Enfrance Posted January 16, 2014 ID:778647 Share Posted January 16, 2014 Whilst trying to resolve a problem on my hard drive (possibly dodgy sectors) and had finished saving all my data to Dropbox and after I downloaded a disc checker program I found that even when my computer was not being used it was apparently uploading/downloading something on the internet. I found this via NetMeter which shows a constant signal of yellow (the colour when uploading and downloading combines in the display) of around 0.7KiB/s which whilst not much it is a big irritation as I have no idea why it is happening. In Task Manager Networking (XP) it shows as a regular bleep up to about 1% to 2%. In Performance the CPU usage is only about 1% and the PF usage is constant at 1.17GB. I have no idea what that means but perhaps it is significant. Having researched this I see that in Task Manager that CCC.exe is active when all other programs are quiet. I do have ATI installed - it came with the computer. My dilemma is that Malwarebytes doesn't find anything wrong so I'm at a loss to know if it is CCC.exe causing the traffic on my interent connection and more importantly whether there is a virus at work. Any advice would be very gratefully received. Link to post Share on other sites More sharing options...
Enfrance Posted January 19, 2014 Author ID:780038 Share Posted January 19, 2014 Whilst waiting for a reply here I posted another message which to please ignore as I will wait to see if someone can help on here. These are the two logs asked for on the other thread. DDS DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.51.2Run by MikeB at 19:45:27 on 2014-01-19.============== Running Processes ================.C:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\APC\PowerChute Personal Edition\mainserv.exeC:\Program Files\Allway Sync\Bin\SyncService.exeC:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Program Files\Macrium\Reflect\ReflectService.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\Program Files\Secunia\PSI\PSIA.exeC:\WINDOWS\system32\cryptainersrv.exeC:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\APC\PowerChute Personal Edition\dataserv.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\Program Files\TeamViewer\Version8\TeamViewer.exeC:\Program Files\TeamViewer\Version8\tv_w32.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Allway Sync\Bin\syncappw.exeC:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\APC\PowerChute Personal Edition\apcsystray.exeC:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exeC:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exeC:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exeC:\Program Files\Microsoft Office\Office\WINWORD.EXEC:\Program Files\NetMeter\NetMeter.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllBHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dllTB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Allway Sync] "c:\program files\allway sync\bin\syncappw.exe" -muRun: [Zoner Photo Studio Service 16] "c:\program files\zoner\photo studio 16\program32\zpstray.exec:\program files\zoner\photo studio 16\program32\ZPSService.exe"uRun: [Zoner Photo Studio Autoupdate] "c:\program files\zoner\photo studio 16\program32\ZPSTRAY.EXE"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [RTHDCPL] RTHDCPL.EXEmRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exemRun: [Maxtor Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"mRun: [Display] c:\program files\apc\powerchute personal edition\DataCollectionLauncher.exemRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGamingmRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -smRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exemRun: [Wondershare Helper Compact] "c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe"mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /noguimRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeLSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dllNotify: AtiExtEvent - Ati2evxx.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLLSA: Authentication Packages = msv1_0 relog_ap.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mikeb\application data\mozilla\firefox\profiles\qd167hvd.default-1380204116140\FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll.============= SERVICES / DRIVERS ===============.R? Ambfilt;AmbfiltR? androidusb;Google Device DriverR? BBSvc;BingBar ServiceR? becldr3Service;BCL EasyConverter SDK 3 LoaderR? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86R? cpuz132;cpuz132R? CXPLRCAP;Capture DeviceR? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)R? esgiguard;esgiguardR? KEYBOARDWDFilter;KEYBOARDWDFilterR? nosGetPlusHelper;getPlus® Helper 3004R? RTL8192cu;Surf Wireless Micro USB AdapterR? sdAuxService;PC Tools Auxiliary ServiceR? sdCoreService;PC Tools Security ServiceR? Secunia Update Agent;Secunia Update AgentR? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)R? WinRM;Windows Remote Management (WS-Management)R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0S? !SASCORE;SAS Core ServiceS? APC Data Service;APC Data ServiceS? aswMonFlt;aswMonFltS? aswRvrt;avast! RevertS? aswSnx;aswSnxS? aswSP;aswSPS? aswVmm;avast! VM MonitorS? avast! Antivirus;avast! AntivirusS? BBUpdate;BBUpdateS? BotkindSyncService;Botkind ServiceS? Browser Defender Update Service;Browser Defender Update ServiceS? LBeepKE;Logitech Beep Suppression DriverS? LEqdUsb;Logitech SetPoint Unifying KMDF USB FilterS? LHidEqd;Logitech SetPoint Unifying KMDF HID FilterS? MaxSch2Svc;Maxtor Scheduler2 ServiceS? PCTBD;PC Tools Browser Defender DriverS? PCTCore;PCTools KDSS? pctDS;PC Tools Data StoreS? pctEFA;PC Tools Extended File AttributesS? PCTSD;PC Tools Spyware Doctor DriverS? PSI;PSIS? pssnap;Paramount Software Snapshot FilterS? ReflectService.exe;Macrium Reflect Image Mounting ServiceS? SASDIFSV;SASDIFSVS? SASKUTIL;SASKUTILS? Secunia PSI Agent;Secunia PSI AgentS? ssoftnt4;ssoftnt4S? TeamViewer8;TeamViewer 8S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)S? WsAudio_DeviceS(5);WsAudio_DeviceS(5).=============== Created Last 30 ================.2014-01-18 14:10:14 145408 ----a-w- c:\windows\system32\javacpl.cpl2014-01-18 14:10:03 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2014-01-18 13:08:35 -------- d-----w- c:\windows\system32\wbem\repository\FS2014-01-18 13:08:35 -------- d-----w- c:\windows\system32\wbem\Repository2014-01-18 13:02:46 -------- d-----w- c:\program files\Cryptainer2014-01-18 13:02:46 -------- d-----w- c:\program files\ClockworkMod2014-01-18 13:01:42 -------- d-----w- c:\documents and settings\all users\application data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 12:52:44 -------- d-----w- c:\windows\system32\NtmsData2014-01-13 14:46:15 -------- d-----w- c:\program files\Western Digital Corporation2014-01-10 16:13:42 907496 ----a-w- c:\windows\system32\drivers\RTL8192cu.sys2014-01-10 16:13:42 -------- d-----w- c:\windows\OPTIONS2014-01-10 16:13:35 451072 ------w- c:\windows\system32\ISSRemoveSP.exe2014-01-10 16:13:35 -------- d-----w- c:\program files\Belkin2014-01-08 20:34:38 -------- d-----w- c:\program files\NETGEAR2014-01-07 15:33:33 -------- d-----w- C:\boot2014-01-07 15:33:04 -------- d-----w- c:\program files\Macrium2014-01-07 13:50:39 -------- d-----w- c:\documents and settings\all users\application data\Macrium2013-12-21 06:04:22 225656 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2013-12-21 06:04:22 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2014-01-18 13:57:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2014-01-18 13:57:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-01-11 07:49:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys2014-01-02 20:01:39 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-01-02 20:01:39 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-01-02 20:01:39 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-01-02 20:01:38 43152 ----a-w- c:\windows\avastSS.scr2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2013-11-18 16:11:18 9145344 ----a-w- c:\program files\common files\lpuninstall.exe2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-11-04 13:48:13 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-10-31 06:46:14 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57:33 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll2004-09-10 12:40:38 75264 ----a-w- c:\program files\DECCHECK.exe2005-09-13 19:36:00 172544 --sha-w- c:\windows\system32\nfpesys.exe.============= FINISH: 19:45:57.10 =============== Attach.txt .==== Installed Programs ======================.Adobe AIRAdobe Bridge 1.0Adobe Common File InstallerAdobe Download ManagerAdobe Flash Player 11 ActiveXAdobe Flash Player 12 PluginAdobe Help Center 1.0Adobe Photoshop CSAdobe Photoshop CS2Adobe Reader XI (11.0.06)Adobe Stock Photos 1.0Allway Sync version 14.0.1Amazon KindleAmazon MP3 Downloader 1.0.9Apple Application SupportArcSoft ShowBizavast! Free AntivirusB-Folders 3BBC iPlayer DesktopBCL easyConverter SDK 1.0.0 ModuleBCL easyConverter SDK 3 (Word Version)BeaconBelarc Advisor 8.2Belkin F7D1102 Surf Wireless Micro USB AdapterBing BarBing Maps 3DBrowser Guard 4.0Canon iX4000Canon Setup Utility 2.1Canon Utilities Easy-PhotoPrintCanon Utilities Easy-PrintToolBoxCarbonCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utilityCCC Help EnglishCCleanerCharting Companion 3.0 for Family Tree Maker®ClearType Tuning Control Panel AppletCompatibility Pack for the 2007 Office systemConvertHelper 2.2Creative Jukebox DriverCreative MediaSourceCreative Removable Disk ManagerCreative System InformationCreative Zen MicroCryptainer DriversCyberLink Holiday Pack Vol.4 for PowerDirectorCyberLink PowerDirector 11CyberLink PowerDirector 11 Content Pack EssentialCyberLink PowerDirector 11 Content Pack PremiumCyberLink WaveEditor 2Driver Install 32bitDropboxDVD Profiler Version 3.8.1Easy-WebPrintEPSON ScaneRegFamily Tree Maker 2012Family Tree Maker 2014FastStone Image Viewer 4.9File Shredder 2.5Focus MP3 Recorder Pro 4.0Folder Password Expert USB 2.1.0.6FoxyTunes for FirefoxFreeOCR v4.2Genbox Family History 3.7.1Google Calendar SyncGoogle EarthGoogle Update HelperHigh Definition Audio Driver Package - KB888111Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB915800-v4)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB954708)Hotfix for Windows XP (KB959765)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB976002-v5)Hotfix for Windows XP (KB981793)hp deskjet 970c series (Remove only)Java 7 Update 51Java Auto UpdaterJunk Mail filter updateKaren's Directory PrinterLagarith lossless video codec (Remove Only)LastPass (uninstall only)Legacy 7.5Lizardtech DjVu ControlLogitech SetPoint 6.51Macrium Reflect Standard EditionMalwarebytes Anti-Malware version 1.75.0.1300Maxtor MaxBlastMedia PreviewMediaMonkey 4.0Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB2833941)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Base Smart Card Cryptographic Service Provider PackageMicrosoft Choice GuardMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft IntelliType Pro 7.0Microsoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft MoneyMicrosoft Money 98Microsoft National Language Support Downlevel APIsMicrosoft Office 2000 PremiumMicrosoft Primary Interoperability Assemblies 2005Microsoft SilverlightMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Windows XP Video Decoder Checkup UtilityMicrosoft WSE 3.0Mozilla Firefox 26.0 (x86 en-GB)Mozilla Maintenance ServiceMozilla Thunderbird 24.0.1 (x86 en-GB)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)MyDriveConnect 3.3.0.1342NetMeter 1.1.3Newblue Art Effects for PowerDirectorNIKON IMAGE SPACE UPLOADERNikon Message Center 2NVIDIA DriversPaint.NET v3.5.10PC Tools Spyware Doctor 9.0PDF OCR X Community EditionPicture Control UtilityPolderbitS Sound Recorder and EditorPowerChute Personal Edition 3.0.2PrivacyHarbor BeaconQuickTimeRadioSureRealtek High Definition Audio DriverRoom ArrangerSAMSUNG Intelli-studioSamsung KiesSAMSUNG USB Driver for Mobile PhonesSecunia PSI (3.0.0.6001)Security Task Manager 1.8cSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Windows (KB2564958)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2586448)Security Update for Windows Internet Explorer 7 (KB2618444)Security Update for Windows Internet Explorer 7 (KB2647516)Security Update for Windows Internet Explorer 7 (KB2675157)Security Update for Windows Internet Explorer 7 (KB2699988)Security Update for Windows Internet Explorer 7 (KB938127-v2)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2722913)Security Update for Windows Internet Explorer 8 (KB2744842)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2846071)Security Update for Windows Internet Explorer 8 (KB2847204)Security Update for Windows Internet Explorer 8 (KB2862772)Security Update