Jump to content

CCC.exe confusion


Recommended Posts

Whilst trying to resolve a problem on my hard drive (possibly dodgy sectors) and had finished saving all my data to Dropbox and after I downloaded a disc checker program I found that even when my computer was not being used it was apparently uploading/downloading something on the internet. I found this via NetMeter which shows a constant signal of yellow (the colour when uploading and downloading combines in the display) of around 0.7KiB/s which whilst not much it is a big irritation as I have no idea why it is happening.

 

In Task Manager Networking (XP) it shows as a regular bleep up to about 1% to 2%. In Performance the CPU usage is only about 1% and the PF usage is constant at 1.17GB. I have no idea what that means but perhaps it is significant.

 

Having researched this I see that in Task Manager that CCC.exe is active when all other programs are quiet. I do have ATI  installed - it came with the computer.

 

My dilemma is that Malwarebytes doesn't find anything wrong so I'm at a loss to know if it is CCC.exe causing the traffic on my interent connection and more importantly whether there is a virus at work.

 

Any advice would be very gratefully received.

Link to post
Share on other sites

Whilst waiting for a reply here I posted another message which to please ignore as I will wait to see if someone can help on here.

 

These are the two logs asked for on the other thread.

 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by MikeB at 19:45:27 on 2014-01-19
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Allway Sync\Bin\SyncService.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\cryptainersrv.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Allway Sync\Bin\syncappw.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.









BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Allway Sync] "c:\program files\allway sync\bin\syncappw.exe" -m
uRun: [Zoner Photo Studio Service 16] "c:\program files\zoner\photo studio 16\program32\zpstray.exec:\program files\zoner\photo studio 16\program32\ZPSService.exe"
uRun: [Zoner Photo Studio Autoupdate] "c:\program files\zoner\photo studio 16\program32\ZPSTRAY.EXE"
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Maxtor Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [Display] c:\program files\apc\powerchute personal edition\DataCollectionLauncher.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Wondershare Helper Compact] "c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.






Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mikeb\application data\mozilla\firefox\profiles\qd167hvd.default-1380204116140\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R? Ambfilt;Ambfilt
R? androidusb;Google Device Driver
R? BBSvc;BingBar Service
R? becldr3Service;BCL EasyConverter SDK 3 Loader
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz132;cpuz132
R? CXPLRCAP;Capture Device
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? esgiguard;esgiguard
R? KEYBOARDWDFilter;KEYBOARDWDFilter
R? nosGetPlusHelper;getPlus® Helper 3004
R? RTL8192cu;Surf Wireless Micro USB Adapter
R? sdAuxService;PC Tools Auxiliary Service
R? sdCoreService;PC Tools Security Service
R? Secunia Update Agent;Secunia Update Agent
R? ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? APC Data Service;APC Data Service
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? BBUpdate;BBUpdate
S? BotkindSyncService;Botkind Service
S? Browser Defender Update Service;Browser Defender Update Service
S? LBeepKE;Logitech Beep Suppression Driver
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? MaxSch2Svc;Maxtor Scheduler2 Service
S? PCTBD;PC Tools Browser Defender Driver
S? PCTCore;PCTools KDS
S? pctDS;PC Tools Data Store
S? pctEFA;PC Tools Extended File Attributes
S? PCTSD;PC Tools Spyware Doctor Driver
S? PSI;PSI
S? pssnap;Paramount Software Snapshot Filter
S? ReflectService.exe;Macrium Reflect Image Mounting Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? ssoftnt4;ssoftnt4
S? TeamViewer8;TeamViewer 8
S? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
S? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
S? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
S? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
S? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
.
=============== Created Last 30 ================
.
2014-01-18 14:10:14    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2014-01-18 14:10:03    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-18 13:08:35    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2014-01-18 13:08:35    --------    d-----w-    c:\windows\system32\wbem\Repository
2014-01-18 13:02:46    --------    d-----w-    c:\program files\Cryptainer
2014-01-18 13:02:46    --------    d-----w-    c:\program files\ClockworkMod
2014-01-18 13:01:42    --------    d-----w-    c:\documents and settings\all users\application data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2014-01-18 12:52:44    --------    d-----w-    c:\windows\system32\NtmsData
2014-01-13 14:46:15    --------    d-----w-    c:\program files\Western Digital Corporation
2014-01-10 16:13:42    907496    ----a-w-    c:\windows\system32\drivers\RTL8192cu.sys
2014-01-10 16:13:42    --------    d-----w-    c:\windows\OPTIONS
2014-01-10 16:13:35    451072    ------w-    c:\windows\system32\ISSRemoveSP.exe
2014-01-10 16:13:35    --------    d-----w-    c:\program files\Belkin
2014-01-08 20:34:38    --------    d-----w-    c:\program files\NETGEAR
2014-01-07 15:33:33    --------    d-----w-    C:\boot
2014-01-07 15:33:04    --------    d-----w-    c:\program files\Macrium
2014-01-07 13:50:39    --------    d-----w-    c:\documents and settings\all users\application data\Macrium
2013-12-21 06:04:22    225656    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-12-21 06:04:22    225656    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-01-18 13:57:21    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-18 13:57:21    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-11 07:49:38    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2014-01-02 20:01:39    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-02 20:01:39    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-02 20:01:39    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-02 20:01:38    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-18 16:11:18    9145344    ----a-w-    c:\program files\common files\lpuninstall.exe
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-11-04 13:48:13    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-31 06:46:14    104752    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57:33    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57:33    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02    385024    ------w-    c:\windows\system32\html.iec
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
2004-09-10 12:40:38    75264    ----a-w-    c:\program files\DECCHECK.exe
2005-09-13 19:36:00    172544    --sha-w-    c:\windows\system32\nfpesys.exe
.
============= FINISH: 19:45:57.10 ===============
 

 

Attach.txt

 

.
==== Installed Programs ======================
.
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader XI (11.0.06)
Adobe Stock Photos 1.0
Allway Sync version 14.0.1
Amazon Kindle
Amazon MP3 Downloader 1.0.9
Apple Application Support
ArcSoft ShowBiz
avast! Free Antivirus
B-Folders 3
BBC iPlayer Desktop
BCL easyConverter SDK 1.0.0 Module
BCL easyConverter SDK 3 (Word Version)
Beacon
Belarc Advisor 8.2
Belkin F7D1102 Surf Wireless Micro USB Adapter
Bing Bar
Bing Maps 3D
Browser Guard 4.0
Canon iX4000
Canon Setup Utility 2.1
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Carbon
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Charting Companion 3.0 for Family Tree Maker®
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Creative Jukebox Driver
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen Micro
Cryptainer Drivers
CyberLink Holiday Pack Vol.4 for PowerDirector
CyberLink PowerDirector 11
CyberLink PowerDirector 11 Content Pack Essential
CyberLink PowerDirector 11 Content Pack Premium
CyberLink WaveEditor 2
Driver Install 32bit
Dropbox
DVD Profiler Version 3.8.1
Easy-WebPrint
EPSON Scan
eReg
Family Tree Maker 2012
Family Tree Maker 2014
FastStone Image Viewer 4.9
File Shredder 2.5
Focus MP3 Recorder Pro 4.0
Folder Password Expert USB 2.1.0.6
FoxyTunes for Firefox
FreeOCR v4.2
Genbox Family History 3.7.1
Google Calendar Sync
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
hp deskjet 970c series (Remove only)
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
Karen's Directory Printer
Lagarith lossless video codec (Remove Only)
LastPass (uninstall only)
Legacy 7.5
Lizardtech DjVu Control
Logitech SetPoint 6.51
Macrium Reflect Standard Edition
Malwarebytes Anti-Malware version 1.75.0.1300
Maxtor MaxBlast
Media Preview
MediaMonkey 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money
Microsoft Money 98
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WSE 3.0
Mozilla Firefox 26.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 24.0.1 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MyDriveConnect 3.3.0.1342
NetMeter 1.1.3
Newblue Art Effects for PowerDirector
NIKON IMAGE SPACE UPLOADER
Nikon Message Center 2
NVIDIA Drivers
Paint.NET v3.5.10
PC Tools Spyware Doctor 9.0
PDF OCR X Community Edition
Picture Control Utility
PolderbitS Sound Recorder and Editor
PowerChute Personal Edition 3.0.2
PrivacyHarbor Beacon
QuickTime
RadioSure
Realtek High Definition Audio Driver
Room Arranger
SAMSUNG Intelli-studio
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Secunia PSI (3.0.0.6001)
Security Task Manager 1.8c
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Serif CraftArtist
Serif MoviePlus Starter Edition
Serif MoviePlus Starter Edition Codec Pack
Serif PagePlus Starter Edition
Serif PagePlus: Brochure Template Pack 1
Serif PagePlus: Business Card Template Pack 1
Serif PagePlus: Home Stationery Template Pack - Fishing
Serif PanoramaPlus X4
Serif Photo Projects
Serif PhotoPlus X5
SlimCleaner
SmartSound Quicktracks 5
SpywareBlaster 4.3
SUPERAntiSpyware
TeamViewer 8
The Weather Channel App
TweakNow RegCleaner 2011
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewNX 2
Visual Studio C++ 10.0 Runtime
VLC media player 2.1.2
WebFldrs XP
Whisper 32
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Sync
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wondershare MobileGo for Android ( Version 4.2.0 )
Wondershare Video Converter Ultimate(Build 6.5.1.2)
xplorer² lite 32 bit
Zoner Photo Studio 16
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the requested logs.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

I'm afraid that when I got to the RogueKiller scan a box from my Avast acount came up to check the file. Then everything froze except for the cursor but even that could not bring the  screen to life. I apologise for this as I had forgotten to turn my antivirus off.

 

I went back to the beginning to the start of step 02 and the machine produced this report from RogueKiller. Do hoope I haven't messded things up.

