013-12-11 09:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$

2013-12-11 09:57 - 2013-12-11 09:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$

2013-12-11 09:57 - 2013-08-13 16:23 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-12-11 09:57 - 2007-02-17 13:34 - 00875558 _____ C:\WINDOWS\system32\TZLog.log

2013-12-11 09:52 - 2006-11-23 15:49 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$

2013-12-11 09:51 - 2013-12-11 09:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$

2013-12-10 22:21 - 2012-10-11 18:38 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-12-10 22:21 - 2012-10-11 18:38 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2013-12-10 15:56 - 2006-11-23 14:51 - 00000000 ____D C:\Documents and Settings\HP_Owner\My Documents\Unused desktop icons

2013-12-10 13:42 - 2006-12-03 15:25 - 00244736 _____ C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-12-09 10:40 - 2006-11-23 12:18 - 00000281 _____ C:\Boot.bak

2013-12-09 10:40 - 2005-12-05 23:32 - 00000627 _____ C:\WINDOWS\win.ini

2013-12-04 09:00 - 2011-02-16 21:13 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

2013-12-01 11:18 - 2006-11-23 17:45 - 00000000 ____D C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Adobe

2013-11-30 21:17 - 2013-11-30 21:17 - 00001876 _____ C:\Documents and Settings\HP_Owner\Start Menu\Programs\Spotify.lnk

2013-11-30 21:17 - 2013-11-30 21:17 - 00001870 _____ C:\Documents and Settings\HP_Owner\Desktop\Spotify.lnk

2013-11-29 18:15 - 2011-01-25 16:23 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2013-11-25 16:45 - 2013-08-27 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

2013-11-25 16:41 - 2010-05-20 16:49 - 00000000 ____D C:\Program Files\CCleaner

2013-11-23 11:58 - 2012-10-20 15:14 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

2013-11-22 19:30 - 2006-04-29 18:41 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2013-11-22 19:29 - 2007-11-29 17:40 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Canon

2013-11-21 17:09 - 2008-07-08 12:23 - 00000000 ____D C:\Documents and Settings\HP_Owner\Application Data\Skype

2013-11-21 14:16 - 2013-11-20 12:05 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2013-11-20 16:44 - 2007-05-27 13:49 - 00000000 ____D C:\Documents and Settings\HP_Owner\My Documents\Passwords and Licences

2013-11-20 12:06 - 2008-07-08 12:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

2013-11-20 12:05 - 2013-11-20 12:05 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-11-20 12:05 - 2013-11-20 12:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

2013-11-20 12:05 - 2011-01-03 11:09 - 00000000 ___RD C:\Program Files\Skype

2013-11-20 07:17 - 2009-03-17 08:19 - 00000000 ____D C:\Program Files\Internet Download Manager

2013-11-17 15:20 - 2008-08-04 10:53 - 00354304 __SHC C:\Documents and Settings\HP_Owner\My Documents\Thumbs.db

2013-11-17 11:22 - 2013-11-19 23:28 - 00445930 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20131119-232837.backup

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

_______________

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2013 01

Ran by HP_Owner at 2013-12-17 18:30:10

Running from C:\Documents and Settings\HP_Owner\My Documents\Downloads\Programs

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Internet Security (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0)

Adobe AIR (Version: 3.9.0.1210)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)

Adobe Flash Player 11 Plugin (Version: 11.9.900.170)

Adobe Reader XI (11.0.05) (Version: 11.0.05)

Apple Application Support (Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (Version: 2.1.3.127)

ArcSoft PhotoBase 3

ArcSoft PhotoStudio 5

ATI - Software Uninstall Utility (Version: 6.14.10.1022)

ATI Catalyst Control Center (Version: 2.010.0210.2338)

ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)

avast! Internet Security (Version: 9.0.2006)

BBC iPlayer Desktop (Version: 3.2.15)

Belkin F5D8053 N Wireless USB Adapter (Version: 2.0.0.08)

Bonjour (Version: 3.0.0.10)

Canon CanoScan Toolbox 4.1

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)

Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)

Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)

Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)

Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)

Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)

Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)

CCC Help Chinese Standard (Version: 2010.0210.2338.42455)

CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)

CCC Help Czech (Version: 2010.0210.2338.42455)