for Windows Internet Explorer 8 (KB2870699)Security Update for Windows Internet Explorer 8 (KB2879017)Security Update for Windows Internet Explorer 8 (KB2888505)Security Update for Windows Internet Explorer 8 (KB2898785)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB2834904-v2)Security Update for Windows Media Player (KB2834904)Security Update for Windows Media Player (KB2845142)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player (KB979402)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Search 4 - KB963093Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2183461)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360131)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2416400)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2482017)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2709162)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2731847)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB2808735)Security Update for Windows XP (KB2813170)Security Update for Windows XP (KB2813345)Security Update for Windows XP (KB2820197)Security Update for Windows XP (KB2820917)Security Update for Windows XP (KB2829361)Security Update for Windows XP (KB2834886)Security Update for Windows XP (KB2839229)Security Update for Windows XP (KB2845187)Security Update for Windows XP (KB2847311)Security Update for Windows XP (KB2849470)Security Update for Windows XP (KB2850851)Security Update for Windows XP (KB2850869)Security Update for Windows XP (KB2859537)Security Update for Windows XP (KB2862152)Security Update for Windows XP (KB2862330)Security Update for Windows XP (KB2862335)Security Update for Windows XP (KB2864063)Security Update for Windows XP (KB2868038)Security Update for Windows XP (KB2868626)Security Update for Windows XP (KB2876217)Security Update for Windows XP (KB2876315)Security Update for Windows XP (KB2876331)Security Update for Windows XP (KB2883150)Security Update for Windows XP (KB2892075)Security Update for Windows XP (KB2893294)Security Update for Windows XP (KB2893984)Security Update for Windows XP (KB2898715)Security Update for Windows XP (KB2900986)Security Update for Windows XP (KB2914368)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923789)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982381)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Segoe UISerif CraftArtistSerif MoviePlus Starter EditionSerif MoviePlus Starter Edition Codec PackSerif PagePlus Starter EditionSerif PagePlus: Brochure Template Pack 1Serif PagePlus: Business Card Template Pack 1Serif PagePlus: Home Stationery Template Pack - FishingSerif PanoramaPlus X4Serif Photo ProjectsSerif PhotoPlus X5SlimCleanerSmartSound Quicktracks 5SpywareBlaster 4.3SUPERAntiSpywareTeamViewer 8The Weather Channel AppTweakNow RegCleaner 2011Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Windows (KB971513)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB2632503)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2492386)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB2863058)Update for Windows XP (KB2904266)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB961503)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)ViewNX 2Visual Studio C++ 10.0 RuntimeVLC media player 2.1.2WebFldrs XPWhisper 32Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-RayWindows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Internet Explorer 8Windows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live SyncWindows Management Framework CoreWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 11Windows Search 4.0Windows XP Service Pack 3Wondershare MobileGo for Android ( Version 4.2.0 )Wondershare Video Converter Ultimate(Build 6.5.1.2)xplorer² lite 32 bitZoner Photo Studio 16.==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 20, 2014 Root Admin ID:780154 Share Posted January 20, 2014 Hello and Please read the following and post back the requested logs.General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
Enfrance Posted January 21, 2014 Author ID:780806 Share Posted January 21, 2014 I'm afraid that when I got to the RogueKiller scan a box from my Avast acount came up to check the file. Then everything froze except for the cursor but even that could not bring the screen to life. I apologise for this as I had forgotten to turn my antivirus off. I went back to the beginning to the start of step 02 and the machine produced this report from RogueKiller. Do hoope I haven't messded things up. RogueKiller V8.1.1 [10/01/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Website: http://tigzy.geekstogo.com/roguekiller.phpBlog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : MikeB [Admin rights]Mode : Scan -- Date : 01/21/2014 11:01:30¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD32 00AAJS-00B4A SCSI Disk Device +++++--- User ---[MBR] cd82c92fe2a715319577e78a32acb14f[bSP] 55a7b3c1c3e6a1e1f251158434c9f168 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 21, 2014 Root Admin ID:780808 Share Posted January 21, 2014 Thank you Please go ahead and run through the following steps and post back the logs when ready. STEP 03 Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04 Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 05 Lets clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.When it's done you'll see: Pending: Please uncheck elements you don't want removed.Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.Look over the log especially under Files/Folders for any program you want to save.If there's a program you may want to save, just uncheck it from AdwCleaner.If you're not sure, post the log for review. (all items found are adware/spyware/foistware)If you're ready to clean it all up.....click the Clean button.After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of that logfile will also be saved in the C:\AdwCleaner folder.Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\QuarantineTo restore an item that has been deleted:Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report. Make sure that everything is checked, and click Remove Selected. STEP 06 Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press the Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
Enfrance Posted January 23, 2014 Author ID:781746 Share Posted January 23, 2014 As the logs are rather long I have posted the two Malwarebyte anti-rootkit logs, the JRT log and the Adw log on this first post and the rest on the next posting. Hope this is OK. Regards, Enfrance. Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.22.04 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702MikeB :: MIKE [administrator] 22/01/2014 09:41:41mbar-log-2014-01-22 (09-41-41).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 244665Time elapsed: 13 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXEDCPU speed: 2.511000 GHzMemory total: 3488915456, free: 2536341504 Host not foundDownloaded database version: v2014.01.22.04Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 01/22/2014 09:21:44------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllfltmgr.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysPartMgr.sysVolSnap.sysatapi.sysnvgts.sys\WINDOWS\system32\DRIVERS\SCSIPORT.SYSdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSpctDS.syssr.sysPCTCore.syspctEFA.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.systimntr.systdrpman.syssnapman.syspssnap.sysMup.sysaswVmm.sysaswRvrt.sys\SystemRoot\system32\DRIVERS\processr.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvnetbus.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\ati2mtag.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\RtkHDAud.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\??\C:\WINDOWS\system32\drivers\aswSP.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\??\C:\WINDOWS\system32\drivers\aswTdi.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\netbt.sys\??\C:\WINDOWS\system32\drivers\aswRdr.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\System32\Drivers\PCTSD.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\System32\Drivers\BANTExt.sys\??\C:\WINDOWS\system32\drivers\aswSnx.sys\SystemRoot\system32\DRIVERS\RTL8192cu.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\LEqdUsb.Sys\SystemRoot\System32\Drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\wdf01000.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvgts.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ati2dvag.dll\SystemRoot\System32\ati2cqag.dll\SystemRoot\System32\atikvmag.dll\SystemRoot\System32\atiok3x2.dll\SystemRoot\System32\ati3duag.dll\SystemRoot\System32\ativvaxx.dll\SystemRoot\System32\ATMFD.DLL\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys\SystemRoot\system32\DRIVERS\tifsfilt.sys\SystemRoot\system32\DRIVERS\AegisP.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\LBeepKE.sys\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\psi_mf.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\System32\Drivers\PCTBD.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk6\DR7Upper Device Object: 0xffffffff8995a030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000092\Lower Device Object: 0xffffffff8a6e01d0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk5\DR6Upper Device Object: 0xffffffff899ed030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000091\Lower Device Object: 0xffffffff89fc9ea0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk4\DR5Upper Device Object: 0xffffffff89a42030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000090\Lower Device Object: 0xffffffff89f5a270Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk3\DR4Upper Device Object: 0xffffffff899b7030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008f\Lower Device Object: 0xffffffff89f381d0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk2\DR3Upper Device Object: 0xffffffff89f2dab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008e\Lower Device Object: 0xffffffff89fdfea0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk1\DR2Upper Device Object: 0xffffffff8a71bab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008d\Lower Device Object: 0xffffffff8a8e21d0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8ae29668Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\Lower Device Object: 0xffffffff8ae36a38Lower Device Driver Name: \Driver\nvgts\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8ae29668, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8adc47f8, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8ae29220, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8ae293e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8ae29668, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ae29e50, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8ae2f940, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8ae36a38, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 49FA46E0 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625121217 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff8a71bab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8aa7d020, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8994fc30, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff899b1990, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a71bab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8aab7db8, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a8e21d0, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff89f2dab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89f4b1c0, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8994fa20, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff89a3b700, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89f2dab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a8cce50, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff89fdfea0, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff899b7030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff899f3020, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8994f770, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff899a7c70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff899b7030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89f3f020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff89f381d0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff89a42030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89fbb1c0, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8994f378, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff899ad898, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89a42030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89f44020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff89f5a270, DeviceName: \Device\00000090\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 512Drive: 5, DevicePointer: 