 

 

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : MikeB [Admin rights]
Mode : Scan -- Date : 01/21/2014 11:01:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00AAJS-00B4A SCSI Disk Device +++++
--- User ---
[MBR] cd82c92fe2a715319577e78a32acb14f
[bSP] 55a7b3c1c3e6a1e1f251158434c9f168 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


 

Link to post
Share on other sites

  • Root Admin

Thank you

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

STEP 06

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 07

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

As the logs are rather long I have posted the two Malwarebyte anti-rootkit logs, the JRT log and the Adw log on this first post and the rest on the next posting. Hope this is OK.

 

Regards,  Enfrance.

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2014.01.22.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MikeB :: MIKE [administrator]

 

22/01/2014 09:41:41

mbar-log-2014-01-22 (09-41-41).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 244665

Time elapsed: 13 minute(s), 23 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 3488915456, free: 2536341504

 

Host not found

Downloaded database version: v2014.01.22.04

Downloaded database version: v2013.12.18.01

=======================================

Initializing...

------------ Kernel report ------------

     01/22/2014 09:21:44

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

fltmgr.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvgts.sys

\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

pctDS.sys

sr.sys

PCTCore.sys

pctEFA.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

timntr.sys

tdrpman.sys

snapman.sys

pssnap.sys

Mup.sys

aswVmm.sys

aswRvrt.sys

\SystemRoot\system32\DRIVERS\processr.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\??\C:\WINDOWS\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\??\C:\WINDOWS\system32\drivers\aswTdi.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\??\C:\WINDOWS\system32\drivers\aswRdr.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\System32\Drivers\PCTSD.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\BANTExt.sys

\??\C:\WINDOWS\system32\drivers\aswSnx.sys

\SystemRoot\system32\DRIVERS\RTL8192cu.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\LEqdUsb.Sys

\SystemRoot\System32\Drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\wdf01000.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\LHidEqd.Sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvgts.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\atiok3x2.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\tifsfilt.sys

\SystemRoot\system32\DRIVERS\AegisP.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\LBeepKE.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\psi_mf.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\PCTBD.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR7

Upper Device Object: 0xffffffff8995a030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000092\

Lower Device Object: 0xffffffff8a6e01d0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR6

Upper Device Object: 0xffffffff899ed030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000091\

Lower Device Object: 0xffffffff89fc9ea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR5

Upper Device Object: 0xffffffff89a42030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000090\

Lower Device Object: 0xffffffff89f5a270

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xffffffff899b7030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008f\

Lower Device Object: 0xffffffff89f381d0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xffffffff89f2dab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008e\

Lower Device Object: 0xffffffff89fdfea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xffffffff8a71bab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xffffffff8a8e21d0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8ae29668

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\

Lower Device Object: 0xffffffff8ae36a38

Lower Device Driver Name: \Driver\nvgts\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8ae29668, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8adc47f8, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8ae29220, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8ae293e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8ae29668, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8ae29e50, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8ae2f940, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8ae36a38, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 49FA46E0

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 625121217

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff8a71bab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa7d020, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8994fc30, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff899b1990, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a71bab8, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8aab7db8, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a8e21d0, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff89f2dab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89f4b1c0, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8994fa20, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff89a3b700, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89f2dab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a8cce50, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff89fdfea0, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff899b7030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff899f3020, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8994f770, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff899a7c70, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff899b7030, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89f3f020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff89f381d0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff89a42030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89fbb1c0, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8994f378, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff899ad898, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89a42030, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89f44020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff89f5a270, DeviceName: \Device\00000090\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff899ed030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a61bdd0, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff89950180, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff89996c70, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff899ed030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a9dc020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff89fc9ea0, DeviceName: \Device\00000091\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AB95221D

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 64  Numsec = 1953520001

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 1000204885504 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xffffffff8995a030, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89f7c020, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff89958c80, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8998ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8995a030, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8ab57378, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a6e01d0, DeviceName: \Device\00000092\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AD0FB6

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 781401537

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 400088457216 bytes

Sector size: 512 bytes

 

Done!

Infected: C:\Documents and Settings\MikeB\Local Settings\Temporary Internet Files\Content.IE5\RJ1D2S6O\JRT[1].exe --> [Trojan.P2P.Worm]

Scan finished

Creating System Restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

Removal queue found; removal started

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_r.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 3488915456, free: 2905432064

 

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 3488915456, free: 2438496256

 

Initializing...

=======================================

------------ Kernel report ------------

     01/22/2014 09:41:21

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

imofugc.sys

fltmgr.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

PartMgr.sys

VolSnap.sys

atapi.sys

nvgts.sys

\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

pctDS.sys

sr.sys

PCTCore.sys

pctEFA.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

timntr.sys

tdrpman.sys

snapman.sys

pssnap.sys

Mup.sys

aswVmm.sys

aswRvrt.sys

\SystemRoot\system32\DRIVERS\processr.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nvnetbus.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys

\SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\??\C:\WINDOWS\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\??\C:\WINDOWS\system32\drivers\aswTdi.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\??\C:\WINDOWS\system32\drivers\aswRdr.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\System32\Drivers\PCTSD.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\System32\Drivers\BANTExt.sys

\??\C:\WINDOWS\system32\drivers\aswSnx.sys

\SystemRoot\system32\DRIVERS\RTL8192cu.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\Drivers\LEqdUsb.Sys

\SystemRoot\System32\Drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\wdf01000.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\LHidEqd.Sys

\SystemRoot\system32\DRIVERS\LHidFilt.Sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_nvgts.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\atiok3x2.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\DRIVERS\tifsfilt.sys

\SystemRoot\system32\DRIVERS\AegisP.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\LBeepKE.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\psi_mf.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR7

Upper Device Object: 0xffffffff8a658448

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000092\

Lower Device Object: 0xffffffff8aa41da8

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR6

Upper Device Object: 0xffffffff8a6c6030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000091\

Lower Device Object: 0xffffffff8a594410

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR5

Upper Device Object: 0xffffffff8a5ad4c0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000090\

Lower Device Object: 0xffffffff8a5d0958

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR4

Upper Device Object: 0xffffffff8aa50668

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008f\

Lower Device Object: 0xffffffff8a594ea0

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xffffffff8a5edab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008e\

Lower Device Object: 0xffffffff8a594c10

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR2

Upper Device Object: 0xffffffff8aa8e5a0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000008d\

Lower Device Object: 0xffffffff8a622930

Lower Device Driver Name: \Driver\usbstor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8adc3030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Scsi\nvgts1Port2Path0Target0Lun0\

Lower Device Object: 0xffffffff8adf1030

Lower Device Driver Name: \Driver\nvgts\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8adc3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8adc35f8, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8adc3c80, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8ae2c338, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8adc3030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8ae2c888, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8adf1920, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8adf1030, DeviceName: \Device\Scsi\nvgts1Port2Path0Target0Lun0\, DriverName: \Driver\nvgts\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 49FA46E0

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 625121217

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xffffffff8aa8e5a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8aa4e478, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8a99b198, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8a61d020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aa8e5a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a573260, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a622930, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xffffffff8a5edab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a8c4570, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8aa86e18, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8a8ac938, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a5edab8, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6e7020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a594c10, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xffffffff8aa50668, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a7dc740, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8ab33e40, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8a5b99b8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8aa50668, DeviceName: \Device\Harddisk3\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a61b020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a594ea0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xffffffff8a5ad4c0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a7035d0, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8ad9ce90, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff8a8e3020, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a5ad4c0, DeviceName: \Device\Harddisk4\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a59f020, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a5d0958, DeviceName: \Device\00000090\, DriverName: \Driver\usbstor\

------------ End ----------

Physical Sector Size: 512

Drive: 5, DevicePointer: 0xffffffff8a6c6030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89f8b818, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8a9e2268, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff899f2810, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6c6030, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6872f8, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8a594410, DeviceName: \Device\00000091\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 5

Scanning MBR on drive 5...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AB95221D

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 64  Numsec = 1953520001

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 1000204885504 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xffffffff8a658448, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a651478, DeviceName: Unknown, DriverName: \Driver\pssnap\

DevicePointer: 0xffffffff8aa703c0, DeviceName: Unknown, DriverName: \Driver\snapman\

DevicePointer: 0xffffffff899d2810, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a658448, DeviceName: \Device\Harddisk6\DR7\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff899f2640, DeviceName: Unknown, DriverName: \Driver\PCTCore\

DevicePointer: 0xffffffff8aa41da8, DeviceName: \Device\00000092\, DriverName: \Driver\usbstor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\snapman\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AD0FB6

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 781401537

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 400088457216 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_5_r.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_i.mbam...

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR_6_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 5.1.2600 Windows XP Service Pack 3 x86

 

Account is Administrative

 

Internet Explorer version: 8.0.6001.18702

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 2.511000 GHz

Memory total: 3488915456, free: 2909790208

 

=======================================

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

www.malwarebytes.org

 

Database version: v2014.01.22.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

 :: MIKE [administrator]

 

22/01/2014 09:21:54

mbar-log-2014-01-22 (09-21-54).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 244981

Time elapsed: 12 minute(s), 10 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\MikeB\Local Settings\Temporary Internet Files\Content.IE5\RJ1D2S6O\JRT[1].exe (Trojan.P2P.Worm) -> Delete on reboot.

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Microsoft Windows XP x86

Ran by MikeB on 22/01/2014 at  9:58:50.35

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Documents and Settings\MikeB\appdata\locallow\SkwConfig.bin"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\MikeB\Application Data\getrighttogo"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 22/01/2014 at 10:07:04.03

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v3.017 - Report created 22/01/2014 at 10:25:44

# Updated 12/01/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : MikeB - MIKE

# Running from : C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\MikeB\Local Settings\Application Data\PackageAware

File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Key Deleted : HKCU\Software\Microsoft\IntelliType Pro\AppSpecific\Iminent.exe

Key Deleted : HKLM\Software\hdcode

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hotspotshield

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

 

-\\ Mozilla Firefox v26.0 (en-GB)

 

[ File : C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\prefs.js ]

 

 

*************************

 

AdwCleaner[R0].txt - [4586 octets] - [15/09/2013 13:31:36]

AdwCleaner[R1].txt - [4646 octets] - [15/09/2013 13:34:12]

AdwCleaner[R2].txt - [1692 octets] - [24/09/2013 15:31:13]

AdwCleaner[R3].txt - [1405 octets] - [24/09/2013 15:42:47]

AdwCleaner[R4].txt - [2520 octets] - [22/01/2014 10:17:10]

AdwCleaner[R5].txt - [2580 octets] - [22/01/2014 10:21:15]

AdwCleaner[s0].txt - [4675 octets] - [15/09/2013 13:35:08]

AdwCleaner[s1].txt - [1763 octets] - [24/09/2013 15:33:42]

AdwCleaner[s2].txt - [1468 octets] - [24/09/2013 15:44:39]

AdwCleaner[s3].txt - [2533 octets] - [22/01/2014 10:25:44]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2593 octets] ##########

Link to post
Share on other sites

This starts with the Quick Malwarebytes scan after the Awd scan then the ESET log follows. As this is too long to include the add Addition Farbar log, I have sent it on a third post.