CCC Help Danish (Version: 2010.0210.2338.42455)

CCC Help Dutch (Version: 2010.0210.2338.42455)

CCC Help English (Version: 2010.0210.2338.42455)

CCC Help Finnish (Version: 2010.0210.2338.42455)

CCC Help French (Version: 2010.0210.2338.42455)

CCC Help German (Version: 2010.0210.2338.42455)

CCC Help Greek (Version: 2010.0210.2338.42455)

CCC Help Hungarian (Version: 2010.0210.2338.42455)

CCC Help Italian (Version: 2010.0210.2338.42455)

CCC Help Japanese (Version: 2010.0210.2338.42455)

CCC Help Korean (Version: 2010.0210.2338.42455)

CCC Help Norwegian (Version: 2010.0210.2338.42455)

CCC Help Polish (Version: 2010.0210.2338.42455)

CCC Help Portuguese (Version: 2010.0210.2338.42455)

CCC Help Russian (Version: 2010.0210.2338.42455)

CCC Help Spanish (Version: 2010.0210.2338.42455)

CCC Help Swedish (Version: 2010.0210.2338.42455)

CCC Help Thai (Version: 2010.0210.2338.42455)

CCC Help Turkish (Version: 2010.0210.2338.42455)

ccc-core-preinstall (Version: 2010.0210.2339.42455)

ccc-core-static (Version: 2010.0210.2339.42455)

ccc-utility (Version: 2010.0210.2339.42455)

CCleaner (Version: 4.08)

CDisplay 1.8

Critical Update for Windows Media Player 11 (KB959772)

Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)

DivX Setup (Version: 1.0.1.5)

DocumentViewer (Version: 53.0.13.000)

DocumentViewerQFolder (Version: 1.00.0000)

DownloadX ActiveX Download Control 1.6.5

Enhanced Multimedia Keyboard Solution

EPSON PhotoQuicker3.4

EPSON PRINT Image Framer Tool2.0

EPSON Printer Software

ESET Online Scanner v3

Foxit PDF Editor

Free File Viewer 2011

Google Chrome (Version: 31.0.1650.63)

Google Earth (Version: 4.3.7204.836)

Google Earth Plug-in (Version: 7.1.2.2041)

Google Gmail Notifier

Google Update Helper (Version: 1.3.22.3)

Haali Media Splitter

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)

HijackThis 1.99.0 (Version: 1.99.0)

HP Boot Optimizer (Version: 2.0.5.1)

HP Deskjet Printer Preload (Version: 10.1.0)

HP Document Viewer 5.3 (Version: 5.3)

HP DVD Play 1.0

HP Product Assistant (Version: 100.000.001.000)

HP Product Detection (Version: 11.14.0001)

HP Product Detection (Version: 11.15.0009)

HP Update (Version: 5.005.000.002)

HPProductAssistant (Version: 53.0.13.000)

HpSdpAppCoreApp (Version: 3.00.0000)

Internet Download Manager

Internet Services (Version: FE UI-1.0.0.1680)

IrfanView (remove only) (Version: 4.32)

iTunes (Version: 11.1.1.11)

J2SE Runtime Environment 5.0 Update 5 (Version: 1.5.0.50)

Java 7 Update 45 (Version: 7.0.450)

Java Auto Updater (Version: 2.1.9.8)

Java 6 Update 22 (Version: 6.0.220)

LightScribe 1.4.62.1 (Version: 1.4.62.1)

MailWasher Pro

MailWasherPro (Version: 7.2.0)

MailWasherPro (Version: 7.3.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Manual CanoScan LiDE 80

Matroska Pack - Lazy Man's MKV 0.9.9

MediaStore PlayFLV

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft LifeCam (Version: 1.40.164.0)

Microsoft National Language Support Downlevel APIs

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Works (Version: 08.04.0623)

MSN

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

OmniPage SE (Version: 11.00.0001)

OpenOffice 4.0.1 (Version: 4.01.9714)

PC Wizard 2008.1.871

PC-Doctor 5 for Windows (Version: 5.00.3311.03)

PerformanceTest v6.1 (Version: 6.1)

PIF DESIGNER2.0

PowerISO (Version: 4.7)