0xffffffff899ed030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a61bdd0, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff89950180, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff89996c70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff899ed030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a9dc020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff89fc9ea0, DeviceName: \Device\00000091\, DriverName: \Driver\usbstor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 5Scanning MBR on drive 5...Inspecting partition table:MBR Signature: 55AADisk Signature: AB95221D Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 64 Numsec = 1953520001 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204885504 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 6, DevicePointer: 0xffffffff8995a030, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89f7c020, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff89958c80, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8998ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8995a030, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ab57378, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a6e01d0, DeviceName: \Device\00000092\, DriverName: \Driver\usbstor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 6Scanning MBR on drive 6...Inspecting partition table:MBR Signature: 55AADisk Signature: AD0FB6 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 781401537 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 400088457216 bytesSector size: 512 bytes Done!Infected: C:\Documents and Settings\MikeB\Local Settings\Temporary Internet Files\Content.IE5\RJ1D2S6O\JRT[1].exe --> [Trojan.P2P.Worm]Scan finishedCreating System Restore point...Cleaning up...Removal scheduling successful. System shutdown needed.System shutdown occurred======================================= Removal queue found; removal startedRemoving C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_r.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXEDCPU speed: 2.511000 GHzMemory total: 3488915456, free: 2905432064 =======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXEDCPU speed: 2.511000 GHzMemory total: 3488915456, free: 2438496256 Initializing...=======================================------------ Kernel report ------------ 01/22/2014 09:41:21------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllimofugc.sysfltmgr.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syscompbatt.sys\WINDOWS\system32\DRIVERS\BATTC.SYSpciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysPartMgr.sysVolSnap.sysatapi.sysnvgts.sys\WINDOWS\system32\DRIVERS\SCSIPORT.SYSdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSpctDS.syssr.sysPCTCore.syspctEFA.sysKSecDD.sysWudfPf.sysNtfs.sysNDIS.systimntr.systdrpman.syssnapman.syspssnap.sysMup.sysaswVmm.sysaswRvrt.sys\SystemRoot\system32\DRIVERS\processr.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\nvnetbus.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\ati2mtag.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\RtkHDAud.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\??\C:\WINDOWS\system32\drivers\aswSP.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\??\C:\WINDOWS\system32\drivers\aswTdi.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\netbt.sys\??\C:\WINDOWS\system32\drivers\aswRdr.sys\SystemRoot\System32\drivers\ws2ifsl.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\System32\Drivers\PCTSD.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\System32\Drivers\BANTExt.sys\??\C:\WINDOWS\system32\drivers\aswSnx.sys\SystemRoot\system32\DRIVERS\RTL8192cu.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\Drivers\LEqdUsb.Sys\SystemRoot\System32\Drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\wdf01000.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\Drivers\LHidEqd.Sys\SystemRoot\system32\DRIVERS\LHidFilt.Sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_nvgts.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\ati2dvag.dll\SystemRoot\System32\ati2cqag.dll\SystemRoot\System32\atikvmag.dll\SystemRoot\System32\atiok3x2.dll\SystemRoot\System32\ati3duag.dll\SystemRoot\System32\ativvaxx.dll\SystemRoot\System32\ATMFD.DLL\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys\SystemRoot\system32\DRIVERS\tifsfilt.sys\SystemRoot\system32\DRIVERS\AegisP.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\mrxdav.sys\SystemRoot\System32\Drivers\LBeepKE.sys\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\psi_mf.sys\SystemRoot\System32\Drivers\Fastfat.SYS\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk6\DR7Upper Device Object: 0xffffffff8a658448Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000092\Lower Device Object: 0xffffffff8aa41da8Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk5\DR6Upper Device Object: 0xffffffff8a6c6030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000091\Lower Device Object: 0xffffffff8a594410Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk4\DR5Upper Device Object: 0xffffffff8a5ad4c0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000090\Lower Device Object: 0xffffffff8a5d0958Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk3\DR4Upper Device Object: 0xffffffff8aa50668Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008f\Lower Device Object: 0xffffffff8a594ea0Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk2\DR3Upper Device Object: 0xffffffff8a5edab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008e\Lower Device Object: 0xffffffff8a594c10Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk1\DR2Upper Device Object: 0xffffffff8aa8e5a0Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008d\Lower Device Object: 0xffffffff8a622930Lower Device Driver Name: \Driver\usbstor\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8adc3030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\Lower Device Object: 0xffffffff8adf1030Lower Device Driver Name: \Driver\nvgts\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8adc3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8adc35f8, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8adc3c80, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8ae2c338, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8adc3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8ae2c888, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8adf1920, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8adf1030, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 49FA46E0 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625121217 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...Done!Physical Sector Size: 0Drive: 1, DevicePointer: 0xffffffff8aa8e5a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8aa4e478, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8a99b198, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8a61d020, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8aa8e5a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a573260, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a622930, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff8a5edab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a8c4570, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8aa86e18, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8a8ac938, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a5edab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6e7020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a594c10, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 3, DevicePointer: 0xffffffff8aa50668, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a7dc740, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8ab33e40, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8a5b99b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8aa50668, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a61b020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a594ea0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 0Drive: 4, DevicePointer: 0xffffffff8a5ad4c0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a7035d0, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8ad9ce90, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff8a8e3020, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a5ad4c0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a59f020, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a5d0958, DeviceName: \Device\00000090\, DriverName: \Driver\usbstor\------------ End ----------Physical Sector Size: 512Drive: 5, DevicePointer: 0xffffffff8a6c6030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89f8b818, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8a9e2268, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff899f2810, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a6c6030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6872f8, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8a594410, DeviceName: \Device\00000091\, DriverName: \Driver\usbstor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 5Scanning MBR on drive 5...Inspecting partition table:MBR Signature: 55AADisk Signature: AB95221D Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 64 Numsec = 1953520001 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204885504 bytesSector size: 512 bytes Done!Physical Sector Size: 512Drive: 6, DevicePointer: 0xffffffff8a658448, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a651478, DeviceName: Unknown, DriverName: \Driver\pssnap\DevicePointer: 0xffffffff8aa703c0, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff899d2810, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a658448, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff899f2640, DeviceName: Unknown, DriverName: \Driver\PCTCore\DevicePointer: 0xffffffff8aa41da8, DeviceName: \Device\00000092\, DriverName: \Driver\usbstor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\snapman\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 6Scanning MBR on drive 6...Inspecting partition table:MBR Signature: 55AADisk Signature: AD0FB6 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 781401537 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 400088457216 bytesSector size: 512 bytes Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_r.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_i.mbam...Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXEDCPU speed: 2.511000 GHzMemory total: 3488915456, free: 2909790208 ======================================= Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.22.04 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: MIKE [administrator] 22/01/2014 09:21:54mbar-log-2014-01-22 (09-21-54).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 244981Time elapsed: 12 minute(s), 10 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Documents and Settings\MikeB\Local Settings\Temporary Internet Files\Content.IE5\RJ1D2S6O\JRT[1].exe (Trojan.P2P.Worm) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Microsoft Windows XP x86Ran by MikeB on 22/01/2014 at 9:58:50.35~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyonSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6} ~~~ Files Successfully deleted: [File] "C:\Documents and Settings\MikeB\appdata\locallow\SkwConfig.bin" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\MikeB\Application Data\getrighttogo" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 22/01/2014 at 10:07:04.03End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.017 - Report created 22/01/2014 at 10:25:44# Updated 12/01/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : MikeB - MIKE# Running from : C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\MikeB\Local Settings\Application Data\PackageAwareFile Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}Key Deleted : HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exeKey Deleted : HKLM\Software\hdcodeKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshieldKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v26.0 (en-GB) [ File : C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\prefs.js ] ************************* AdwCleaner[R0].txt - [4586 octets] - [15/09/2013 13:31:36]AdwCleaner[R1].txt - [4646 octets] - [15/09/2013 13:34:12]AdwCleaner[R2].txt - [1692 octets] - [24/09/2013 15:31:13]AdwCleaner[R3].txt - [1405 octets] - [24/09/2013 15:42:47]AdwCleaner[R4].txt - [2520 octets] - [22/01/2014 10:17:10]AdwCleaner[R5].txt - [2580 octets] - [22/01/2014 10:21:15]AdwCleaner[s0].txt - [4675 octets] - [15/09/2013 13:35:08]AdwCleaner[s1].txt - [1763 octets] - [24/09/2013 15:33:42]AdwCleaner[s2].txt - [1468 octets] - [24/09/2013 15:44:39]AdwCleaner[s3].txt - [2533 octets] - [22/01/2014 10:25:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2593 octets] ########## Link to post Share on other sites More sharing options...