 

Quick scan after the Adwcleaner

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.22.05

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MikeB :: MIKE [administrator]

 

22/01/2014 10:35:27

mbam-log-2014-01-22 (10-35-27).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 240811

Time elapsed: 9 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

ESET log

 

C:\AdwCleaner\Quarantine\C\Documents and Settings\MikeB\Application Data\Searchprotect\ffprotect\application.js.vir            Win32/Conduit.SearchProtect.A application            cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Documents and Settings\MikeB\Application Data\Searchprotect\ffprotect\nsprotector.js.vir            Win32/Conduit.SearchProtect.A application            cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir            Win32/Conduit.SearchProtect.A application            cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\application.js.vir            Win32/Conduit.SearchProtect.A application            cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\Program Files\Searchprotect\ffprotect\nsprotector.js.vir            Win32/Conduit.SearchProtect.A application            cleaned by deleting - quarantined

C:\AdwCleaner\Quarantine\C\WINDOWS\system32\dmwu.exe.vir    a variant of Win32/Toolbar.Perion.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\acdsee12photomanager-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup325.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup404.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup406.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup407.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ccsetup409.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats  cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\ezvid0895.exe            Win32/OpenCandy application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\Downloads\picajetphotoorganizer-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\advanced system care -setup.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\asc-setup Systemcare.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\cbsidlm-cbsi134-Wondershare_MobileGo_for_Android-ORG-75444075.exe            a variant of Win32/CNETInstaller.B application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\Charting_Companion.exe          a variant of Win32/Toolbar.Conduit.B application            deleted - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\acdsee12photomanager-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\cbsidlm-tr1_10a-FreeOCR-ORG-10717191.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\cbsidlm-tr1_13-Smart_Driver_Updater-ORG-75453012.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup325.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup327.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup401.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup404.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup406.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup407.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ccsetup409.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\driverupdater.exe            a variant of Win32/Adware.SpeedingUpMyPC.C application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats  cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\ezvid0895.exe            Win32/OpenCandy application            cleaned by deleting - quarantined

C:\Documents and Settings\MikeB\My Documents\My Dropbox\Downloads\picajetphotoorganizer-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

I:\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\Downloaded progs for saving\advanced system care -setup.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\Downloaded progs for saving\asc-setup Systemcare.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\Downloaded progs for saving\DefragSetup.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloaded progs\advanced system care -setup.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloaded progs\asc-setup Systemcare.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloaded progs\cbsidlm-cbsi134-Wondershare_MobileGo_for_Android-ORG-75444075.exe            a variant of Win32/CNETInstaller.B application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloaded progs\Charting_Companion.exe          a variant of Win32/Toolbar.Conduit.B application            deleted - quarantined

I:\My Documents\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\acdsee12photomanager-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\cbsidlm-tr1_10a-FreeOCR-ORG-10717191.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\cbsidlm-tr1_13-Smart_Driver_Updater-ORG-75453012.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup325.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup327.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup401.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup404.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup406.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup407.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ccsetup409.exe            Win32/Bundled.Toolbar.Google.D application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\driverupdater.exe            a variant of Win32/Adware.SpeedingUpMyPC.C application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ESDPK-MLX5-MoviePlusStarterEdition-EN.exe multiple threats  cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\ezvid0895.exe            Win32/OpenCandy application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\picajetphotoorganizer-setup.exe            Win32/DownloadAdmin.G application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\SoftonicDownloader_for_microsoft-money.exe            Win32/SoftonicDownloader.E application            cleaned by deleting - quarantined

I:\My Documents\My Dropbox\Downloads\xplorer2_liteOC_setup.exe            Win32/OpenCandy application            cleaned by deleting - quarantined

I:\My Dropbox\Downloaded progs\advanced system care -setup.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Dropbox\Downloaded progs\asc-setup Systemcare.exe            a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting - quarantined

I:\My Dropbox\Downloaded progs\Charting_Companion.exe          a variant of Win32/Toolbar.Conduit.B application            deleted - quarantined

I:\My Dropbox\Downloaded progs\DefragSetup.exe a variant of Win32/Toolbar.Conduit.B application            cleaned by deleting – quarantined

 

============================================================

 

Farbar RecoveryScan tool

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01

Ran by MikeB (administrator) on MIKE on 22-01-2014 16:35:28

Running from C:\Documents and Settings\MikeB\My Documents\Downloads

Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) ===================

 

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe

() C:\Program Files\Allway Sync\Bin\SyncService.exe

(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe

(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo.exe

(Secunia) C:\Program Files\Secunia\PSI\psia.exe

(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE

(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe

(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe

(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE

() C:\Program Files\NetMeter\NetMeter.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)

HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)

HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)

HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)

HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)

HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)

HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()

HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()

HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)

Lsa: [Authentication Packages] msv1_0 relog_ap

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk

ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk

ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnk

ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)

Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555

BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]

FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]

FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]

FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]

FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]

FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]

FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]

FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]

FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]

FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]

FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]

FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\

FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)

S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()

R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()

R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)

R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)

R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)

R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)

R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()

S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)

S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)

R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)

U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)

R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)

R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()

R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)

S3 Jukebox3; C:\Windows\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)

S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)

R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)

S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)

R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)

R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)

R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)

R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)

R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)

R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)

R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)

R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)

R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [907496 2011-07-06] (Realtek Semiconductor Corporation                           )

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)

R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)

S3 W8335XP; C:\Windows\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)

R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)

R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)

R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)

R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)

R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)

U3 Cdisookkwes; No ImagePath

S3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]

S4 IntelIde; No ImagePath

S3 RT73; system32\DRIVERS\rt73.sys [x]

U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S3 taphss; system32\DRIVERS\taphss.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST

2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET

2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt

2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar

2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe

2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe

2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe

2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt

2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine

2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt

2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT

2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk

2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk

2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT

2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe

2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe

2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt

2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt

2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr

2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java

2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-01-18 15:10 - 2014-01-18 15:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-18 15:10 - 2014-01-18 15:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-18 15:10 - 2014-01-18 15:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-18 15:10 - 2014-01-18 15:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-18 15:10 - 2014-01-18 15:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log

2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log

2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz

2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect

2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}

2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation

2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData

2014-01-16 20:05 - 2014-01-21 19:45 - 00033759 _____ C:\WINDOWS\setupapi.log

2014-01-15 15:40 - 2014-01-22 13:43 - 00272928 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-15 15:40 - 2014-01-22 10:29 - 00000300 _____ C:\WINDOWS\wiadebug.log

2014-01-15 15:40 - 2014-01-22 10:28 - 00000050 _____ C:\WINDOWS\wiaservc.log

2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk

2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation

2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS

2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin

2014-01-10 17:13 - 2011-07-06 03:22 - 00907496 _____ (Realtek Semiconductor Corporation                           ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys

2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe

2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk

2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR

2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk

2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium

2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium

2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log

2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium

2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst

 

==================== One Month Modified Files and Folders =======

 

2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST

2014-01-22 16:34 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass

2014-01-22 16:19 - 2010-08-05 16:51 - 00065536 _____ C:\WINDOWS\system32\config\ACEEvent.evt

2014-01-22 15:57 - 2012-04-11 11:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-22 15:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-22 14:17 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2014-01-22 14:12 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox

2014-01-22 13:43 - 2014-01-15 15:40 - 00272928 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET

2014-01-22 10:46 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

2014-01-22 10:32 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox

2014-01-22 10:29 - 2014-01-15 15:40 - 00000300 _____ C:\WINDOWS\wiadebug.log

2014-01-22 10:29 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-22 10:29 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl

2014-01-22 10:28 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log

2014-01-22 10:28 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2014-01-22 10:27 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini

2014-01-22 10:27 - 2010-08-05 03:19 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt

2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner

2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt

2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar

2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system

2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe

2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe

2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe

2014-01-21 19:45 - 2014-01-16 20:05 - 00033759 _____ C:\WINDOWS\setupapi.log

2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration

2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair

2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk

2014-01-21 18:18 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list

2014-01-21 18:17 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc

2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR

2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt

2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine

2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt

2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT

2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk

2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk

2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT

2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe

2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe

2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk

2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt

2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt

2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr

2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java

2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-01-18 15:09 - 2014-01-18 15:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-01-18 15:09 - 2014-01-18 15:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-01-18 15:09 - 2014-01-18 15:10 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-01-18 15:09 - 2014-01-18 15:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-01-18 15:09 - 2014-01-18 15:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-01-18 14:57 - 2012-04-11 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-01-18 14:57 - 2011-06-08 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-01-18 14:54 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe

2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR

2014-01-18 14:38 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 3

2014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log

2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log

2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log

2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$

2014-01-18 14:21 - 2012-10-16 16:34 - 00727825 _____ C:\WINDOWS\system32\Drivers\Cat.DB