Presto! PageManager 6.03

PS2

Recuva (Version: 1.39)

Samsung_MonSetup (Version: 1.00.0000)

ScanToWeb

Serif PagePlus SE 1.0 (Version: 1.00)

Skins (Version: 2010.0210.2339.42455)

Skype Click to Call (Version: 6.4.11328)

Skype™ 6.1 (Version: 6.1.129)

SopCast 3.2.4 (Version: 3.2.4)

SpeedTouch USB Software

Spotify (HKCU Version: 0.9.6.81.gd359a796)

Spybot - Search & Destroy (Version: 1.6.2)

TomTom HOME (Version: 2.9.7)

TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 7 (KB976749) (Version: 1)

Update for Windows Internet Explorer 7 (KB980182) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB2863058) (Version: 1)

Update for Windows XP (KB2904266) (Version: 1)

Update for Windows XP (KB951072-v2) (Version: 2)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB955839) (Version: 1)

Update for Windows XP (KB967715) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)

Veetle TV (Version: 0.9.18)

Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)

VLC media player 2.1.2 (Version: 2.1.2)

WebFldrs XP (Version: 9.50.7523)

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) (Version: 02/23/2007 2.5.0.0)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)

Windows Internet Explorer 7 (Version: 20061107.210142)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Media Format 11 runtime

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Windows PowerShell 1.0 (Version: 2)

Windows XP Service Pack 3 (Version: 20080414.031525)

WinRAR archiver

YapPhone

==================== Restore Points =========================

19-09-2013 13:58:39 System Checkpoint

20-09-2013 14:55:56 System Checkpoint

21-09-2013 15:09:32 System Checkpoint

22-09-2013 15:23:15 System Checkpoint

23-09-2013 15:56:27 System Checkpoint

24-09-2013 16:33:46 System Checkpoint

25-09-2013 18:21:33 System Checkpoint

26-09-2013 18:51:13 System Checkpoint

27-09-2013 20:27:14 System Checkpoint

28-09-2013 22:11:06 System Checkpoint

30-09-2013 09:34:44 System Checkpoint

01-10-2013 10:04:13 System Checkpoint

02-10-2013 12:32:00 System Checkpoint

03-10-2013 12:43:47 System Checkpoint

04-10-2013 13:04:28 System Checkpoint

05-10-2013 16:54:51 System Checkpoint

06-10-2013 18:58:15 System Checkpoint

07-10-2013 21:38:26 System Checkpoint

09-10-2013 09:41:09 System Checkpoint

09-10-2013 21:46:34 Software Distribution Service 3.0

11-10-2013 07:09:53 System Checkpoint

12-10-2013 07:39:50 System Checkpoint

12-10-2013 22:20:22 Removed Apple Software Update

12-10-2013 22:21:19 Removed Apple Application Support

13-10-2013 11:56:28 Installed iTunes

13-10-2013 20:13:04 Software Distribution Service 3.0

14-10-2013 20:25:32 System Checkpoint

16-10-2013 10:42:04 System Checkpoint

17-10-2013 10:43:12 System Checkpoint

18-10-2013 12:09:21 System Checkpoint

19-10-2013 12:46:10 System Checkpoint

20-10-2013 15:53:52 System Checkpoint

21-10-2013 07:50:16 Installed Java 7 Update 45

21-10-2013 21:49:50 avast! antivirus system restore point

22-10-2013 23:24:12 System Checkpoint

24-10-2013 10:22:11 System Checkpoint

25-10-2013 11:45:23 System Checkpoint

25-10-2013 12:17:47 avast! antivirus system restore point

26-10-2013 07:35:42 avast! antivirus system restore point

26-10-2013 07:37:17 avast! antivirus system restore point

27-10-2013 08:19:12 System Checkpoint

28-10-2013 08:44:04 System Checkpoint

29-10-2013 10:57:41 System Checkpoint

30-10-2013 11:48:14 System Checkpoint

31-10-2013 12:30:12 System Checkpoint

01-11-2013 15:25:39 System Checkpoint

02-11-2013 16:36:47 System Checkpoint

03-11-2013 17:32:19 System Checkpoint

04-11-2013 19:44:31 System Checkpoint

05-11-2013 20:31:44 System Checkpoint

07-11-2013 11:40:31 System Checkpoint

08-11-2013 13:31:47 System Checkpoint

09-11-2013 14:10:44 System Checkpoint

09-11-2013 15:21:14 Removed OpenOffice.org 3.3

09-11-2013 15:23:18 Installed OpenOffice 4.0.1

10-11-2013 15:35:11 System Checkpoint

11-11-2013 19:26:15 System Checkpoint

12-11-2013 19:48:14 System Checkpoint

13-11-2013 13:51:15 Software Distribution Service 3.0

13-11-2013 15:56:30 Software Distribution Service 3.0

14-11-2013 09:24:05 Installed MailWasherPro

15-11-2013 11:57:51 System Checkpoint

16-11-2013 13:23:54 System Checkpoint

17-11-2013 18:37:49 System Checkpoint

18-11-2013 19:08:28 System Checkpoint

19-11-2013 20:15:48 System Checkpoint

20-11-2013 11:54:57 Removed Skype™ 6.10

20-11-2013 11:56:15 Removed Skype Click to Call

21-11-2013 15:02:25 System Checkpoint

22-11-2013 16:03:29 System Checkpoint

23-11-2013 17:31:12 System Checkpoint

24-11-2013 18:49:22 System Checkpoint

25-11-2013 19:07:36 System Checkpoint

26-11-2013 21:30:58 System Checkpoint

27-11-2013 22:22:29 System Checkpoint

29-11-2013 10:55:20 System Checkpoint

30-11-2013 11:12:36 System Checkpoint

01-12-2013 12:04:53 System Checkpoint

02-12-2013 12:28:22 System Checkpoint

03-12-2013 12:32:51 System Checkpoint

04-12-2013 13:07:11 System Checkpoint

05-12-2013 14:16:53 System Checkpoint

06-12-2013 14:43:27 System Checkpoint

07-12-2013 15:27:48 System Checkpoint

08-12-2013 16:20:12 System Checkpoint

09-12-2013 16:35:38 System Checkpoint

10-12-2013 17:53:30 System Checkpoint

11-12-2013 09:49:01 Software Distribution Service 3.0

12-12-2013 10:39:38 System Checkpoint

12-12-2013 22:16:58 Removed RegHunter

12-12-2013 22:17:59 Removed SpyHunter

12-12-2013 22:47:19 Installed SpyHunter

13-12-2013 09:02:06 Software Distribution Service 3.0

14-12-2013 10:39:03 System Checkpoint

15-12-2013 10:56:42 System Checkpoint

16-12-2013 11:33:06 System Checkpoint

17-12-2013 11:58:32 Removed SpyHunter

==================== Hosts content: ==========================

2004-08-04 11:00 - 2013-12-14 13:55 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-17 09:04 - 2013-12-17 08:09 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121700\algo.dll

2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-21 21:55 - 2013-10-21 21:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2005-11-24 21:24 - 2005-11-24 21:24 - 00053248 _____ () C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll

2005-11-24 21:22 - 2005-11-24 21:22 - 00023552 _____ () C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll

2006-11-28 22:29 - 2006-12-03 14:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll

2004-08-04 11:00 - 2008-04-14 00:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2004-08-04 11:00 - 2008-04-14 00:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2013-12-05 14:02 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 14:02 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 14:02 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (12/12/2013 10:52:19 PM) (Source: Application Hang) (User: )

Description: Hanging application SpyHunter4.exe, version 4.16.5.4290, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/12/2013 10:52:19 PM) (Source: Application Hang) (User: )

Description: Hanging application SpyHunter4.exe, version 4.16.5.4290, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/11/2013 10:36:36 AM) (Source: PerfNet) (User: )

Description: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Error: (12/10/2013 11:47:48 PM) (Source: PerfNet) (User: )

Description: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Error: (12/10/2013 11:46:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 734765

Error: (12/10/2013 11:46:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 734765

Error: (12/10/2013 11:46:07 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 11:45:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 719125

Error: (12/10/2013 11:45:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 719125

Error: (12/10/2013 11:45:51 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (12/17/2013 11:59:03 AM) (Source: Service Control Manager) (User: )