Enfrance Posted January 23, 2014 Author ID:781750 Share Posted January 23, 2014 This starts with the Quick Malwarebytes scan after the Awd scan then the ESET log follows. As this is too long to include the add Addition Farbar log, I have sent it on a third post. Quick scan after the Adwcleaner Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.22.05 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702MikeB :: MIKE [administrator] 22/01/2014 10:35:27mbam-log-2014-01-22 (10-35-27).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 240811Time elapsed: 9 minute(s), 56 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) ESET log C:\AdwCleaner\Quarantine\C\Documents and Settings\MikeB\Application Data\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Documents and Settings\MikeB\Application Data\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir a variant of Win32/Toolbar.Perion.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\acdsee12photomanager-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\ezvid0895.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\Downloads\picajetphotoorganizer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\advanced system care -setup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\asc-setup Systemcare.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\cbsidlm-cbsi134-Wondershare_MobileGo_for_Android-ORG-75444075.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\Charting_Companion.exe a variant of Win32/Toolbar.Conduit.B application deleted - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\acdsee12photomanager-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\cbsidlm-tr1_10a-FreeOCR-ORG-10717191.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\cbsidlm-tr1_13-Smart_Driver_Updater-ORG-75453012.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\driverupdater.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ezvid0895.exe Win32/OpenCandy application cleaned by deleting - quarantinedC:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\picajetphotoorganizer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedI:\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\Downloaded progs for saving\advanced system care -setup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\Downloaded progs for saving\asc-setup Systemcare.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\Downloaded progs for saving\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloaded progs\advanced system care -setup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloaded progs\asc-setup Systemcare.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloaded progs\cbsidlm-cbsi134-Wondershare_MobileGo_for_Android-ORG-75444075.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloaded progs\Charting_Companion.exe a variant of Win32/Toolbar.Conduit.B application deleted - quarantinedI:\My Documents\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\acdsee12photomanager-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\cbsidlm-tr1_10a-FreeOCR-ORG-10717191.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\cbsidlm-tr1_13-Smart_Driver_Updater-ORG-75453012.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup327.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup406.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\driverupdater.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\ezvid0895.exe Win32/OpenCandy application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\picajetphotoorganizer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\SoftonicDownloader_for_microsoft-money.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedI:\My Documents\My Dropbox\Downloads\xplorer2_liteOC_setup.exe Win32/OpenCandy application cleaned by deleting - quarantinedI:\My Dropbox\Downloaded progs\advanced system care -setup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Dropbox\Downloaded progs\asc-setup Systemcare.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedI:\My Dropbox\Downloaded progs\Charting_Companion.exe a variant of Win32/Toolbar.Conduit.B application deleted - quarantinedI:\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting – quarantined ============================================================ Farbar RecoveryScan tool FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01Ran by MikeB (administrator) on MIKE on 22-01-2014 16:35:28Running from C:\Documents and Settings\MikeB\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe() C:\Program Files\Allway Sync\Bin\SyncService.exe(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe() C:\Program Files\CyberLink\Shared files\RichVideo.exe(Secunia) C:\Program Files\Secunia\PSI\psia.exe(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe(Secunia) C:\Program Files\Secunia\PSI\sua.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE() C:\Program Files\NetMeter\NetMeter.exe(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)HKLM\...\Run: [] - [x]HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)Lsa: [Authentication Packages] msv1_0 relog_apStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnkShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnkShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnkShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnkShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.comHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ [] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)S3 Jukebox3; C:\Windows\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [907496 2011-07-06] (Realtek Semiconductor Corporation )R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)S3 W8335XP; C:\Windows\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)U3 Cdisookkwes; No ImagePathS3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]S4 IntelIde; No ImagePathS3 RT73; system32\DRIVERS\rt73.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 taphss; system32\DRIVERS\taphss.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-01-18 15:10 - 2014-01-18 15:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-01-18 15:10 - 2014-01-18 15:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-16 20:05 - 2014-01-21 19:45 - 00033759 _____ C:\WINDOWS\setupapi.log2014-01-15 15:40 - 2014-01-22 13:43 - 00272928 _____ C:\WINDOWS\WindowsUpdate.log2014-01-15 15:40 - 2014-01-22 10:29 - 00000300 _____ C:\WINDOWS\wiadebug.log2014-01-15 15:40 - 2014-01-22 10:28 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin2014-01-10 17:13 - 2011-07-06 03:22 - 00907496 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst ==================== One Month Modified Files and Folders ======= 2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST2014-01-22 16:34 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass2014-01-22 16:19 - 2010-08-05 16:51 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt2014-01-22 15:57 - 2012-04-11 11:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-01-22 15:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-22 14:17 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-22 14:12 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox2014-01-22 13:43 - 2014-01-15 15:40 - 00272928 _____ C:\WINDOWS\WindowsUpdate.log2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:46 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk2014-01-22 10:32 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox2014-01-22 10:29 - 2014-01-15 15:40 - 00000300 _____ C:\WINDOWS\wiadebug.log2014-01-22 10:29 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-22 10:29 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl2014-01-22 10:28 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-22 10:28 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-22 10:27 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini2014-01-22 10:27 - 2010-08-05 03:19 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 19:45 - 2014-01-16 20:05 - 00033759 _____ C:\WINDOWS\setupapi.log2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-21 18:18 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list2014-01-21 18:17 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-01-18 15:09 - 2014-01-18 15:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-01-18 15:09 - 2014-01-18 15:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-01-18 14:57 - 2012-04-11 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-01-18 14:57 - 2011-06-08 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-01-18 14:54 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR2014-01-18 14:38 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 32014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-18 14:21 - 2012-10-16 16:34 - 00727825 _____ C:\WINDOWS\system32\Drivers\Cat.DB2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 20122014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies2014-01-18 14:02 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-13 13:48 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin2014-01-10 17:13 - 2006-02-28 13:00 - 00000722 _____ C:\WINDOWS\win.ini2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner2014-01-05 14:33 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles2014-01-03 09:57 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+2013-12-30 20:20 - 2013-09-15 08:35 - 00001810 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnk Files to move or delete:====================C:\Documents and Settings\MikeB\en_res.dllC:\Documents and Settings\MikeB\es_res.dllC:\Documents and Settings\MikeB\fr_res.dllC:\Documents and Settings\MikeB\grm_res.dllC:\Documents and Settings\MikeB\it_res.dllC:\Documents and Settings\MikeB\jp_res.dllC:\Documents and Settings\MikeB\mfc80u.dllC:\Documents and Settings\MikeB\msvcr80.dllC:\Documents and Settings\MikeB\PCPE Setup.exeC:\Documents and Settings\MikeB\pt_res.dllC:\Documents and Settings\MikeB\ResourceReader.dllC:\Documents and Settings\MikeB\ru_res.dllC:\Documents and Settings\MikeB\zh_res.dll Some content of TEMP:====================C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Enfrance Posted January 23, 2014 Author ID:781751 Share Posted January 23, 2014 Addition text Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-01-2014 01Ran by MikeB at 2014-01-22 16:36:13Running from C:\Documents and Settings\MikeB\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) HiddenAdobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) HiddenAdobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) HiddenAdobe Download Manager (Version: 1.6.2.87 - NOS Microsystems Ltd.)Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) HiddenAdobe Photoshop CS (Version: CS - Adobe Systems, Inc.)Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) HiddenAdobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) HiddenAllway Sync version 14.0.1 (Version: - Botkind Inc)Amazon Kindle (Version: - Amazon)Amazon MP3 Downloader 1.0.9 (Version: - )Apple Application Support (Version: 2.3.4 - Apple Inc.)ArcSoft ShowBiz (Version: 3.5.13.70 - ArcSoft)avast! Free Antivirus (Version: 9.0.2011 - Avast Software)BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.)BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) HiddenBCL easyConverter SDK 1.0.0 Module (Version: 1.0.0.7 - BCL Technologies) HiddenBCL easyConverter SDK 3 (Word Version) (Version: 3.0.64 - BCL Technologies)Beacon (Version: 1.0.0 - PrivacyHarbor) HiddenBelarc Advisor 8.2 (Version: 8.2.1.0 - Belarc Inc.)Belkin F7D1102 Surf Wireless Micro USB Adapter (Version: 1.00.0155 - )B-Folders 3 (HKCU Version: - )Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)Bing Maps 3D (Version: 4.0.903.16005 - Microsoft Corporation)Browser Guard 4.0 (Version: 4.0.0.1606 - PC Tools)Canon iX4000 (Version: - )Canon Setup Utility 2.1 (Version: - )Canon Utilities Easy-PhotoPrint (Version: - )Canon Utilities Easy-PrintToolBox (Version: - )Carbon (Version: 1.0.0 - ClockworkMod)Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662 - ATI) HiddenCatalyst Control Center InstallProxy (Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (Version: 2010.0706.2128.36662 - ATI) HiddenCCC Help English (Version: 2010.0706.2127.36662 - ATI) Hiddenccc-core-static (Version: 2010.0706.2128.36662 - ATI) Hiddenccc-utility (Version: 2010.0706.2128.36662 - ATI) HiddenCCleaner (Version: 4.09 - Piriform)Charting Companion 3.0 for Family Tree Maker® (Version: 3.0 - Progeny Genealogy Inc.)ClearType Tuning Control Panel Applet (Version: 1.01.0000 - Microsoft Corporation)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)ConvertHelper 2.2 (Version: - DownloadHelper)Creative Jukebox Driver (Version: - )Creative MediaSource (Version: 3.00 - )Creative Removable Disk Manager (Version: - )Creative System Information (Version: - )Creative Zen Micro (Version: 1.0 - )Cryptainer Drivers (Version: 7.0 - Cypherix)CyberLink Holiday Pack Vol.4 for PowerDirector (Version: 1.0 - CyberLink Corp.)CyberLink Holiday Pack Vol.4 for PowerDirector (Version: 1.0 - CyberLink Corp.) HiddenCyberLink PowerDirector 11 (Version: 11.0.0.2215 - CyberLink Corp.)CyberLink PowerDirector 11 (Version: 11.0.0.2215 - CyberLink Corp.) HiddenCyberLink PowerDirector 11 Content Pack Essential (Version: 11 - CyberLink Corp.)CyberLink PowerDirector 11 Content Pack Essential (Version: 11 - CyberLink Corp.) HiddenCyberLink PowerDirector 11 Content Pack Premium (Version: 11 - CyberLink Corp.)CyberLink PowerDirector 11 Content Pack Premium (Version: 11 - CyberLink Corp.) HiddenCyberLink WaveEditor 2 (Version: 2.0.3206 - CyberLink Corp.)CyberLink WaveEditor 2 (Version: 2.0.3206 - CyberLink Corp.) HiddenDriver Install 32bit (Version: 6.0.107.0 - None)Driver Install 32bit (Version: 6.0.107.0 - None) HiddenDropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)DVD Profiler Version 3.8.1 (Version: - )Easy-WebPrint (Version: - )EPSON Scan (Version: - )eReg (Version: 1.20.138.34 - Logitech, Inc.) HiddenERUNT 1.1j (Version: - Lars Hederer)Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.)Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) HiddenFamily Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.)Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) HiddenFastStone Image Viewer 4.9 (Version: 4.9 - FastStone Soft)File Shredder 2.5 (Version: - Pow Tools)Focus MP3 Recorder Pro 4.0 (Version: - Focussoft.net)Folder Password Expert USB 2.1.0.6 (Version: 2.1.0.6 - ZQS Software Team)FoxyTunes for Firefox (Version: - )FreeOCR v4.2 (Version: - )Genbox Family History 3.7.1 (Version: - Thoughtful Creations)Google Calendar Sync (Version: - )Google Earth (Version: 7.1.2.2041 - Google)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHigh Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)hp deskjet 970c series (Remove only) (Version: - )Java 7 Update 51 (Version: 7.0.510 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJunk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) HiddenKaren's Directory Printer (Version: 5.3.0.2 - Karen Kenworthy)Lagarith lossless video codec (Remove Only) (Version: - )LastPass (uninstall only) (Version: - LastPass)Legacy 7.5 (Version: 7.5 - Millennia Corporation)Lizardtech DjVu Control (Version: - )Logitech SetPoint 6.51 (Version: 6.51.8 - Logitech)Macrium Reflect Standard Edition (Version: 5.2 - Paramount Software (UK) Ltd.)Macrium Reflect Standard Edition (Version: 5.2.6444 - Paramount Software (UK) Ltd.) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)Maxtor MaxBlast (Version: 11.0.8145 - Maxtor)Media Preview (Version: 1.2.2.169 - BabelSoft)MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.)Microsoft .NET Framework 1.1 (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2698023) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)Microsoft IntelliType Pro 7.0 (Version: 7.0.260.0 - Microsoft)Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Money (Version: 14 - Microsoft)Microsoft Money 98 (Version: - )Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) HiddenMicrosoft Office 2000 Premium (Version: 9.00.2720 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Windows XP Video Decoder Checkup Utility (Version: - )Microsoft WSE 3.0 (Version: 3.0.5305.0 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (Version: 26.0 - Mozilla)Mozilla Thunderbird 24.0.1 (x86 en-GB) (Version: 24.0.1 - Mozilla)MSVCRT (Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)MyDriveConnect 3.3.0.1342 (Version: 3.3.0.1342 - TomTom)NetMeter 1.1.3 (Version: - ReadError)Newblue Art Effects for PowerDirector (Version: 2.0 - NewBlue)NIKON IMAGE SPACE UPLOADER (Version: 1.1 - NIKON CORPORATION)NIKON IMAGE SPACE UPLOADER (Version: 1.1 - NIKON CORPORATION) HiddenNikon Message Center 2 (Version: 2.0.1 - Nikon)NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)PC Tools Spyware Doctor 9.0 (Version: 9.0 - PC Tools)PDF OCR X Community Edition (Version: 1.9.6 - Web Lite Solutions Corp.)Picture Control Utility (Version: 1.2.2 - Nikon)PolderbitS Sound Recorder and Editor (Version: - )PowerChute Personal Edition 3.0.2 (Version: 3.0.2 - Schneider Electric)PrivacyHarbor Beacon (HKCU Version: 1.0.0 - PrivacyHarbor)QuickTime (Version: 7.74.80.86 - Apple Inc.)RadioSure (HKCU Version: - )Realtek High Definition Audio Driver (Version: 5.10.0.6299 - Realtek Semiconductor Corp.)Room Arranger (Version: 7.0.3 - Jan Adamec)SAMSUNG Intelli-studio (Version: - )Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.)Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001 - Secunia)Security Task Manager 1.8c (Version: 1.8c - Neuber Software)Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) HiddenSerif CraftArtist (Version: 1.0.5.043 - Serif (Europe) Ltd)Serif MoviePlus Starter Edition (Version: 1.0.0.008 - Serif (Europe) Ltd)Serif MoviePlus Starter Edition Codec Pack (Version: 1.0.0.001 - Serif (Europe) Ltd)Serif PagePlus Starter Edition (Version: 2.0.2.009 - Serif (Europe) Ltd)Serif PagePlus: Brochure Template Pack 1 (Version: 1.0.1.005 - Serif (Europe) Ltd)Serif PagePlus: Business Card Template Pack 1 (Version: 1.0.1.005 - Serif (Europe) Ltd)Serif PagePlus: Home Stationery Template Pack - Fishing (Version: 1.0.1.006 - Serif (Europe) Ltd)Serif PanoramaPlus X4 (Version: 4.0.3.010 - Serif (Europe) Ltd)Serif Photo Projects (Version: 1.0.2.024 - Serif (Europe) Ltd)Serif PhotoPlus X5 (Version: 15.0.2.012 - Serif (Europe) Ltd)SlimCleaner (Version: 4.0.29702 - SlimWare Utilities, Inc.)SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.)SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) HiddenSpywareBlaster 4.3 (Version: 4.3.0 - Javacool Software LLC)SUPERAntiSpyware (Version: 5.6.1018 - SUPERAntiSpyware.com)TeamViewer 8 (Version: 8.0.22298 - TeamViewer)The Weather Channel App (Version: - )TweakNow RegCleaner 2011 (Version: 6.4.5 - TweakNow.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)Update for Microsoft Windows (KB971513) (Version: - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)ViewNX 2 (Version: 2.1.2 - Nikon)Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWhisper 32 (Version: - )Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) HiddenWindows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) HiddenWindows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)Windows Management Framework Core (Version: - Microsoft Corporation)Windows Media Encoder 9 Series (Version: - )Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) HiddenWindows Media Format 11 runtime (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)Wondershare MobileGo for Android ( Version 4.2.0 ) (Version: 4.2.0 - Wondershare)Wondershare Video Converter Ultimate(Build 6.5.1.2) (Version: 6.5.1.2 - Wondershare Software)xplorer² lite 32 bit (Version: 2.2.0.2 - Zabkat)Zoner Photo Studio 16 (Version: 16.0.1.5 - ZONER software) ==================== Restore Points ========================= 18-01-2014 13:21:52 Software Distribution Service 3.018-01-2014 14:00:07 Removed Java 7 Update 4018-01-2014 14:09:28 Installed Java 7 Update 5118-01-2014 15:21:05 System Checkpoint20-01-2014 09:21:05 System Checkpoint21-01-2014 11:04:27 System Checkpoint22-01-2014 08:35:46 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== 2006-02-28 13:00 - 2013-06-13 09:06 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-22 08:58 - 2014-01-21 23:40 - 02156032 _____ () C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll2012-10-16 17:12 - 2012-06-22 10:38 - 00108504 _____ () C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll2008-06-27 15:13 - 2008-06-27 15:13 - 01328408 _____ () C:\Program Files\Maxtor\MaxBlast\fox.dll2013-11-04 14:48 - 2013-11-04 14:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll2010-04-16 13:20 - 2010-04-16 13:20 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-07-06 20:26 - 2010-07-06 20:26 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\libcef.dll2013-12-20 10:35 - 2013-12-20 10:35 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll2013-11-21 09:54 - 2013-11-20 04:28 - 01020928 _____ () C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A19129AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100CAlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""="" ==================== Faulty Device Manager Devices ============= Name: NETGEAR WG311v3 802.11g Wireless PCI AdapterDescription: NETGEAR WG311v3 802.11g Wireless PCI AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: NETGEARService: W8335XPProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: NVIDIA nForce 10/100 Mbps EthernetDescription: NVIDIA nForce Networking ControllerClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: NVIDIAService: NVENETFDProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (01/21/2014 08:04:06 PM) (Source: Windows Search Service) (User: )Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (01/21/2014 06:42:17 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{f2935cad-8042-11e3-ad7d-b0702ca2be36},0xc0000000,0x00000003,...). hr = 0x80070005. Error: (01/18/2014 02:35:54 PM) (Source: Windows Search Service) (User: )Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Windows Application, SystemIndex Catalog Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized. Context: Windows Application Details: The content index cannot be read. (0xc0041800) Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800) Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800) Error: (01/18/2014 02:10:58 PM) (Source: Windows Search Service) (User: )Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801) Error: (01/16/2014 08:06:41 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.Error context: CreateFileW(\\?\Volume{8f51fa8a-7d0a-11e3-ad86-c949f1fe1c08},0xc0000000,0x00000003,...). Error: (01/14/2014 11:52:26 AM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.Error context: CreateFileW(\\?\Volume{24fbd7ce-7c5f-11e3-ad81-874171f9345d},0xc0000000,0x00000003,...). Error: (01/13/2014 03:25:18 PM) (Source: VSS) (User: )Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.Error context: CreateFileW(\\?