2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB

2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService

2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService

2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz

2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft

2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012

2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect

2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}

2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft

2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 2012

2014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies

2014-01-18 14:02 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation

2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy

2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google

2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData

2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner

2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log

2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun

2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk

2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation

2014-01-13 13:48 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper

2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer

2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium

2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey

2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys

2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS

2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin

2014-01-10 17:13 - 2006-02-28 13:00 - 00000722 _____ C:\WINDOWS\win.ini

2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper

2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk

2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan

2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR

2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner

2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools

2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium

2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium

2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log

2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner

2014-01-05 14:33 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles

2014-01-03 09:57 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox

2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast

2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys

2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys

2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk

2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst

2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+

2013-12-30 20:20 - 2013-09-15 08:35 - 00001810 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnk

 

Files to move or delete:

====================

C:\Documents and Settings\MikeB\en_res.dll

C:\Documents and Settings\MikeB\es_res.dll

C:\Documents and Settings\MikeB\fr_res.dll

C:\Documents and Settings\MikeB\grm_res.dll

C:\Documents and Settings\MikeB\it_res.dll

C:\Documents and Settings\MikeB\jp_res.dll

C:\Documents and Settings\MikeB\mfc80u.dll

C:\Documents and Settings\MikeB\msvcr80.dll

C:\Documents and Settings\MikeB\PCPE Setup.exe

C:\Documents and Settings\MikeB\pt_res.dll

C:\Documents and Settings\MikeB\ResourceReader.dll

C:\Documents and Settings\MikeB\ru_res.dll

C:\Documents and Settings\MikeB\zh_res.dll

 

 

Some content of TEMP:

====================

C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================

Link to post
Share on other sites

Addition text

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-01-2014 01

Ran by MikeB at 2014-01-22 16:36:13

Running from C:\Documents and Settings\MikeB\My Documents\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden

Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden

Adobe Download Manager (Version: 1.6.2.87 - NOS Microsystems Ltd.)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)

Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden

Adobe Photoshop CS (Version: CS - Adobe Systems, Inc.)

Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)

Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden

Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden

Allway Sync version 14.0.1 (Version:  - Botkind Inc)

Amazon Kindle (Version:  - Amazon)

Amazon MP3 Downloader 1.0.9 (Version:  - )

Apple Application Support (Version: 2.3.4 - Apple Inc.)

ArcSoft ShowBiz (Version: 3.5.13.70 - ArcSoft)

avast! Free Antivirus (Version: 9.0.2011 - Avast Software)

BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) Hidden

BCL easyConverter SDK 1.0.0 Module (Version: 1.0.0.7 - BCL Technologies) Hidden

BCL easyConverter SDK 3 (Word Version) (Version: 3.0.64 - BCL Technologies)

Beacon (Version: 1.0.0 - PrivacyHarbor) Hidden

Belarc Advisor 8.2 (Version: 8.2.1.0 - Belarc Inc.)

Belkin F7D1102 Surf Wireless Micro USB Adapter (Version: 1.00.0155 - )

B-Folders 3 (HKCU Version:  - )

Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)

Bing Maps 3D (Version: 4.0.903.16005 - Microsoft Corporation)

Browser Guard 4.0 (Version: 4.0.0.1606 - PC Tools)

Canon iX4000 (Version:  - )

Canon Setup Utility 2.1 (Version:  - )

Canon Utilities Easy-PhotoPrint (Version:  - )

Canon Utilities Easy-PrintToolBox (Version:  - )

Carbon (Version: 1.0.0 - ClockworkMod)

Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662 - ATI) Hidden

Catalyst Control Center InstallProxy (Version: 2010.0706.2128.36662 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (Version: 2010.0706.2128.36662 - ATI) Hidden

CCC Help English (Version: 2010.0706.2127.36662 - ATI) Hidden

ccc-core-static (Version: 2010.0706.2128.36662 - ATI) Hidden

ccc-utility (Version: 2010.0706.2128.36662 - ATI) Hidden

CCleaner (Version: 4.09 - Piriform)

Charting Companion 3.0 for Family Tree Maker® (Version: 3.0 - Progeny Genealogy Inc.)

ClearType Tuning Control Panel Applet (Version: 1.01.0000 - Microsoft Corporation)

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)

ConvertHelper 2.2 (Version:  - DownloadHelper)

Creative Jukebox Driver (Version:  - )

Creative MediaSource (Version: 3.00 - )

Creative Removable Disk Manager (Version:  - )

Creative System Information (Version:  - )

Creative Zen Micro (Version: 1.0 - )

Cryptainer Drivers (Version: 7.0 - Cypherix)

CyberLink Holiday Pack Vol.4 for PowerDirector (Version: 1.0 - CyberLink Corp.)

CyberLink Holiday Pack Vol.4 for PowerDirector (Version: 1.0 - CyberLink Corp.) Hidden

CyberLink PowerDirector 11 (Version: 11.0.0.2215 - CyberLink Corp.)

CyberLink PowerDirector 11 (Version: 11.0.0.2215 - CyberLink Corp.) Hidden

CyberLink PowerDirector 11 Content Pack Essential (Version: 11 - CyberLink Corp.)

CyberLink PowerDirector 11 Content Pack Essential (Version: 11 - CyberLink Corp.) Hidden

CyberLink PowerDirector 11 Content Pack Premium (Version: 11 - CyberLink Corp.)

CyberLink PowerDirector 11 Content Pack Premium (Version: 11 - CyberLink Corp.) Hidden

CyberLink WaveEditor 2 (Version: 2.0.3206 - CyberLink Corp.)

CyberLink WaveEditor 2 (Version: 2.0.3206 - CyberLink Corp.) Hidden

Driver Install 32bit (Version: 6.0.107.0 - None)

Driver Install 32bit (Version: 6.0.107.0 - None) Hidden

Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)

DVD Profiler Version 3.8.1 (Version:  - )

Easy-WebPrint (Version:  - )

EPSON Scan (Version:  - )

eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden

ERUNT 1.1j (Version:  - Lars Hederer)

Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.)

Family Tree Maker 2012 (Version: 21.0.388 - Ancestry.com, Inc.) Hidden

Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.)

Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden

FastStone Image Viewer 4.9 (Version: 4.9 - FastStone Soft)

File Shredder 2.5 (Version:  - Pow Tools)

Focus MP3 Recorder Pro 4.0 (Version:  - Focussoft.net)

Folder Password Expert USB 2.1.0.6 (Version: 2.1.0.6 - ZQS Software Team)

FoxyTunes for Firefox (Version:  - )

FreeOCR v4.2 (Version:  - )

Genbox Family History 3.7.1 (Version:  - Thoughtful Creations)

Google Calendar Sync (Version:  - )

Google Earth (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden

High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)

hp deskjet 970c series (Remove only) (Version:  - )

Java 7 Update 51 (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Karen's Directory Printer (Version: 5.3.0.2 - Karen Kenworthy)

Lagarith lossless video codec (Remove Only) (Version:  - )

LastPass (uninstall only) (Version:  - LastPass)

Legacy 7.5 (Version: 7.5  - Millennia Corporation)

Lizardtech DjVu Control (Version:  - )

Logitech SetPoint 6.51 (Version: 6.51.8 - Logitech)

Macrium Reflect Standard Edition (Version: 5.2 - Paramount Software (UK) Ltd.)

Macrium Reflect Standard Edition (Version: 5.2.6444 - Paramount Software (UK) Ltd.) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)

Maxtor MaxBlast (Version: 11.0.8145 - Maxtor)

Media Preview (Version: 1.2.2.169 - BabelSoft)

MediaMonkey 4.0 (Version: 4.0 - Ventis Media Inc.)

Microsoft .NET Framework 1.1 (Version:  - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)

Microsoft IntelliType Pro 7.0 (Version: 7.0.260.0 - Microsoft)

Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden

Microsoft Money (Version: 14 - Microsoft)

Microsoft Money 98 (Version:  - )

Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden

Microsoft Office 2000 Premium (Version: 9.00.2720 - Microsoft Corporation)

Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Windows XP Video Decoder Checkup Utility (Version:  - )

Microsoft WSE 3.0 (Version: 3.0.5305.0 - Microsoft Corporation)

Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)

Mozilla Maintenance Service (Version: 26.0 - Mozilla)

Mozilla Thunderbird 24.0.1 (x86 en-GB) (Version: 24.0.1 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)

MyDriveConnect 3.3.0.1342 (Version: 3.3.0.1342 - TomTom)

NetMeter 1.1.3 (Version:  - ReadError)

Newblue Art Effects for PowerDirector (Version: 2.0 - NewBlue)

NIKON IMAGE SPACE UPLOADER (Version: 1.1 - NIKON CORPORATION)

NIKON IMAGE SPACE UPLOADER (Version: 1.1 - NIKON CORPORATION) Hidden

Nikon Message Center 2 (Version: 2.0.1 - Nikon)

NVIDIA Drivers (Version: 1.4 - NVIDIA Corporation)

Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)

PC Tools Spyware Doctor 9.0 (Version: 9.0 - PC Tools)

PDF OCR X Community Edition (Version: 1.9.6 - Web Lite Solutions Corp.)

Picture Control Utility (Version: 1.2.2 - Nikon)

PolderbitS Sound Recorder and Editor (Version:  - )

PowerChute Personal Edition 3.0.2 (Version: 3.0.2 - Schneider Electric)

PrivacyHarbor Beacon (HKCU Version: 1.0.0 - PrivacyHarbor)

QuickTime (Version: 7.74.80.86 - Apple Inc.)

RadioSure (HKCU Version:  - )

Realtek High Definition Audio Driver (Version: 5.10.0.6299 - Realtek Semiconductor Corp.)