\Volume{7b231cd4-7ba3-11e3-ad7f-ec0653537cfb},0xc0000000,0x00000003,...). System errors:=============Error: (01/22/2014 10:25:47 AM) (Source: Service Control Manager) (User: )Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )Description: The APC Data Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )Description: The Cryptainer service service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )Description: The Maxtor Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions:=========================Error: (01/21/2014 08:04:06 PM) (Source: Windows Search Service)(User: )Description: Context: Application, SystemIndex Catalog Error: (01/21/2014 06:42:17 PM) (Source: VSS)(User: )Description: CreateFileW(\\?\Volume{f2935cad-8042-11e3-ad7d-b0702ca2be36},0xc0000000,0x00000003,...)0x80070005 Error: (01/18/2014 02:35:54 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex Catalog Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application Details: The content index cannot be read. (0xc0041800) Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800) Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)Search.TripoliIndexer Error: (01/18/2014 02:10:58 PM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801) Error: (01/16/2014 08:06:41 PM) (Source: VSS)(User: )Description: CreateFileW(\\?\Volume{8f51fa8a-7d0a-11e3-ad86-c949f1fe1c08},0xc0000000,0x00000003,...) Error: (01/14/2014 11:52:26 AM) (Source: VSS)(User: )Description: CreateFileW(\\?\Volume{24fbd7ce-7c5f-11e3-ad81-874171f9345d},0xc0000000,0x00000003,...) Error: (01/13/2014 03:25:18 PM) (Source: VSS)(User: )Description: CreateFileW(\\?\Volume{7b231cd4-7ba3-11e3-ad7f-ec0653537cfb},0xc0000000,0x00000003,...) ==================== Memory info =========================== Percentage of memory in use: 36%Total physical RAM: 3327.29 MBAvailable physical RAM: 2118.46 MBTotal Pagefile: 5208.47 MBAvailable Pagefile: 3963.21 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1923.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.08 GB) (Free:106.49 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive i: (HD-PCU2) (Fixed) (Total:931.51 GB) (Free:558.98 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 49FA46E0)Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ========================================================Disk: 5 (Size: 932 GB) (Disk ID: AB95221D)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ========================================================Disk: 6 (Size: 373 GB) (Disk ID: 00AD0FB6)Partition 1: (Not Active) - (Size=373 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 23, 2014 Root Admin ID:781989 Share Posted January 23, 2014 I see that your topic appears to have been overlooked as it has many replies to it (all from you, Helpers look for topics with 0 replies). Anyways..... Just checking if you still need help with this or if things are okay? Thanks Link to post Share on other sites More sharing options...
Enfrance Posted January 24, 2014 Author ID:782143 Share Posted January 24, 2014 Hi AdcancedSetup, The posts from number 6 onwards are the logs from the scans I performed after your instructions in post 5. Yep, the logs are very long which is why there are three pages. I appreciate this can all get very confusing and I'm in awe of how you keep track with so many of us asking for your help. I commented that my system must be squeeky clean now as your various scans found enormous numbers of threats which the normal scans did not find. However, the uploading/downloading problem still persists but I now know I can be absolutely sure that it is not malware and is perhaps one of my programs contacting the internet for some reason. I am continuing to look for that reason and plan to try an internet connection meter to see if the active program can be identified. In the meantime, many, many thanks for your help. The layout and guidance for the various processes is very clear and helpful - even for this 75 year old - so I'm very grateful to you. I will also be buying Malwarebytes Pro on the basis that you are all 'on our side' with regard to malware problems. Many thanks again for your assistance, (Enfrance) Mike B Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 24, 2014 Root Admin ID:782369 Share Posted January 24, 2014 Let me have you run the following and we'll check on that one more time. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
Enfrance Posted January 25, 2014 Author ID:782583 Share Posted January 25, 2014 Hope this can tell you something. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01Ran by MikeB (administrator) on MIKE on 25-01-2014 13:39:35Running from C:\Documents and Settings\MikeB\My Documents\DownloadsMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) ===================(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE() C:\Program Files\Allway Sync\Bin\SyncService.exe(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe() C:\Program Files\CyberLink\Shared files\RichVideo.exe(Secunia) C:\Program Files\Secunia\PSI\psia.exe(Secunia) C:\Program Files\Secunia\PSI\sua.exe(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE==================== Registry (Whitelisted) ==================HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)HKLM\...\Run: [] - [x]HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)Lsa: [Authentication Packages] msv1_0 relog_apStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnkShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnkShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnkShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnkShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.comHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)FireFox:========FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []========================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]==================== Drivers (Whitelisted) ====================R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)S3 Jukebox3; C:\Windows\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [907496 2011-07-06] (Realtek Semiconductor Corporation )R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)S3 W8335XP; C:\Windows\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)U3 Cdisookkwes; No ImagePathS3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]S4 IntelIde; No ImagePathS3 RT73; system32\DRIVERS\rt73.sys [x]U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 taphss; system32\DRIVERS\taphss.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster2014-01-23 09:16 - 2014-01-25 13:39 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-01-18 15:10 - 2014-01-18 15:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-01-18 15:10 - 2014-01-18 15:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-01-18 15:10 - 2014-01-18 15:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-16 20:05 - 2014-01-25 08:54 - 00038131 _____ C:\WINDOWS\setupapi.log2014-01-15 15:40 - 2014-01-25 13:32 - 00000405 _____ C:\WINDOWS\wiadebug.log2014-01-15 15:40 - 2014-01-25 13:31 - 00350191 _____ C:\WINDOWS\WindowsUpdate.log2014-01-15 15:40 - 2014-01-25 13:27 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin2014-01-10 17:13 - 2011-07-06 03:22 - 00907496 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst==================== One Month Modified Files and Folders =======2014-01-25 13:39 - 2014-01-23 09:16 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor2014-01-25 13:39 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc2014-01-25 13:34 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk2014-01-25 13:32 - 2014-01-15 15:40 - 00000405 _____ C:\WINDOWS\wiadebug.log2014-01-25 13:31 - 2014-01-15 15:40 - 00350191 _____ C:\WINDOWS\WindowsUpdate.log2014-01-25 13:31 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox2014-01-25 13:30 - 2010-08-05 16:51 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt2014-01-25 13:29 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-25 13:28 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-25 13:28 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl2014-01-25 13:27 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-25 13:27 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-25 12:12 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox2014-01-25 12:12 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini2014-01-25 12:12 - 2010-08-05 03:19 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt2014-01-25 12:11 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass2014-01-25 11:57 - 2012-04-11 11:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-01-25 11:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-25 10:30 - 2012-04-11 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-01-25 10:30 - 2011-06-08 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-01-25 10:27 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe2014-01-25 08:54 - 2014-01-16 20:05 - 00038131 _____ C:\WINDOWS\setupapi.log2014-01-24 11:26 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 32014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster2014-01-24 09:51 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox2014-01-23 10:17 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles2014-01-23 10:02 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-01-18 15:09 - 2014-01-18 15:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-01-18 15:09 - 2014-01-18 15:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-01-18 15:09 - 2014-01-18 15:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR2014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-18 14:21 - 2012-10-16 16:34 - 00727825 _____ C:\WINDOWS\system32\Drivers\Cat.DB2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 20122014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies2014-01-18 14:02 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-13 13:48 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin2014-01-10 17:13 - 2006-02-28 13:00 - 00000722 _____ C:\WINDOWS\win.ini2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+2013-12-30 20:20 - 2013-09-15 08:35 - 00001810 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnkFiles to move or delete:====================C:\Documents and Settings\MikeB\en_res.dllC:\Documents and Settings\MikeB\es_res.dllC:\Documents and Settings\MikeB\fr_res.dllC:\Documents and Settings\MikeB\grm_res.dllC:\Documents and Settings\MikeB\it_res.dllC:\Documents and Settings\MikeB\jp_res.dllC:\Documents and Settings\MikeB\mfc80u.dllC:\Documents and Settings\MikeB\msvcr80.dllC:\Documents and Settings\MikeB\PCPE Setup.exeC:\Documents and Settings\MikeB\pt_res.dllC:\Documents and Settings\MikeB\ResourceReader.dllC:\Documents and Settings\MikeB\ru_res.dllC:\Documents and Settings\MikeB\zh_res.dllSome content of TEMP:====================C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dllC:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 26, 2014 Root Admin ID:782830 Share Posted January 26, 2014 Please uninstall ALL versions of Java from your Control Panel, Add/Remove then run the following Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy.Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.Quit all browsers and other running applications.Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it in your next reply.Next run this tool Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop.http://oldtimer.geekstogo.com/TFC.exeClose any open programs and Internet browsers.Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then restart the computer and run the following and post back the log. Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.fixlist.txt Link to post Share on other sites More sharing options...