Room Arranger (Version: 7.0.3 - Jan Adamec)

SAMSUNG Intelli-studio (Version:  - )

Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.1.0.11095_121 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)

Secunia PSI (3.0.0.6001) (Version: 3.0.0.6001 - Secunia)

Security Task Manager 1.8c (Version: 1.8c - Neuber Software)

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

Serif CraftArtist (Version: 1.0.5.043 - Serif (Europe) Ltd)

Serif MoviePlus Starter Edition (Version: 1.0.0.008 - Serif (Europe) Ltd)

Serif MoviePlus Starter Edition Codec Pack (Version: 1.0.0.001 - Serif (Europe) Ltd)

Serif PagePlus Starter Edition (Version: 2.0.2.009 - Serif (Europe) Ltd)

Serif PagePlus: Brochure Template Pack 1 (Version: 1.0.1.005 - Serif (Europe) Ltd)

Serif PagePlus: Business Card Template Pack 1 (Version: 1.0.1.005 - Serif (Europe) Ltd)

Serif PagePlus: Home Stationery Template Pack - Fishing (Version: 1.0.1.006 - Serif (Europe) Ltd)

Serif PanoramaPlus X4 (Version: 4.0.3.010 - Serif (Europe) Ltd)

Serif Photo Projects (Version: 1.0.2.024 - Serif (Europe) Ltd)

Serif PhotoPlus X5 (Version: 15.0.2.012 - Serif (Europe) Ltd)

SlimCleaner (Version: 4.0.29702 - SlimWare Utilities, Inc.)

SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.)

SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden

SpywareBlaster 4.3 (Version: 4.3.0 - Javacool Software LLC)

SUPERAntiSpyware (Version: 5.6.1018 - SUPERAntiSpyware.com)

TeamViewer 8 (Version: 8.0.22298 - TeamViewer)

The Weather Channel App (Version:  - )

TweakNow RegCleaner 2011 (Version: 6.4.5 - TweakNow.com)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden

Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)

ViewNX 2 (Version: 2.1.2 - Nikon)

Visual Studio C++ 10.0 Runtime (Version: 10.0.0 - TomTom International B.V.)

VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Whisper 32 (Version:  - )

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)

Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Management Framework Core (Version:  - Microsoft Corporation)

Windows Media Encoder 9 Series (Version:  - )

Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden

Windows Media Format 11 runtime (Version:  - )

Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden

Windows Media Player 11 (Version:  - )

Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden

Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)

Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)

Wondershare MobileGo for Android ( Version 4.2.0 ) (Version: 4.2.0 - Wondershare)

Wondershare Video Converter Ultimate(Build 6.5.1.2) (Version: 6.5.1.2 - Wondershare Software)

xplorer² lite 32 bit (Version: 2.2.0.2 - Zabkat)

Zoner Photo Studio 16 (Version: 16.0.1.5 - ZONER software)

 

==================== Restore Points  =========================

 

18-01-2014 13:21:52 Software Distribution Service 3.0

18-01-2014 14:00:07 Removed Java 7 Update 40

18-01-2014 14:09:28 Installed Java 7 Update 51

18-01-2014 15:21:05 System Checkpoint

20-01-2014 09:21:05 System Checkpoint

21-01-2014 11:04:27 System Checkpoint

22-01-2014 08:35:46 Malwarebytes Anti-Rootkit Restore Point

 

==================== Hosts content: ==========================

 

2006-02-28 13:00 - 2013-06-13 09:06 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => C:\Program Files\Microsoft IntelliType Pro\itype.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-01-22 08:58 - 2014-01-21 23:40 - 02156032 _____ () C:\Program Files\AVAST Software\Avast\defs\14012101\algo.dll

2012-10-16 17:12 - 2012-06-22 10:38 - 00108504 _____ () C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll

2013-06-14 13:25 - 2013-06-14 13:25 - 00077944 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll

2008-06-27 15:13 - 2008-06-27 15:13 - 01328408 _____ () C:\Program Files\Maxtor\MaxBlast\fox.dll

2013-11-04 14:48 - 2013-11-04 14:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2010-03-16 11:22 - 2010-03-16 11:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll

2010-04-16 13:20 - 2010-04-16 13:20 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-07-06 20:26 - 2010-07-06 20:26 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\libcef.dll

2013-12-20 10:35 - 2013-12-20 10:35 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2013-11-21 09:54 - 2013-11-20 04:28 - 01020928 _____ () C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A19129

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

 

==================== Faulty Device Manager Devices =============

 

Name: NETGEAR WG311v3 802.11g Wireless PCI Adapter

Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: NETGEAR

Service: W8335XP

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: NVIDIA nForce 10/100 Mbps Ethernet

Description: NVIDIA nForce Networking Controller

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: NVIDIA

Service: NVENETFD

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/21/2014 08:04:06 PM) (Source: Windows Search Service) (User: )

Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

 

Context:  Application, SystemIndex Catalog

 

Error: (01/21/2014 06:42:17 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{f2935cad-8042-11e3-ad7d-b0702ca2be36},0xc0000000,0x00000003,...).  hr = 0x80070005.

 

Error: (01/18/2014 02:35:54 PM) (Source: Windows Search Service) (User: )

Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

 

Context: Windows Application, SystemIndex Catalog

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

 

Details:

            The content index cannot be read.   (0xc0041800)

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

            The content index cannot be read.   (0xc0041800)

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service) (User: )

Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

            The content index cannot be read.   (0xc0041800)

 

Error: (01/18/2014 02:10:58 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

             0xc0041801 (0xc0041801)

 

Error: (01/16/2014 08:06:41 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.

Error context: CreateFileW(\\?\Volume{8f51fa8a-7d0a-11e3-ad86-c949f1fe1c08},0xc0000000,0x00000003,...).

 

Error: (01/14/2014 11:52:26 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.

Error context: CreateFileW(\\?\Volume{24fbd7ce-7c5f-11e3-ad81-874171f9345d},0xc0000000,0x00000003,...).

 

Error: (01/13/2014 03:25:18 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.

Error context: CreateFileW(\\?\Volume{7b231cd4-7ba3-11e3-ad7f-ec0653537cfb},0xc0000000,0x00000003,...).

 

 

System errors:

=============

Error: (01/22/2014 10:25:47 AM) (Source: Service Control Manager) (User: )

Description: The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

 

Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )

Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )

Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:45 AM) (Source: Service Control Manager) (User: )

Description: The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )

Description: The APC Data Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )

Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )

Description: The Cryptainer service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )

Description: The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/22/2014 10:25:44 AM) (Source: Service Control Manager) (User: )

Description: The Maxtor Scheduler2 Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (01/21/2014 08:04:06 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

Error: (01/21/2014 06:42:17 PM) (Source: VSS)(User: )

Description: CreateFileW(\\?\Volume{f2935cad-8042-11e3-ad7d-b0702ca2be36},0xc0000000,0x00000003,...)0x80070005

 

Error: (01/18/2014 02:35:54 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

 

 

Details:

            The content index cannot be read.   (0xc0041800)

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

            The content index cannot be read.   (0xc0041800)

 

Error: (01/18/2014 02:10:59 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

            The content index cannot be read.   (0xc0041800)

Search.TripoliIndexer

 

Error: (01/18/2014 02:10:58 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

             0xc0041801 (0xc0041801)

 

Error: (01/16/2014 08:06:41 PM) (Source: VSS)(User: )

Description: CreateFileW(\\?\Volume{8f51fa8a-7d0a-11e3-ad86-c949f1fe1c08},0xc0000000,0x00000003,...)

 

Error: (01/14/2014 11:52:26 AM) (Source: VSS)(User: )

Description: CreateFileW(\\?\Volume{24fbd7ce-7c5f-11e3-ad81-874171f9345d},0xc0000000,0x00000003,...)

 

Error: (01/13/2014 03:25:18 PM) (Source: VSS)(User: )

Description: CreateFileW(\\?\Volume{7b231cd4-7ba3-11e3-ad7f-ec0653537cfb},0xc0000000,0x00000003,...)

 

 

==================== Memory info ===========================

 

Percentage of memory in use: 36%

Total physical RAM: 3327.29 MB

Available physical RAM: 2118.46 MB

Total Pagefile: 5208.47 MB

Available Pagefile: 3963.21 MB

Total Virtual: 2047.88 MB

Available Virtual: 1923.75 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:298.08 GB) (Free:106.49 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive i: (HD-PCU2) (Fixed) (Total:931.51 GB) (Free:558.98 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 49FA46E0)

Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

 

========================================================

Disk: 5 (Size: 932 GB) (Disk ID: AB95221D)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

========================================================

Disk: 6 (Size: 373 GB) (Disk ID: 00AD0FB6)

Partition 1: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi AdcancedSetup,  The posts from number 6 onwards are the logs from the scans I performed after your instructions in post 5.  Yep, the logs are very long which is why there are three pages.

 

I appreciate this can all get very confusing and I'm in awe of how you keep track with so many of us asking for your help.

 

I commented that my system must be squeeky clean now as your various scans found enormous numbers of threats which the normal scans did not find.

 

However, the uploading/downloading problem still persists but I now know I can be absolutely sure that it is not malware and is perhaps one of my programs contacting the internet for some reason.  I am continuing to look for that reason and plan to try an internet connection meter to see if the active program can be identified.

 

In the meantime, many, many thanks for your help. The layout and guidance for the various processes is very clear and helpful - even for this 75 year old - so I'm very grateful to you. I will also be buying Malwarebytes Pro on the basis that you are all 'on our side' with regard to malware problems.