Enfrance Posted January 27, 2014 Author ID:783257 Share Posted January 27, 2014 JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Jan 26 11:12:57 2014Found and removed: C:\Program Files\Java\jre6Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_21Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_22Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_23Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_24Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_26Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_29Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_31Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_35Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_37Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_21Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_25Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\JRERunOnce.exeFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low RightsFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPluginsJavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Jan 26 11:13:46 2014------------------------------------Finished reporting.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014Ran by MikeB (administrator) on MIKE on 27-01-2014 14:01:41Running from C:\Documents and Settings\MikeB\DesktopMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) ===================(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE() C:\Program Files\Allway Sync\Bin\SyncService.exe(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe() C:\Program Files\CyberLink\Shared files\RichVideo.exe(Secunia) C:\Program Files\Secunia\PSI\psia.exe(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe() C:\Program Files\Allway Sync\Bin\syncappw.exe(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe(Hercules) C:\Program Files\Hercules\WiFi Station for Livebox\WiFiStationLB.exe(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe(Secunia) C:\Program Files\Secunia\PSI\sua.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)HKLM\...\Run: [] - [x]HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)Lsa: [Authentication Packages] msv1_0 relog_apStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnkShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnkShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnkShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnkShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WiFi Station for Livebox.lnkShortcutTarget: WiFi Station for Livebox.lnk -> C:\Program Files\Hercules\WiFi Station for Livebox\WiFiStationLB.exe (Hercules)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnkShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.comHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cabDPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xmlFF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []========================== Services (Whitelisted) =================R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]==================== Drivers (Whitelisted) ====================R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)S3 androidusb; C:\WINDOWS\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)S3 CXPLRCAP; C:\WINDOWS\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)S3 PCTBD; C:\WINDOWS\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)R0 PCTCore; C:\WINDOWS\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)R0 pctDS; C:\WINDOWS\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)R0 pctEFA; C:\WINDOWS\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)R1 PCTSD; C:\WINDOWS\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)S3 W8335XP; C:\WINDOWS\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)R3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)R3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)U3 Cdisookkwes; No ImagePathS3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]S4 IntelIde; No ImagePathS3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [x]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)S3 taphss; system32\DRIVERS\taphss.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-01-27 14:01 - 2014-01-27 14:01 - 01223168 _____ (Farbar) C:\Documents and Settings\MikeB\Desktop\FRST.exe2014-01-27 14:01 - 2014-01-27 14:01 - 00022299 _____ C:\Documents and Settings\MikeB\Desktop\FRST.txt2014-01-27 14:01 - 2014-01-27 14:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\FRST-OlderVersion2014-01-27 13:41 - 2014-01-27 13:41 - 00002883 _____ C:\Documents and Settings\MikeB\Desktop\fixlist.txt2014-01-26 19:26 - 2014-01-27 13:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-01-26 19:26 - 2014-01-26 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-01-26 19:26 - 2014-01-26 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-01-26 11:14 - 2014-01-26 11:14 - 00003729 _____ C:\Documents and Settings\MikeB\Desktop\JavaRa.log2014-01-26 11:12 - 2014-01-26 11:13 - 00003729 _____ C:\JavaRa.log2014-01-26 11:00 - 2014-01-26 11:09 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RemoveJava2014-01-26 10:55 - 2014-01-26 10:56 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\MikeB\Desktop\TFC.exe2014-01-26 09:33 - 2014-01-26 09:33 - 00001854 _____ C:\Documents and Settings\All Users\Desktop\WiFi Station for Livebox.lnk2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Program Files\Hercules2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hercules2014-01-26 09:33 - 2008-01-15 21:50 - 00459520 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt73.sys2014-01-26 09:33 - 2007-02-15 11:36 - 00432128 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt73u98.sys2014-01-26 09:33 - 2007-02-15 11:36 - 00242816 _____ (Ralink Technology Inc.) C:\WINDOWS\system32\Drivers\rt25u98.sys2014-01-26 09:33 - 2006-11-08 15:45 - 00240384 _____ (Ralink Technology Inc.) C:\WINDOWS\system32\Drivers\rt2500usb.sys2014-01-26 09:33 - 2005-11-30 11:33 - 00002048 _____ C:\WINDOWS\system32\Drivers\rt73.bin2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster2014-01-23 09:16 - 2014-01-26 16:57 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor2014-01-22 16:35 - 2014-01-27 14:01 - 00000000 ____D C:\FRST2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-16 20:05 - 2014-01-27 12:26 - 00075394 _____ C:\WINDOWS\setupapi.log2014-01-15 15:40 - 2014-01-27 14:01 - 00470049 _____ C:\WINDOWS\WindowsUpdate.log2014-01-15 15:40 - 2014-01-27 13:58 - 00000300 _____ C:\WINDOWS\wiadebug.log2014-01-15 15:40 - 2014-01-27 13:57 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst==================== One Month Modified Files and Folders =======2014-01-27 14:02 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox2014-01-27 14:01 - 2014-01-27 14:01 - 01223168 _____ (Farbar) C:\Documents and Settings\MikeB\Desktop\FRST.exe2014-01-27 14:01 - 2014-01-27 14:01 - 00022299 _____ C:\Documents and Settings\MikeB\Desktop\FRST.txt2014-01-27 14:01 - 2014-01-27 14:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\FRST-OlderVersion2014-01-27 14:01 - 2014-01-22 16:35 - 00000000 ____D C:\FRST2014-01-27 14:01 - 2014-01-15 15:40 - 00470049 _____ C:\WINDOWS\WindowsUpdate.log2014-01-27 14:00 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox2014-01-27 13:59 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job2014-01-27 13:58 - 2014-01-15 15:40 - 00000300 _____ C:\WINDOWS\wiadebug.log2014-01-27 13:58 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-27 13:58 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl2014-01-27 13:57 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log2014-01-27 13:57 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-27 13:56 - 2010-08-05 16:51 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt2014-01-27 13:56 - 2010-08-05 03:19 - 00032438 _____ C:\WINDOWS\SchedLgU.Txt2014-01-27 13:41 - 2014-01-27 13:41 - 00002883 _____ C:\Documents and Settings\MikeB\Desktop\fixlist.txt2014-01-27 13:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-27 13:35 - 2014-01-26 19:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-01-27 13:23 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass2014-01-27 12:34 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini2014-01-27 12:26 - 2014-01-16 20:05 - 00075394 _____ C:\WINDOWS\setupapi.log2014-01-27 12:26 - 2006-02-28 13:00 - 00000673 _____ C:\WINDOWS\win.ini2014-01-27 12:20 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc2014-01-26 19:26 - 2014-01-26 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2014-01-26 19:26 - 2014-01-26 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2014-01-26 19:24 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe2014-01-26 18:39 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list2014-01-26 18:33 - 2012-10-16 16:34 - 00727852 _____ C:\WINDOWS\system32\Drivers\Cat.DB2014-01-26 17:05 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk2014-01-26 16:57 - 2014-01-23 09:16 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor2014-01-26 11:14 - 2014-01-26 11:14 - 00003729 _____ C:\Documents and Settings\MikeB\Desktop\JavaRa.log2014-01-26 11:13 - 2014-01-26 11:12 - 00003729 _____ C:\JavaRa.log2014-01-26 11:12 - 2010-08-07 19:21 - 00000000 ____D C:\Program Files\Java2014-01-26 11:09 - 2014-01-26 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RemoveJava2014-01-26 10:56 - 2014-01-26 10:55 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\MikeB\Desktop\TFC.exe2014-01-26 09:49 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 32014-01-26 09:43 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper2014-01-26 09:33 - 2014-01-26 09:33 - 00001854 _____ C:\Documents and Settings\All Users\Desktop\WiFi Station for Livebox.lnk2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Program Files\Hercules2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hercules2014-01-26 09:33 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information2014-01-25 18:43 - 2013-09-15 08:35 - 00000896 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnk2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster2014-01-24 09:51 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox2014-01-23 10:17 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR2014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 20122014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 20122014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+Files to move or delete:====================C:\Documents and Settings\MikeB\en_res.dllC:\Documents and Settings\MikeB\es_res.dllC:\Documents and Settings\MikeB\fr_res.dllC:\Documents and Settings\MikeB\grm_res.dllC:\Documents and Settings\MikeB\it_res.dllC:\Documents and Settings\MikeB\jp_res.dllC:\Documents and Settings\MikeB\mfc80u.dllC:\Documents and Settings\MikeB\msvcr80.dllC:\Documents and Settings\MikeB\PCPE Setup.exeC:\Documents and Settings\MikeB\pt_res.dllC:\Documents and Settings\MikeB\ResourceReader.dllC:\Documents and Settings\MikeB\ru_res.dllC:\Documents and Settings\MikeB\zh_res.dllSome content of TEMP:====================C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpubovtz.dll==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 27, 2014 Root Admin ID:783387 Share Posted January 27, 2014 This is not the correct FIXLIST log. Please run the fixlist.txt files as described above and then post back the Fixlog.txt Link to post Share on other sites More sharing options...