 

Many thanks again for your assistance,

 

(Enfrance) Mike B

Link to post
Share on other sites

  • Root Admin

Let me have  you run the following and we'll check on that one more time.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Hope this can tell you something. :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2014 01
Ran by MikeB (administrator) on MIKE on 25-01-2014 13:39:35
Running from C:\Documents and Settings\MikeB\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
() C:\Program Files\Allway Sync\Bin\SyncService.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)
HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()
HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]
FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]
FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]
FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]
FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]
FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]
FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]
FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]
FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]
FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()
R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)
R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()
S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)
S3 Jukebox3; C:\Windows\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)
S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)
R0 nvgts; C:\Windows\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [907496 2011-07-06] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)
S3 W8335XP; C:\Windows\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)
R3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)
U3 Cdisookkwes; No ImagePath
S3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]
S4 IntelIde; No ImagePath
S3 RT73; system32\DRIVERS\rt73.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 taphss; system32\DRIVERS\taphss.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster
2014-01-23 09:16 - 2014-01-25 13:39 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor
2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST
2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET
2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt
2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar
2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe
2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe
2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe
2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt
2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine
2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt
2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe
2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe
2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt
2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt
2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr
2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-18 15:10 - 2014-01-18 15:09 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-18 15:10 - 2014-01-18 15:09 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-18 15:10 - 2014-01-18 15:09 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-18 15:10 - 2014-01-18 15:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-18 15:10 - 2014-01-18 15:09 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz
2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-16 20:05 - 2014-01-25 08:54 - 00038131 _____ C:\WINDOWS\setupapi.log
2014-01-15 15:40 - 2014-01-25 13:32 - 00000405 _____ C:\WINDOWS\wiadebug.log
2014-01-15 15:40 - 2014-01-25 13:31 - 00350191 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-15 15:40 - 2014-01-25 13:27 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin
2014-01-10 17:13 - 2011-07-06 03:22 - 00907496 _____ (Realtek Semiconductor Corporation                           ) C:\WINDOWS\system32\Drivers\RTL8192cu.sys
2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe
2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk
2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR
2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log
2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst

==================== One Month Modified Files and Folders =======

2014-01-25 13:39 - 2014-01-23 09:16 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor
2014-01-25 13:39 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc
2014-01-25 13:34 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-25 13:32 - 2014-01-15 15:40 - 00000405 _____ C:\WINDOWS\wiadebug.log
2014-01-25 13:31 - 2014-01-15 15:40 - 00350191 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-25 13:31 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox
2014-01-25 13:30 - 2010-08-05 16:51 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-25 13:29 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-25 13:28 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 13:28 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-25 13:27 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-25 13:27 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-25 12:12 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox
2014-01-25 12:12 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini
2014-01-25 12:12 - 2010-08-05 03:19 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-25 12:11 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass
2014-01-25 11:57 - 2012-04-11 11:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-25 11:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 10:30 - 2012-04-11 11:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-25 10:30 - 2011-06-08 07:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-25 10:27 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe
2014-01-25 08:54 - 2014-01-16 20:05 - 00038131 _____ C:\WINDOWS\setupapi.log
2014-01-24 11:26 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 3
2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster
2014-01-24 09:51 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox
2014-01-23 10:17 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2014-01-23 10:02 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2014-01-22 16:35 - 2014-01-22 16:35 - 00000000 ____D C:\FRST
2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET
2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner
2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt
2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar
2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system
2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe
2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe
2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe
2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair
2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR
2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt
2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine
2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt
2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe
2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe
2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt
2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt
2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr
2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 15:38 - 2014-01-18 15:38 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-18 15:10 - 2014-01-18 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-18 15:09 - 2014-01-18 15:10 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-18 15:09 - 2014-01-18 15:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-18 15:09 - 2014-01-18 15:10 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-18 15:09 - 2014-01-18 15:10 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-18 15:09 - 2014-01-18 15:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log
2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-18 14:21 - 2012-10-16 16:34 - 00727825 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB
2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService
2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz
2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft
2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 2012
2014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies
2014-01-18 14:02 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy
2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google
2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner
2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun
2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation
2014-01-13 13:48 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper
2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer
2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey
2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\Program Files\Belkin
2014-01-10 17:13 - 2006-02-28 13:00 - 00000722 _____ C:\WINDOWS\win.ini
2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper
2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk
2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR
2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner
2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log
2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner
2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst
2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+
2013-12-30 20:20 - 2013-09-15 08:35 - 00001810 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnk

Files to move or delete:
====================
C:\Documents and Settings\MikeB\en_res.dll
C:\Documents and Settings\MikeB\es_res.dll
C:\Documents and Settings\MikeB\fr_res.dll
C:\Documents and Settings\MikeB\grm_res.dll
C:\Documents and Settings\MikeB\it_res.dll
C:\Documents and Settings\MikeB\jp_res.dll
C:\Documents and Settings\MikeB\mfc80u.dll
C:\Documents and Settings\MikeB\msvcr80.dll
C:\Documents and Settings\MikeB\PCPE Setup.exe
C:\Documents and Settings\MikeB\pt_res.dll
C:\Documents and Settings\MikeB\ResourceReader.dll
C:\Documents and Settings\MikeB\ru_res.dll
C:\Documents and Settings\MikeB\zh_res.dll


Some content of TEMP:
====================
C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dll
C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from your Control Panel, Add/Remove then run the following
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next run this tool
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and run the following and post back the log.
 
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jan 26 11:12:57 2014

Found and removed: C:\Program Files\Java\jre6

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_23

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_26

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_29

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_31

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_35

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_37

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_21

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_25

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\JRERunOnce.exe

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jan 26 11:13:46 2014

------------------------------------

Finished reporting.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by MikeB (administrator) on MIKE on 27-01-2014 14:01:41
Running from C:\Documents and Settings\MikeB\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
() C:\Program Files\Allway Sync\Bin\SyncService.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Cypherix Software (India) Pvt. Ltd.) C:\WINDOWS\system32\cryptainersrv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Acronis) C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
(Maxtor) C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\Allway Sync\Bin\syncappw.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(Hercules) C:\Program Files\Hercules\WiFi Station for Livebox\WiFiStationLB.exe
(Dropbox, Inc.) C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [startCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [904776 2008-06-27] (Acronis)
HKLM\...\Run: [Maxtor Scheduler2 Service] - C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [136472 2008-06-27] (Maxtor)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Display] - C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1501064 2009-06-01] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Allway Sync] - C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2013-12-12] ()
HKCU\...\Run: [Zoner Photo Studio Service 16] - C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKCU\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WiFi Station for Livebox.lnk
ShortcutTarget: WiFi Station for Livebox.lnk -> C:\Program Files\Hercules\WiFi Station for Livebox\WiFiStationLB.exe (Hercules)
Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\MikeB\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\MikeB\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281441977531
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Winsock: Catalog9 09 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: LastPass - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\support@lastpass.com [2013-11-21]
FF Extension: ColorfulTabs - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-21]
FF Extension: ReminderFox - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2013-10-03]
FF Extension: DownloadHelper - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-26]
FF Extension: Webpage Snapshot - Snapilicious.com - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\admin@snapilicious.com.xpi [2013-10-09]
FF Extension: anonymoX - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\client@anonymox.net.xpi [2013-09-26]
FF Extension: NoSquint - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\nosquint@urandom.ca.xpi [2013-09-27]
FF Extension: NoScript - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-09-27]
FF Extension: Adblock Plus - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF Extension: Download Statusbar - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-26]
FF Extension: Adblock Edge - C:\Documents and Settings\MikeB\Application Data\Mozilla\Firefox\Profiles\qd167hvd.default-1380204116140\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-30]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-09]
FF HKLM\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119024 2013-05-07] (SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] ()
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2013-12-12] ()
R2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 MaxSch2Svc; C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe [431384 2008-06-27] (Maxtor)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2013-12-20] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [254552 2012-10-16] ()
S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 ssoftservice; C:\WINDOWS\system32\cryptainersrv.exe [74240 2007-01-24] (Cypherix Software (India) Pvt. Ltd.)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2010-08-06] (Meetinghouse Data Communications)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 androidusb; C:\WINDOWS\System32\Drivers\wsadb.sys [34720 2013-09-15] (Google Inc)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-02] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-04] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-01-02] ()
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CXPLRCAP; C:\WINDOWS\System32\drivers\CxPlrCap.sys [187776 2010-01-06] (Conexant Systems, Inc.)
S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [16880 2004-09-30] (Creative Technology Ltd.)
S3 KEYBOARDWDFilter; C:\WINDOWS\System32\Drivers\KEYBOARDWD.SYS [6528 2006-07-17] ()
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)
S3 PCTBD; C:\WINDOWS\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
R0 PCTCore; C:\WINDOWS\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
R0 pctDS; C:\WINDOWS\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\WINDOWS\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 PCTSD; C:\WINDOWS\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 ssoftnt4; C:\WINDOWS\system32\Drivers\ssoftnt4.sys [100728 2008-08-19] (Cypherix Software (India) Pvt. Ltd.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2011-10-25] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2011-10-25] (Acronis)
S3 W8335XP; C:\WINDOWS\System32\DRIVERS\WG311v3XP.sys [265984 2005-02-22] (Marvell Semiconductor, Inc)
R3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2012-03-26] (Wondershare)
R3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2012-03-26] (Wondershare)
U3 Cdisookkwes; No ImagePath
S3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 HssDrv; system32\DRIVERS\HssDrv.sys [x]
S4 IntelIde; No ImagePath
S3 RTL8192cu; system32\DRIVERS\RTL8192cu.sys [x]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 taphss; system32\DRIVERS\taphss.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 14:01 - 2014-01-27 14:01 - 01223168 _____ (Farbar) C:\Documents and Settings\MikeB\Desktop\FRST.exe
2014-01-27 14:01 - 2014-01-27 14:01 - 00022299 _____ C:\Documents and Settings\MikeB\Desktop\FRST.txt
2014-01-27 14:01 - 2014-01-27 14:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\FRST-OlderVersion
2014-01-27 13:41 - 2014-01-27 13:41 - 00002883 _____ C:\Documents and Settings\MikeB\Desktop\fixlist.txt
2014-01-26 19:26 - 2014-01-27 13:35 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-26 19:26 - 2014-01-26 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-26 19:26 - 2014-01-26 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-26 11:14 - 2014-01-26 11:14 - 00003729 _____ C:\Documents and Settings\MikeB\Desktop\JavaRa.log
2014-01-26 11:12 - 2014-01-26 11:13 - 00003729 _____ C:\JavaRa.log
2014-01-26 11:00 - 2014-01-26 11:09 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RemoveJava
2014-01-26 10:55 - 2014-01-26 10:56 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\MikeB\Desktop\TFC.exe
2014-01-26 09:33 - 2014-01-26 09:33 - 00001854 _____ C:\Documents and Settings\All Users\Desktop\WiFi Station for Livebox.lnk
2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Program Files\Hercules
2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hercules
2014-01-26 09:33 - 2008-01-15 21:50 - 00459520 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt73.sys
2014-01-26 09:33 - 2007-02-15 11:36 - 00432128 _____ (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\rt73u98.sys
2014-01-26 09:33 - 2007-02-15 11:36 - 00242816 _____ (Ralink Technology Inc.) C:\WINDOWS\system32\Drivers\rt25u98.sys
2014-01-26 09:33 - 2006-11-08 15:45 - 00240384 _____ (Ralink Technology Inc.) C:\WINDOWS\system32\Drivers\rt2500usb.sys
2014-01-26 09:33 - 2005-11-30 11:33 - 00002048 _____ C:\WINDOWS\system32\Drivers\rt73.bin
2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster
2014-01-23 09:16 - 2014-01-26 16:57 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor
2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2014-01-22 16:35 - 2014-01-27 14:01 - 00000000 ____D C:\FRST
2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET
2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt
2014-01-22 09:17 - 2014-01-22 09:54 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar
2014-01-22 09:17 - 2014-01-22 09:41 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe
2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe
2014-01-21 20:03 - 2014-01-21 20:05 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe
2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt
2014-01-21 11:00 - 2014-01-21 11:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine
2014-01-21 10:58 - 2014-01-21 10:59 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt
2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe
2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe
2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt
2014-01-19 19:46 - 2014-01-19 19:45 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt
2014-01-19 19:40 - 2014-01-19 19:41 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr
2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-18 14:17 - 2014-01-18 14:21 - 00005188 _____ C:\WINDOWS\KB2914368.log
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz
2014-01-18 14:02 - 2014-01-18 14:03 - 00000000 ____D C:\Program Files\ArcSoft
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
2014-01-18 14:01 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
2014-01-18 13:52 - 2014-01-18 13:53 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-16 20:05 - 2014-01-27 12:26 - 00075394 _____ C:\WINDOWS\setupapi.log
2014-01-15 15:40 - 2014-01-27 14:01 - 00470049 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-15 15:40 - 2014-01-27 13:58 - 00000300 _____ C:\WINDOWS\wiadebug.log
2014-01-15 15:40 - 2014-01-27 13:57 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-15 10:02 - 2014-01-18 14:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS
2014-01-10 17:13 - 2009-02-05 02:49 - 00451072 ____N C:\WINDOWS\system32\ISSRemoveSP.exe
2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk
2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR
2014-01-07 16:33 - 2014-01-21 18:39 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-01-07 16:28 - 2014-01-07 16:33 - 00508272 _____ C:\reflect_install.log
2014-01-07 14:50 - 2014-01-12 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst

==================== One Month Modified Files and Folders =======

2014-01-27 14:02 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\Dropbox
2014-01-27 14:01 - 2014-01-27 14:01 - 01223168 _____ (Farbar) C:\Documents and Settings\MikeB\Desktop\FRST.exe
2014-01-27 14:01 - 2014-01-27 14:01 - 00022299 _____ C:\Documents and Settings\MikeB\Desktop\FRST.txt
2014-01-27 14:01 - 2014-01-27 14:01 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\FRST-OlderVersion
2014-01-27 14:01 - 2014-01-22 16:35 - 00000000 ____D C:\FRST
2014-01-27 14:01 - 2014-01-15 15:40 - 00470049 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-27 14:00 - 2010-08-07 20:00 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\My Dropbox
2014-01-27 13:59 - 2012-11-09 17:52 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-27 13:58 - 2014-01-15 15:40 - 00000300 _____ C:\WINDOWS\wiadebug.log
2014-01-27 13:58 - 2010-08-17 08:58 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 13:58 - 2006-02-28 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-27 13:57 - 2014-01-15 15:40 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-27 13:57 - 2010-08-05 03:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-27 13:56 - 2010-08-05 16:51 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2014-01-27 13:56 - 2010-08-05 03:19 - 00032438 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-27 13:41 - 2014-01-27 13:41 - 00002883 _____ C:\Documents and Settings\MikeB\Desktop\fixlist.txt
2014-01-27 13:40 - 2010-08-17 08:58 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-27 13:35 - 2014-01-26 19:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-27 13:23 - 2011-11-19 15:27 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\LastPass
2014-01-27 12:34 - 2010-08-05 03:20 - 00000278 ___SH C:\Documents and Settings\MikeB\ntuser.ini
2014-01-27 12:26 - 2014-01-16 20:05 - 00075394 _____ C:\WINDOWS\setupapi.log
2014-01-27 12:26 - 2006-02-28 13:00 - 00000673 _____ C:\WINDOWS\win.ini
2014-01-27 12:20 - 2013-10-06 09:42 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\vlc
2014-01-26 19:26 - 2014-01-26 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-26 19:26 - 2014-01-26 19:26 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-26 19:24 - 2010-08-07 15:02 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Adobe
2014-01-26 18:39 - 2010-09-29 18:54 - 00000005 _____ C:\Documents and Settings\MikeB\Local Settings\Application Data\{C916D440-D489-4A79-B306-5FDC1E7932C0}.list
2014-01-26 18:33 - 2012-10-16 16:34 - 00727852 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2014-01-26 17:05 - 2012-01-29 11:15 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2014-01-26 16:57 - 2014-01-23 09:16 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\NetSpeedMonitor
2014-01-26 11:14 - 2014-01-26 11:14 - 00003729 _____ C:\Documents and Settings\MikeB\Desktop\JavaRa.log
2014-01-26 11:13 - 2014-01-26 11:12 - 00003729 _____ C:\JavaRa.log
2014-01-26 11:12 - 2010-08-07 19:21 - 00000000 ____D C:\Program Files\Java
2014-01-26 11:09 - 2014-01-26 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RemoveJava
2014-01-26 10:56 - 2014-01-26 10:55 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\MikeB\Desktop\TFC.exe
2014-01-26 09:49 - 2013-04-29 10:40 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\B-Folders 3
2014-01-26 09:43 - 2010-08-07 19:12 - 00000000 ____D C:\Documents and Settings\MikeB\dwhelper
2014-01-26 09:33 - 2014-01-26 09:33 - 00001854 _____ C:\Documents and Settings\All Users\Desktop\WiFi Station for Livebox.lnk
2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Program Files\Hercules
2014-01-26 09:33 - 2014-01-26 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hercules
2014-01-26 09:33 - 2010-08-05 15:37 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-25 18:43 - 2013-09-15 08:35 - 00000896 _____ C:\Documents and Settings\All Users\Desktop\Wondershare MobileGo for Android.lnk
2014-01-24 09:51 - 2014-01-24 09:51 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\DropboxMaster
2014-01-24 09:51 - 2010-08-07 19:53 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\Dropbox
2014-01-23 10:17 - 2010-08-06 11:52 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2014-01-23 09:04 - 2014-01-23 09:04 - 00000000 ____D C:\Program Files\NetSpeedMonitor
2014-01-22 11:05 - 2014-01-22 11:05 - 00000000 ____D C:\Program Files\ESET
2014-01-22 10:25 - 2013-09-15 13:31 - 00000000 ____D C:\AdwCleaner
2014-01-22 10:07 - 2014-01-22 10:07 - 00001198 _____ C:\Documents and Settings\MikeB\Desktop\JRT.txt
2014-01-22 09:54 - 2014-01-22 09:17 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\mbar
2014-01-22 09:41 - 2014-01-22 09:17 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-22 09:37 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\system
2014-01-21 20:08 - 2014-01-21 20:08 - 01236282 _____ C:\Documents and Settings\MikeB\Desktop\AdwCleaner(2).exe
2014-01-21 20:06 - 2014-01-21 20:06 - 01037068 _____ (Thisisu) C:\Documents and Settings\MikeB\Desktop\JRT(1).exe
2014-01-21 20:05 - 2014-01-21 20:03 - 12582688 _____ (Malwarebytes Corp.) C:\Documents and Settings\MikeB\Desktop\mbar-1.07.0.1008.exe
2014-01-21 18:42 - 2010-08-05 03:14 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 18:42 - 2010-05-06 05:14 - 00000000 ____D C:\WINDOWS\repair
2014-01-21 18:39 - 2014-01-07 16:33 - 00002285 _____ C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-01-21 15:27 - 2013-02-22 17:27 - 00000000 ____D C:\FreeOCR
2014-01-21 11:01 - 2014-01-21 11:01 - 00001073 _____ C:\Documents and Settings\MikeB\Desktop\RKreport[1].txt
2014-01-21 11:01 - 2014-01-21 11:00 - 00000000 ____D C:\Documents and Settings\MikeB\Desktop\RK_Quarantine
2014-01-21 10:59 - 2014-01-21 10:58 - 00003486 _____ C:\Documents and Settings\MikeB\Desktop\Rkill.txt
2014-01-21 10:40 - 2014-01-21 10:40 - 00000000 ____D C:\WINDOWS\ERDNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000611 _____ C:\Documents and Settings\MikeB\Desktop\NTREGOPT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000592 _____ C:\Documents and Settings\MikeB\Desktop\ERUNT.lnk
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Program Files\ERUNT
2014-01-21 10:39 - 2014-01-21 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-01-21 09:41 - 2014-01-21 09:41 - 00791393 _____ (Lars Hederer                                                ) C:\Documents and Settings\MikeB\Desktop\erunt-setup.exe
2014-01-21 09:39 - 2014-01-21 09:39 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MikeB\Desktop\rkill(1).exe
2014-01-20 20:49 - 2013-04-27 09:58 - 00002231 _____ C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk
2014-01-19 19:46 - 2014-01-19 19:46 - 00022080 _____ C:\Documents and Settings\MikeB\Desktop\attach.txt
2014-01-19 19:45 - 2014-01-19 19:46 - 00014396 _____ C:\Documents and Settings\MikeB\Desktop\dds.txt
2014-01-19 19:41 - 2014-01-19 19:40 - 00688992 ____R (Swearware) C:\Documents and Settings\MikeB\Desktop\dds.scr
2014-01-19 12:29 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-18 14:48 - 2010-08-07 15:05 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2014-01-18 14:28 - 2013-08-15 09:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-18 14:22 - 2010-08-10 13:54 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-18 14:21 - 2014-01-18 14:21 - 00006184 _____ C:\WINDOWS\FaxSetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002956 _____ C:\WINDOWS\ocgen.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002359 _____ C:\WINDOWS\tsoc.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00002060 _____ C:\WINDOWS\comsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00001248 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000991 _____ C:\WINDOWS\iis6.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000342 _____ C:\WINDOWS\ocmsn.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000309 _____ C:\WINDOWS\msgsocm.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-18 14:21 - 2014-01-18 14:21 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-18 14:21 - 2014-01-18 14:17 - 00005188 _____ C:\WINDOWS\KB2914368.log
2014-01-18 14:21 - 2014-01-15 10:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-18 14:19 - 2013-03-14 10:53 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-18 14:17 - 2013-11-04 19:47 - 00001733 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-01-18 14:08 - 2010-08-05 03:20 - 00000000 ____D C:\Documents and Settings\MikeB
2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\NetworkService
2014-01-18 14:08 - 2010-08-05 03:19 - 00000000 ___SD C:\Documents and Settings\LocalService
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-01-18 14:03 - 2014-01-18 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft ShowBiz
2014-01-18 14:03 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ArcSoft
2014-01-18 14:03 - 2010-08-17 08:58 - 00000000 ____D C:\Program Files\Google
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\Cryptainer
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Program Files\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\MikeB\Start Menu\Programs\ClockworkMod
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2012
2014-01-18 14:02 - 2014-01-18 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Connect
2014-01-18 14:02 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2014-01-18 14:02 - 2013-11-29 08:45 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2014-01-18 14:02 - 2012-05-31 12:55 - 00000000 ____D C:\Program Files\Family Tree Maker 2012
2014-01-18 14:02 - 2011-12-23 15:02 - 00000000 ____D C:\Program Files\BCL Technologies
2014-01-18 14:01 - 2014-01-18 14:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Corporation
2014-01-18 14:01 - 2010-10-24 11:43 - 00000000 ____D C:\Program Files\Legacy
2014-01-18 14:01 - 2010-08-17 08:58 - 00000000 ____D C:\Documents and Settings\MikeB\Local Settings\Application Data\Google
2014-01-18 13:53 - 2014-01-18 13:52 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-15 16:50 - 2010-08-05 15:48 - 00000000 ___RD C:\Documents and Settings\MikeB\My Documents\Cleaner
2014-01-15 15:40 - 2014-01-15 15:40 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2014-01-15 15:15 - 2010-08-08 08:50 - 00000000 ____D C:\WINDOWS\Sun
2014-01-13 15:46 - 2014-01-13 15:46 - 00000949 _____ C:\Documents and Settings\All Users\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2014-01-13 15:46 - 2014-01-13 15:46 - 00000000 ____D C:\Program Files\Western Digital Corporation
2014-01-12 16:55 - 2013-10-31 19:52 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\TeamViewer
2014-01-12 13:24 - 2014-01-07 14:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Macrium
2014-01-12 11:12 - 2011-12-29 12:20 - 00000000 ____D C:\Documents and Settings\MikeB\Application Data\MediaMonkey
2014-01-11 08:49 - 2012-12-27 16:19 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-01-10 17:13 - 2014-01-10 17:13 - 00000000 ____D C:\WINDOWS\OPTIONS
2014-01-10 09:22 - 2010-05-06 05:22 - 00633622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-10 09:11 - 2011-01-11 11:29 - 00000000 ____D C:\Program Files\FreeCDRipper
2014-01-09 13:47 - 2014-01-09 13:47 - 00000677 _____ C:\Documents and Settings\MikeB\Desktop\EPSON Scan (2).lnk
2014-01-09 13:47 - 2013-02-02 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON Scan
2014-01-08 21:34 - 2014-01-08 21:34 - 00000000 ____D C:\Program Files\NETGEAR
2014-01-07 17:26 - 2010-08-05 15:52 - 00000000 ____D C:\Program Files\CCleaner
2014-01-07 17:24 - 2010-08-05 03:22 - 00000000 ____D C:\WINDOWS\system32\Tools
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Program Files\Macrium
2014-01-07 16:33 - 2014-01-07 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-01-07 16:33 - 2014-01-07 16:28 - 00508272 _____ C:\reflect_install.log
2014-01-07 12:15 - 2013-04-27 09:58 - 00000000 ____D C:\Program Files\SlimCleaner
2014-01-02 21:02 - 2013-11-04 14:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2014-01-02 21:01 - 2013-03-06 16:41 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-01-02 21:01 - 2013-03-06 16:41 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-01-02 21:01 - 2012-11-09 17:52 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-01-02 21:01 - 2012-11-09 17:52 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-01-01 11:10 - 2013-06-10 09:33 - 00000780 _____ C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk
2013-12-31 14:26 - 2013-12-31 14:26 - 00183937 _____ C:\Documents and Settings\MikeB\AdobeFnt10.lst
2013-12-31 13:20 - 2011-02-11 20:13 - 00000000 ___SH C:\WINDOWS\system32\+

Files to move or delete:
====================
C:\Documents and Settings\MikeB\en_res.dll
C:\Documents and Settings\MikeB\es_res.dll
C:\Documents and Settings\MikeB\fr_res.dll
C:\Documents and Settings\MikeB\grm_res.dll
C:\Documents and Settings\MikeB\it_res.dll
C:\Documents and Settings\MikeB\jp_res.dll
C:\Documents and Settings\MikeB\mfc80u.dll
C:\Documents and Settings\MikeB\msvcr80.dll
C:\Documents and Settings\MikeB\PCPE Setup.exe
C:\Documents and Settings\MikeB\pt_res.dll
C:\Documents and Settings\MikeB\ResourceReader.dll
C:\Documents and Settings\MikeB\ru_res.dll
C:\Documents and Settings\MikeB\zh_res.dll


Some content of TEMP:
====================
C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpubovtz.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Sorry about that. I got confused - again with all the various logs.

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jan 26 11:12:57 2014

Found and removed: C:\Program Files\Java\jre6

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_23

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_24

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_26

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_29

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_31

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_35

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.6.0_37

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_21

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\jre1.7.0_25

Found and removed: C:\Documents and Settings\MikeB\Application Data\Sun\Java\JRERunOnce.exe

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Jan 26 11:13:46 2014

------------------------------------

Finished reporting.


 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-01-2014
Ran by MikeB at 2014-01-28 10:30:34 Run:2
Running from C:\Documents and Settings\MikeB\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] - [x]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10555
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-18] (Oracle Corporation)
S3 cpuz132; \??\C:\DOCUME~1\MikeB\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Documents and Settings\MikeB\en_res.dll
C:\Documents and Settings\MikeB\es_res.dll
C:\Documents and Settings\MikeB\fr_res.dll
C:\Documents and Settings\MikeB\grm_res.dll
C:\Documents and Settings\MikeB\it_res.dll
C:\Documents and Settings\MikeB\jp_res.dll
C:\Documents and Settings\MikeB\mfc80u.dll
C:\Documents and Settings\MikeB\msvcr80.dll
C:\Documents and Settings\MikeB\PCPE Setup.exe
C:\Documents and Settings\MikeB\pt_res.dll
C:\Documents and Settings\MikeB\ResourceReader.dll
C:\Documents and Settings\MikeB\ru_res.dll
C:\Documents and Settings\MikeB\zh_res.dll
C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dll
C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\SearchAssistant => Value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\CustomizeSearch => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} => Key not found.
HKCR\Wow6432Node\CLSID\{7BE100BC-E95F-4B9E-A4E3-EB22156F3C58} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2 => Key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => not found.
JavaQuickStarterService => Service not found.
cpuz132 => Service not found.
esgiguard => Service not found.
"C:\Documents and Settings\MikeB\en_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\es_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\fr_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\grm_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\it_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\jp_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\mfc80u.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\msvcr80.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\PCPE Setup.exe" => File/Directory not found.
"C:\Documents and Settings\MikeB\pt_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\ResourceReader.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\ru_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\zh_res.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzyf_ve.dll" => File/Directory not found.
"C:\Documents and Settings\MikeB\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":430C6D84" ADS removed successfully.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":5C321E34" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":94A19129" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":9AEE100C" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":C31F31E6" ADS not found.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Immediately after doing the scan etc I had to g out for a while and hence turned the computer off for about four hours.

 

It seems that you have managed to find the problem and more importantely cure it which is absolutely wonderful. All I get on NetMeter now is the usual bit of 'noise' I seem to remember from before the upload started.

 

I am very grateful to you and am confident that nothing is interfering with my machine.

 

I'm off to buy the paid for version which i

Link to post
Share on other sites

  • Root Admin

You're quite welcome Mike

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

 
Remove the rest of the tools used:
 
Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

AdvancedSetup, Thank you for your last post. It is very interesting and I’m browsing the links and learning a lot. I had read elsewhere about the risk in Java but not acted on it.

 

However, my initial enthusiasm on Tuesday evening came to a stop yesterday afternoon when I found that the computer had started uploading around 8+kbp/s continuously again.

 

The only thing I had done with the machine was to check my emails on Mail.com and Gmail using Firefox. No installing new programs and no downloading at all.

 

My untrained logic behind  all this seems to be that whatever is uploading was ‘switched off’ but is now operating again. Frankly, I could easily uninstall most of the programs on the computer without inconveniencing myself very much if you think that might be a good idea. I have everything backed up on Dropbox and an external drive. I can use my wife’s laptop to get online if necessary.

 

I started a list of programs to uninstall but in fact its easier to list those I would prefer to keep;

 

Avast antivirus

Belkin Surf USB wireless adapter

Logitech – for the keyboard

All the Microsoft updates and hotfixes

Malwarebytes Pro – I bought yesterday.

Firefox 26

NetMeter – useful for seeing what is going on with the upload/downloads

 

I appreciate this is going beyond your remit for viruses or malware but perhaps you may have an opinion.

 

As always many thanks for your help,

 

Mike

Link to post
Share on other sites

  • Root Admin

It really depends on what it's uploading.  Any computer connected to the Internet is going to be talking back and forth both sending and receiving as that is a normal process.

 

You can do a netstat -a from the command prompt and it will show you what is connected - there are also tools like TCPView   http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.