Enfrance Posted January 28, 2014 Author ID:783525 Share Posted January 28, 2014 Sorry about that. I got confused - again with all the various logs. JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Jan 26 11:12:57 2014Found and removed: C:\Program Files\Java\jre6Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_21Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_22Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_23Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_24Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_26Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_29Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_31Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_35Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_37Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_21Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_25Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\JRERunOnce.exeFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low RightsFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPluginsJavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun Jan 26 11:13:46 2014------------------------------------Finished reporting. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014Ran by MikeB at 2014-01-28 10:30:34 Run:2Running from C:\Documents and Settings\MikeB\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************HKLM\...\Run: [] - [x]HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearchSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)S3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]C:\Documents and Settings\MikeB\en_res.dllC:\Documents and Settings\MikeB\es_res.dllC:\Documents and Settings\MikeB\fr_res.dllC:\Documents and Settings\MikeB\grm_res.dllC:\Documents and Settings\MikeB\it_res.dllC:\Documents and Settings\MikeB\jp_res.dllC:\Documents and Settings\MikeB\mfc80u.dllC:\Documents and Settings\MikeB\msvcr80.dllC:\Documents and Settings\MikeB\PCPE Setup.exeC:\Documents and Settings\MikeB\pt_res.dllC:\Documents and Settings\MikeB\ResourceReader.dllC:\Documents and Settings\MikeB\ru_res.dllC:\Documents and Settings\MikeB\zh_res.dllC:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dllC:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exeAlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A19129AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100CAlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2*****************HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => Value not found.HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} => Key not found.HKCR\Wow6432Node\CLSID\{7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found.C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => not found.C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => not found.JavaQuickStarterService => Service not found.cpuz132 => Service not found.esgiguard => Service not found."C:\Documents and Settings\MikeB\en_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\es_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\fr_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\grm_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\it_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\jp_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\mfc80u.dll" => File/Directory not found."C:\Documents and Settings\MikeB\msvcr80.dll" => File/Directory not found."C:\Documents and Settings\MikeB\PCPE Setup.exe" => File/Directory not found."C:\Documents and Settings\MikeB\pt_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\ResourceReader.dll" => File/Directory not found."C:\Documents and Settings\MikeB\ru_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\zh_res.dll" => File/Directory not found."C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dll" => File/Directory not found."C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe" => File/Directory not found.C:\Documents and Settings\All Users\Application Data\TEMP => ":430C6D84" ADS removed successfully."C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":94A19129" ADS not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":9AEE100C" ADS not found."C:\Documents and Settings\All Users\Application Data\TEMP" => ":C31F31E6" ADS not found.C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 28, 2014 Root Admin ID:783547 Share Posted January 28, 2014 How is the computer running now? Are there still any signs of an infection? Link to post Share on other sites More sharing options...
Enfrance Posted January 28, 2014 Author ID:783626 Share Posted January 28, 2014 Immediately after doing the scan etc I had to g out for a while and hence turned the computer off for about four hours. It seems that you have managed to find the problem and more importantely cure it which is absolutely wonderful. All I get on NetMeter now is the usual bit of 'noise' I seem to remember from before the upload started. I am very grateful to you and am confident that nothing is interfering with my machine. I'm off to buy the paid for version which i Link to post Share on other sites More sharing options...
Enfrance Posted January 28, 2014 Author ID:783629 Share Posted January 28, 2014 sorry about that but one of our kittens decided to leap onto my keyboard It happens quite often. As I was saying I am going to buy the paid for version which is the least I can after all your help, Many thanks, Mike B Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 29, 2014 Root Admin ID:783835 Share Posted January 29, 2014 You're quite welcome Mike At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know.Let's go ahead and remove the tools and logs we've used during this process.Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.They are often updated daily so if you went to use them again in the future they would be outdated anyways.The following procedures will implement some cleanup procedures to remove these tools.It will also reset your System Restore by flushing out previous restore points and create a new restore point.It will also remove all the backups our tools may have created.Uninstall ComboFix (if used):Turn off all active protection software including your antivirus. Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button) Please copy and past the following into the box ComboFix /Uninstall and click OK. Note the space between the X and the /Uninstall, it needs to be there. Remove the rest of the tools used: Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not go ahead and delete it by yourself. If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.AdwCleaner Removal:Double click on AdwCleaner.exe to run the tool. Click on Uninstall Confirm with YesESET antivirus Removal:This tool can be uninstalled via the Control Panel, Programs, Uninstall If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8Remove all but the most recent Restore Point on Windows XPAs Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable JavaA lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked BlogIf you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Enfrance Posted January 30, 2014 Author ID:784550 Share Posted January 30, 2014 AdvancedSetup, Thank you for your last post. It is very interesting and I’m browsing the links and learning a lot. I had read elsewhere about the risk in Java but not acted on it. However, my initial enthusiasm on Tuesday evening came to a stop yesterday afternoon when I found that the computer had started uploading around 8+kbp/s continuously again. The only thing I had done with the machine was to check my emails on Mail.com and Gmail using Firefox. No installing new programs and no downloading at all. My untrained logic behind all this seems to be that whatever is uploading was ‘switched off’ but is now operating again. Frankly, I could easily uninstall most of the programs on the computer without inconveniencing myself very much if you think that might be a good idea. I have everything backed up on Dropbox and an external drive. I can use my wife’s laptop to get online if necessary. I started a list of programs to uninstall but in fact its easier to list those I would prefer to keep; Avast antivirusBelkin Surf USB wireless adapterLogitech – for the keyboardAll the Microsoft updates and hotfixesMalwarebytes Pro – I bought yesterday.Firefox 26NetMeter – useful for seeing what is going on with the upload/downloads I appreciate this is going beyond your remit for viruses or malware but perhaps you may have an opinion. As always many thanks for your help, Mike Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 30, 2014 Root Admin ID:784806 Share Posted January 30, 2014 It really depends on what it's uploading. Any computer connected to the Internet is going to be talking back and forth both sending and receiving as that is a normal process. You can do a netstat -a from the command prompt and it will show you what is connected - there are also tools like TCPView http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx Link to post Share on other sites More sharing options...
Enfrance Posted February 2, 2014 Author ID:785852 Share Posted February 2, 2014 Well, that about wraps up the problems and now my machine seems to be pretty good. I'm keeping an eye on the connection but at the moment all seems to be OK. Thank you for your help, AdvancedSetup. Now back to the links you supplied. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 3, 2014 Root Admin ID:786252 Share Posted February 3, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts