Jump to content

Email client (Outlook Express) has virus


Recommended Posts

3 days ago my email client started acting up.  Initial indication was "Last email displayed" was from 1 month ago and nothing current being displayed.  Additionally, some email entries were duplicated up to 24 times each.  I was able to view all emails on the system unless I tried to Delete one of the duplicated emails.  From that point on, any email I tried to view would display the message: "

Message could not be displayed

Outlook Express encountered an unexpected problem while displaying this message. Check your computer for low memory or low disk space and try again."

 

 

In order to be able to read any email again, I need to shut down the email client and restart it.  When I do that, it opens up with the problems noted above again.
 

dds.txt

attach.txt

Link to post
Share on other sites

Additional information............Maleware Bytes PRO version has been installed on the PC for the past 2 years.  I ran a scan using PRO but no infection was detected.  I can receive email on the web client for my internet provider (Optimum Online), but nothing new shows on my desktop client. 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Link to post
Share on other sites

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dan [Admin rights]
Mode : Scan -- Date : 02/16/2014 18:12:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ][PUM] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLPAPER][PUM] HKCU\[...]\Desktop : Wallpaper (C:\WINDOWS\Web\Wallpaper\Bliss.bmp) -> FOUND
[EXT RUN][sUSP PATH] HKLM\Dan_ON_L:\[...]\Run : lanapi.NET (rundll32.exe "C:\Documents and Settings\Dan\Local Settings\Application Data\CdUserOffice\lanapi.NET.dll",ieWebclass SmartEventSupport [x][x][x][x]) -> FOUND
[EXT RUN][sUSP PATH] HKLM\Emma_ON_L:\[...]\Run : salm (c:\temp\salm.exe [x]) -> FOUND
[EXT RUN][sUSP PATH] HKLM\Kristen_ON_L:\[...]\Run : salm (c:\temp\salm.exe [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED (sfsync02.sys @ 0xF78FFD60)

¤¤¤ External Hives: ¤¤¤
-> L:\windows\system32\config\SYSTEM | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\windows\system32\config\SOFTWARE | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\windows\system32\config\SECURITY | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\windows\system32\config\SAM | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\windows\system32\config\DEFAULT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> L:\Documents and Settings\Dan\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Emma\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Emma.FAMILYDESKTOP\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Kristen\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Kristen Nicole\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Sherry\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]
-> L:\Documents and Settings\Sherry_2\NTUSER.DAT | DRVINFO [Drv - L:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) MAXTOR 6L080L4 +++++
--- User ---
[MBR] 622a552c7135357a36100d013dd918ea
[bSP] da044a12a9e455db31201c79935b99ad : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA MK5055GSX USB Device +++++
--- User ---
[MBR] 6d6cdf4e43288bbea4fb43cc33ebfa12
[bSP] ea2e107a5173b79e9394c81003f1bc71 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 476898 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) HP Officejet 6310 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02162014_181233.txt >>

 

 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Dan on Thu 02/20/2014 at 21:49:52.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedmaxpc"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\Dan\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Dan\Application Data\speedmaxpc"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\Common Files\speedmaxpc"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at 22:05:35.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v3.019 - Report created 20/02/2014 at 22:56:41
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dan - FAMILYDESKTOP
# Running from : C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Dan\Application Data\uniblue
Folder Deleted : C:\Documents and Settings\Sherry\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Sherry\Application Data\SpeedMaxPc
Folder Deleted : C:\Documents and Settings\Sherry\Application Data\uniblue
Folder Deleted : C:\Documents and Settings\Sherry\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Kristen\Application Data\Viewpoint

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v32.0.1700.107

[ File : C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Sherry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2346 octets] - [20/02/2014 22:51:25]
AdwCleaner[s0].txt - [2150 octets] - [20/02/2014 22:56:41]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2210 octets] ##########

 

 

 

 

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan :: FAMILYDESKTOP [administrator]

Protection: Enabled

2/20/2014 11:14:14 PM
mbam-log-2014-02-20 (23-14-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421967
Time elapsed: 34 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

ESET, FRST and Addition text files follow:

 

ESET.txt--------------------------------------

C:\Downloads\Install_AIM.exe Win32/Adware.WBug.A application
C:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe Win32/Adware.HiWire application
C:\Program Files\softendo.com\Mario Forever 5.01\Data\Mario Forever.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
L:\Documents and Settings\Dan\Local Settings\Temp\ms0cfg32.exe a variant of Win32/Sefnit.AO trojan
L:\Downloads\Install_AIM.exe Win32/Adware.WBug.A application
L:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application
L:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Win32/Adware.WBug.A application
L:\Program Files\MusicMatch\MusicMatch Jukebox\HWUpdateMove.exe Win32/Adware.HiWire application
L:\Program Files\Oemji\OemjiSearchPlus\sfbnsp.dll Win32/Adware.Nomeh.A application
L:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC potentially unwanted application
ESET.txt-------end of file--------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014
Ran by Dan (administrator) on FAMILYDESKTOP on 21-02-2014 22:26:48
Running from C:\Documents and Settings\Dan\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(CMS Products, Inc.) C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision) C:\WINDOWS\System32\drivers\CDAC11BA.EXE
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
() C:\Program Files\CMS Products\BounceBack Ultimate\CMSITService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [4112384 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-133707808-2143260530-3168066103-1005\...\Run: [Microsoft Works Update Detection] - C:\Program Files\Microsoft Works\WkDetect.exe
HKU\S-1-5-21-133707808-2143260530-3168066103-1005\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [436728 2012-09-10] (TomTom)
HKU\S-1-5-21-133707808-2143260530-3168066103-1005\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
ShortcutTarget: HP Photosmart Premier Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC47FEE166D94CE01
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.130 167.206.245.129

Chrome:
=======


CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Facebook Plugin) - C:\Documents and Settings\Dan\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\Dan\Application Data\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PackageInstaller\NPInstal.dll ()
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (getPlusPlus for Adobe 162102) - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Unity Player) - C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-31]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Dan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-31]

========================== Services (Whitelisted) =================

R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Ultimate\BBWatcherService.exe [57344 2009-06-30] (CMS Products, Inc.)
R2 C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [52736 2003-04-13] (Macrovision)
R2 CMSITService; C:\Program Files\CMS Products\BounceBack Ultimate\CMSITService.exe [40960 2009-06-29] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-21] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2001-08-18] (Microsoft Corporation)
S3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-13] (Microsoft Corporation)
S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2001-06-20] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 CdaC15BA; C:\WINDOWS\System32\drivers\CdaC15BA.SYS [11376 2003-04-13] ()
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [2432 2005-08-19] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [2560 2005-08-19] (Sonic Solutions)
S3 DM9102; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [29696 2001-08-17] (CNet Technology, Inc.                                                    )
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S4 hpt3xx; C:\WINDOWS\System32\DRIVERS\hpt3xx.sys [38144 2001-08-17] (HighPoint Technologies, Inc.)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2005-10-27] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-27] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-27] (HP)
S3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmxp.sys [661770 2002-01-23] (LT)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [731648 2001-08-17] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-08-18] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-18] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [13716 2001-09-16] (Padus, Inc.)
R3 portio; C:\WINDOWS\System32\DRIVERS\portd64.sys [10240 2009-02-17] (CMS Products, Inc.)
S3 SNDP106; C:\WINDOWS\System32\DRIVERS\sndp106.sys [227456 2005-04-08] ()
R3 tbcspud; C:\WINDOWS\System32\drivers\tbcspud.sys [142336 2001-08-29] (Voyetra Turtle Beach)
R3 tbcwdm; C:\WINDOWS\System32\drivers\tbcwdm.sys [524288 2001-08-29] (Voyetra Turtle Beach)
U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2014-02-16] ()
R3 WMP11; C:\WINDOWS\System32\DRIVERS\WMP11NDS.sys [50688 2001-12-24] (The Linksys Group, Inc.)
S3 EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-21 22:26 - 2014-02-21 22:27 - 00014882 _____ () C:\Documents and Settings\Dan\Desktop\FRST.txt
2014-02-21 22:26 - 2014-02-21 22:26 - 00000000 ____D () C:\FRST
2014-02-21 22:25 - 2014-02-21 22:25 - 01142784 _____ (Farbar) C:\Documents and Settings\Dan\Desktop\FRST.exe
2014-02-21 21:17 - 2014-02-21 21:17 - 00000904 _____ () C:\Documents and Settings\Dan\Desktop\eset.txt
2014-02-21 12:32 - 2014-02-21 12:32 - 00000624 _____ () C:\WINDOWS\setupapi.log
2014-02-21 12:32 - 2014-02-21 12:32 - 00000000 ____D () C:\Program Files\ESET
2014-02-20 22:51 - 2014-02-20 22:57 - 00000000 ____D () C:\AdwCleaner
2014-02-20 22:48 - 2014-02-20 22:48 - 01241834 _____ () C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
2014-02-20 22:05 - 2014-02-20 22:05 - 00002539 _____ () C:\Documents and Settings\Dan\Desktop\JRT.txt
2014-02-20 21:46 - 2014-02-20 21:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-20 19:46 - 2014-02-20 19:46 - 01037734 _____ (Thisisu) C:\Documents and Settings\Dan\Desktop\JRT.exe
2014-02-20 15:47 - 2014-02-20 19:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-20 15:45 - 2014-02-20 15:45 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-20 15:44 - 2014-02-20 19:01 - 00000000 ____D () C:\Documents and Settings\Dan\Desktop\mbar
2014-02-17 13:09 - 2014-02-17 13:09 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Dan\Desktop\mbar-1.07.0.1009.exe
2014-02-16 18:12 - 2014-02-16 18:12 - 00005302 _____ () C:\Documents and Settings\Dan\Desktop\RKreport[0]_S_02162014_181233.txt
2014-02-16 18:09 - 2014-02-16 18:12 - 00000000 ____D () C:\Documents and Settings\Dan\Desktop\RK_Quarantine
2014-02-16 18:09 - 2014-02-16 18:09 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-02-16 18:00 - 2014-02-16 18:00 - 03813376 _____ () C:\Documents and Settings\Dan\Desktop\RogueKiller.exe
2014-02-16 17:45 - 2014-02-16 17:48 - 00006636 _____ () C:\Documents and Settings\Dan\Desktop\Rkill.txt
2014-02-16 17:05 - 2014-02-16 17:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan\Desktop\rkill.exe
2014-02-14 17:17 - 2014-02-14 17:17 - 00030389 _____ () C:\Documents and Settings\Dan\Desktop\attach.txt
2014-02-14 17:17 - 2014-02-14 17:17 - 00010140 _____ () C:\Documents and Settings\Dan\Desktop\dds.txt
2014-02-13 20:02 - 2014-02-13 20:02 - 00688992 ____R (Swearware) C:\Documents and Settings\Dan\Desktop\dds.scr
2014-02-13 04:52 - 2014-02-13 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 03:21 - 2014-02-13 03:24 - 00016301 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:14 - 2014-02-13 03:20 - 00008120 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 00:18 - 2014-02-13 04:53 - 00022426 _____ () C:\WINDOWS\KB2916036.log
2014-01-27 16:47 - 2014-01-27 16:47 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-01-27 16:47 - 2014-01-27 16:47 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-01-23 17:34 - 2014-01-23 17:34 - 00000000 ____D () C:\Documents and Settings\Sherry\Local Settings\Application Data\Unity

==================== One Month Modified Files and Folders =======

2014-02-21 22:27 - 2014-02-21 22:26 - 00014882 _____ () C:\Documents and Settings\Dan\Desktop\FRST.txt
2014-02-21 22:26 - 2014-02-21 22:26 - 00000000 ____D () C:\FRST
2014-02-21 22:25 - 2014-02-21 22:25 - 01142784 _____ (Farbar) C:\Documents and Settings\Dan\Desktop\FRST.exe
2014-02-21 22:00 - 2012-08-30 16:55 - 00000886 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 21:51 - 2013-08-08 11:54 - 00000418 ___HC () C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0EE129C-A5AE-4B89-A414-3E5B295D802A}.job
2014-02-21 21:50 - 2012-04-11 09:42 - 00000830 ____C () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-21 21:17 - 2014-02-21 21:17 - 00000904 _____ () C:\Documents and Settings\Dan\Desktop\eset.txt
2014-02-21 17:38 - 2012-08-30 16:59 - 00001813 ____C () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-21 15:24 - 2012-01-05 14:21 - 00000000 ____D () C:\PC Disk Fix
2014-02-21 12:32 - 2014-02-21 12:32 - 00000624 _____ () C:\WINDOWS\setupapi.log
2014-02-21 12:32 - 2014-02-21 12:32 - 00000000 ____D () C:\Program Files\ESET
2014-02-21 09:08 - 2004-08-13 17:15 - 01994908 ____C () C:\WINDOWS\WindowsUpdate.log
2014-02-21 03:00 - 2012-08-30 16:55 - 00000882 ____C () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 23:12 - 2013-11-14 03:41 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-20 23:04 - 2002-03-19 00:12 - 00001170 ____C () C:\WINDOWS\system32\WPA.DBL
2014-02-20 23:02 - 2004-08-16 22:17 - 00004452 ____C () C:\WINDOWS\system32\nvapps.xml
2014-02-20 23:02 - 2001-08-31 09:55 - 00000159 ____C () C:\WINDOWS\WIADEBUG.LOG
2014-02-20 23:02 - 2001-08-31 09:55 - 00000049 ____C () C:\WINDOWS\WIASERVC.LOG
2014-02-20 23:01 - 2002-03-19 00:14 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-02-20 22:59 - 2002-03-19 00:14 - 00032386 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-20 22:57 - 2014-02-20 22:51 - 00000000 ____D () C:\AdwCleaner
2014-02-20 22:48 - 2014-02-20 22:48 - 01241834 _____ () C:\Documents and Settings\Dan\Desktop\AdwCleaner.exe
2014-02-20 22:28 - 2002-03-18 23:53 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-20 22:05 - 2014-02-20 22:05 - 00002539 _____ () C:\Documents and Settings\Dan\Desktop\JRT.txt
2014-02-20 21:46 - 2014-02-20 21:46 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-20 19:52 - 2012-04-11 09:42 - 00692616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 19:52 - 2011-05-16 18:11 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 19:46 - 2014-02-20 19:46 - 01037734 _____ (Thisisu) C:\Documents and Settings\Dan\Desktop\JRT.exe
2014-02-20 19:01 - 2014-02-20 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-20 19:01 - 2014-02-20 15:44 - 00000000 ____D () C:\Documents and Settings\Dan\Desktop\mbar
2014-02-20 15:45 - 2014-02-20 15:45 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-19 18:55 - 2010-03-22 06:26 - 00012250 ____C () C:\Documents and Settings\Dan\My Documents\Info doc.xlsx
2014-02-19 18:42 - 2010-03-23 06:21 - 00025163 ____C () C:\Documents and Settings\Dan\My Documents\Information Sheet.xlsx
2014-02-17 20:14 - 2009-07-09 10:57 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-17 13:09 - 2014-02-17 13:09 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Dan\Desktop\mbar-1.07.0.1009.exe
2014-02-16 18:12 - 2014-02-16 18:12 - 00005302 _____ () C:\Documents and Settings\Dan\Desktop\RKreport[0]_S_02162014_181233.txt
2014-02-16 18:12 - 2014-02-16 18:09 - 00000000 ____D () C:\Documents and Settings\Dan\Desktop\RK_Quarantine
2014-02-16 18:11 - 2002-04-09 12:43 - 00000000 ____D () C:\Documents and Settings\Dan
2014-02-16 18:09 - 2014-02-16 18:09 - 00026624 _____ () C:\WINDOWS\system32\TrueSight.sys
2014-02-16 18:00 - 2014-02-16 18:00 - 03813376 _____ () C:\Documents and Settings\Dan\Desktop\RogueKiller.exe
2014-02-16 17:56 - 2012-01-12 00:07 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-02-16 17:48 - 2014-02-16 17:45 - 00006636 _____ () C:\Documents and Settings\Dan\Desktop\Rkill.txt
2014-02-16 17:05 - 2014-02-16 17:05 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Dan\Desktop\rkill.exe
2014-02-14 17:17 - 2014-02-14 17:17 - 00030389 _____ () C:\Documents and Settings\Dan\Desktop\attach.txt
2014-02-14 17:17 - 2014-02-14 17:17 - 00010140 _____ () C:\Documents and Settings\Dan\Desktop\dds.txt
2014-02-13 20:02 - 2014-02-13 20:02 - 00688992 ____R (Swearware) C:\Documents and Settings\Dan\Desktop\dds.scr
2014-02-13 19:40 - 2005-04-02 20:17 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-13 05:37 - 2007-01-29 20:51 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 04:53 - 2014-02-13 00:18 - 00022426 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 04:53 - 2004-09-15 23:55 - 00559828 ____C () C:\WINDOWS\netfxocm.log
2014-02-13 04:53 - 2004-09-15 23:55 - 00220445 ____C () C:\WINDOWS\MedCtrOC.log
2014-02-13 04:53 - 2004-09-15 23:55 - 00160760 ____C () C:\WINDOWS\tabletoc.log
2014-02-13 04:53 - 2001-08-31 10:13 - 01864006 ____C () C:\WINDOWS\iis6.log
2014-02-13 04:53 - 2001-08-31 10:13 - 01614895 ____C () C:\WINDOWS\TSOC.LOG
2014-02-13 04:53 - 2001-08-31 10:07 - 00695303 ____C () C:\WINDOWS\ntdtcsetup.log
2014-02-13 04:53 - 2001-08-31 10:07 - 00096047 ____C () C:\WINDOWS\COMSETUP.LOG
2014-02-13 04:53 - 2001-08-31 10:07 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-13 04:53 - 2001-08-31 09:59 - 03511536 ____C () C:\WINDOWS\FaxSetup.log
2014-02-13 04:53 - 2001-08-31 09:59 - 01671319 ____C () C:\WINDOWS\OCGEN.LOG
2014-02-13 04:53 - 2001-08-31 09:59 - 00184434 ____C () C:\WINDOWS\OCMSN.LOG
2014-02-13 04:53 - 2001-08-31 09:59 - 00175907 ____C () C:\WINDOWS\MSGSOCM.LOG
2014-02-13 04:53 - 2001-08-31 09:57 - 01072890 ____C () C:\WINDOWS\MSMQINST.LOG
2014-02-13 04:52 - 2014-02-13 04:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 04:52 - 2005-04-19 07:11 - 00501405 ____C () C:\WINDOWS\updspapi.log
2014-02-13 04:30 - 2002-03-19 00:14 - 00582488 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 04:06 - 2013-08-15 02:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 03:41 - 2005-05-11 06:01 - 85946576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 03:24 - 2014-02-13 03:21 - 00016301 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 03:24 - 2001-08-31 10:07 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-13 03:22 - 2009-10-27 09:49 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-13 03:20 - 2014-02-13 03:14 - 00008120 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-06 03:54 - 2001-08-18 08:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2001-08-18 08:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2012-06-14 00:07 - 00522240 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2010-06-11 14:21 - 00743424 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2009-10-27 09:47 - 00247808 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2009-10-27 09:47 - 00012800 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2007-05-08 23:22 - 11113472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2007-05-08 23:22 - 02006016 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2007-05-08 23:22 - 00630272 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2007-05-08 23:22 - 00055296 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2006-11-07 21:03 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2006-10-17 12:05 - 00105984 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2006-10-17 12:04 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2006-10-17 11:57 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2006-05-19 10:08 - 06021120 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 01216000 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2006-05-10 00:23 - 00920064 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2004-07-06 18:47 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-01-08 14:23 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2003-12-23 13:14 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2002-07-23 07:57 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2001-08-18 08:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2001-08-18 08:00 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 18:26 - 2001-08-18 08:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 17:24 - 2004-08-04 00:59 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-01-27 21:33 - 2004-01-19 10:01 - 00686080 _____ () C:\Documents and Settings\Sherry\My Documents\LAKELAN4.xls
2014-01-27 16:47 - 2014-01-27 16:47 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-01-27 16:47 - 2014-01-27 16:47 - 00001409 _____ () C:\WINDOWS\QTFont.for
2014-01-23 17:34 - 2014-01-23 17:34 - 00000000 ____D () C:\Documents and Settings\Sherry\Local Settings\Application Data\Unity

Some content of TEMP:
====================
C:\Documents and Settings\Dan\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Dan\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\JuniperSetupClientInstaller.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014
Ran by Dan at 2014-02-21 22:29:36
Running from C:\Documents and Settings\Dan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

3D Brick Bustin Madness (HKLM\...\3D Brick Bustin Madness Version:  - )
6300 (Version: 70.0.231.000 - Hewlett-Packard) Hidden
6300_Help (Version: 70.0.231.000 - Hewlett-Packard) Hidden
6300Trb (Version: 70.0.231.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Version: 1.0 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001} Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player Version: 11.6.1.629 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer Version:  3.0 - Adobe Systems, Inc.)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2 Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AiO_Scan_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 70.0.231.000 - Hewlett-Packard) Hidden
Amazing Slow Downer (remove only) (HKLM\...\Amazing Slow Downer EE Version:  - )
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA} Version: 4.0.101 - Vantage Software Technologies)
Audit Support Center 1.0 (HKLM\...\Audit Support Center Version: 1.0 - Intuit)
BounceBack Ultimate (HKLM\...\{65AE1DE1-C727-4424-8948-6C14455B622F} Version: 9.1.0 - CMS Products)
Breakit4 (HKLM\...\com.terrypaton.breakit4 Version: 1.1.1 - Terence Paton)
Breakit4 (Version: 1.1.1 - Terence Paton) Hidden
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Camera Window (Version: 4.5.2 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.1 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A} Version: 4.5.2 - Canon)
Canon EOS Kiss REBEL 300D WIA Driver (HKLM\...\InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F} Version: 5.1 - Canon)
Canon PhotoRecord (HKLM\...\{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D} Version: 02.00.00029 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23} Version: 0.9.0 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87} Version: 0.9.0 - Canon)
Canon Utilities File Viewer Utility 1.3 (HKLM\...\InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D} Version: 1.3.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B} Version: 3.1.10 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4} Version: 2.7.5 - Canon)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} Version: 04.05.01148 - CISRA)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0 Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2 Version: 5.0.0.2 - Coupons.com Incorporated) <==== ATTENTION
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11 Version:  - Microsoft Corporation)
Cue Club (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110080840} Version:  - Oberon Media)
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5 Version: 3.0.0.0 - Dell Inc)
Dell Picture Studio - Image Expert 2000 (HKLM\...\Image Expert 3.2 Version:  - )
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288} Version: 1.00.0000 - Dell)
DellTouch (HKLM\...\{706D5382-7381-4680-9DD0-161832578252} Version:  - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Spy Camera (HKLM\...\SNDP106 Version:  - )
Disney Interactive Global Compatibility Update June 2003 (HKLM\...\{4acec804-8c2c-4c78-9127-6c6b756e44e2}.sdb Version:  - )
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocumentViewer (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DocumentViewerQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1 Version:  - Lars Hederer)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In Version:  - Facebook, Inc.)
Fax_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
File Viewer Utility 1.3.2 (Version: 1.3.2 - Canon) Hidden
Flip Words (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903} Version:  - Oberon Media)
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Garmin City Navigator North America NT 2010.20 (HKLM\...\{C2E8B236-7554-45FE-92C0-94EF76E4D182} Version: 13.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{EFF87108-C9D0-43F1-BEE1-28DA87778F1A} Version: 2.8.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD} Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
GedCom Viewer (HKLM\...\ST6UNST #1 Version:  - )
Gemsweeper (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113219527} Version:  - Oberon Media)
Golden Retriever Cash Back (HKLM\...\70tovmto Version:  - )
Google Chrome (HKLM\...\Google Chrome Version: 33.0.1750.117 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F} Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Hallmark Card Studio 3 Deluxe (HKLM\...\{A022314D-F75A-4784-9AF7-A5F00C56ECC5} Version:  - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities Version: 7.0 - HP)
HP Document Viewer 7.0 (HKLM\...\HP Document Viewer Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions Version: 7.0 - HP)
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging Version: 6.5 - HP)
HP Photosmart, Officejet and Deskjet 7.0.A (HKLM\...\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C} Version:  - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools Version: 7.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC} Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 100.0.172.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM\...\ImgBurn Version: 2.5.6.0 - LIGHTNING UK!)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InterActual Player (HKLM\...\InterActual Player Version:  - )
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF} Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JumpStart Typing (HKLM\...\JSTYPING Version:  - Knowledge Adventure)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKCU\...\Juniper_Term_Services Version: 7.1.0.19525 - Juniper Networks)
Kiran's Typing Tutor 1.0 (HKLM\...\Kiran's Typing Tutor_is1 Version: 1.0 - Kiran)
KODAK Gallery Upload Software (HKLM\...\{B7F98125-4955-41E3-8A71-4CE11CE9C198} Version: 1.00.0000 - EASTMAN KODAK Company)
Lucent Win Modem (HKLM\...\LTWinModem Version:  - )
Mah Jong Medley (HKLM\...\am-mahjongmedley Version:  - )
Mahjongg dimensions (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118382203} Version:  - Oberon Media)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mario Forever 5.01 (HKLM\...\Mario Forever 5.01 Version:  - )
MarketResearch (Version: 70.0.170.000 - Hewlett-Packard) Hidden
MGI VideoWave 4 (HKLM\...\{1CB63C5C-DA69-4793-BD35-43BDE2A86D43} Version: 4.0.928.1 - MGI Software Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033) Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023 Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941 Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906 Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1 Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A} Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1 Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669 Version:  - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2002 (HKLM\...\{01001202-823E-46CD-A70E-BEE818F97169} Version: 2002 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7} Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7} Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7} Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93} Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE} Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft PhotoDraw 2000 (HKLM\...\Microsoft PhotoDraw 2000 Version:  - )
Microsoft Picture It! Photo 2002 (HKLM\...\{C769A271-7E1C-48F9-B331-474600DD4C06} Version: 6.0.0.0000 - Microsoft)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000 Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118} Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475} Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F} Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM\...\Works2002Setup Version:  - )
Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704} Version: 06.00.0000 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{C3A439E4-7303-491F-A678-CEA36A87D517} Version: 2.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF} Version:  - )
Move Media Player (HKCU\...\Move Media Player Version:  - Move Networks)
MSN Money Investment Toolbox (HKLM\...\Money2006a Version: 15 - Microsoft)
MSN Music Assistant (HKLM\...\MSN Music Assistant Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F} Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF} Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Version: 4.20.9876.0 - Microsoft Corporation)
MyDVD (HKLM\...\{5E835305-63BB-4E55-BBB7-EEBBE67774DB} Version:  - )
MyTomTom 3.2.0.802 (HKLM\...\MyTomTom Version: 3.2.0.802 - TomTom)
NewCopy_CDA (Version: 70.0.231.000 - Hewlett-Packard) Hidden
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71} Version: 0.91.000 - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers Version:  - )
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR Version: 7.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Palm Desktop by ACCESS (HKLM\...\{FD6034A3-655C-49F0-B496-D4CBFD74D7A7} Version: 6.4.0.0 - Palm, Inc.)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C1} Version:  - )
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.10 - Canon) Hidden
PictureProject In Touch Downloader 1.0 (HKLM\...\PictureProject In Touch Downloader Version: 1.0 - Fotonation Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} Version:  - )
PRO200WL (HKLM\...\{280C7673-2DF8-4E74-B031-D8F108BE2A6D} Version:  - )
ProductContextNPI (Version: 70.0.231.000 - Hewlett-Packard) Hidden
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RAW Image Task (Version: 0.9.0 - Canon) Hidden
Readme (Version: 70.0.231.000 - Hewlett-Packard) Hidden
RealArcade (HKLM\...\RealArcade 1.2 Version:  - )
RemoteCapture 2.7.5 (Version: 2.7.5 - Canon) Hidden
RemoteCapture Task (Version: 0.9.0 - Canon) Hidden
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Version: 1.0.604 - RealNetworks)
RocketBowl (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110260310} Version:  - Oberon Media)
Santa Cruz (HKLM\...\{A4D58580-EA01-11D3-9318-008048B86EFE} Version:  - )
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
Shockwave (HKLM\...\Shockwave Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies Version: 10.0 - HP)
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Spy Gear Digital Spy Camera (HKLM\...\{3DC3C179-A946-4C95-AB65-0A01C0FB5AB1} Version: 1.0.0.2 - )
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Scruffs (HKLM\...\am-thescruffs Version:  - )
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B} Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533} Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Trijinx (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110516917} Version:  - Oberon Media)
TurboTax 2009 (HKLM\...\TurboTax 2009 Version:  - Intuit, Inc)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2163 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0238 - Intuit Inc.) Hidden
TurboTax 2009 wnjiper (Version: 009.000.0775 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2010 (HKLM\...\TurboTax 2010 Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wnjiper (Version: 010.000.1316 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011 Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wnjiper (Version: 011.000.1627 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wnjiper (Version: 012.000.1484 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
Unity Web Player (HKLM\...\UnityWebPlayer Version: 2.5.1f5_24931 - Unity Technologies ApS) <==== ATTENTION
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D} Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3} Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F} Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2} Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8 Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8 Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2 Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2 Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687 Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815 Version: 1 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790} Version: 10.0.0 - TomTom International B.V.)
WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Defender Signatures (Version: 1.20.0.0 - Microsoft Corporation) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841 Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (HKLM\...\WGA Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8 Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2 Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack Version: 20080414.031525 - Microsoft Corporation)
Wireless PCI Card Configuration Utility (HKLM\...\{1FADC8AB-5575-4D87-8870-EE527D86163F} Version:  - )
Wonderland (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110014687} Version:  - Oberon Media)
Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (Version: 1.0.0.0000 - Your Company Name) Hidden
XMLplayer (HKLM\...\XMLplayer Version:  - )

==================== Restore Points  =========================

18-01-2014 08:48:16 Software Distribution Service 3.0
19-01-2014 07:11:17 Software Distribution Service 3.0
20-01-2014 08:07:02 System Checkpoint
20-01-2014 08:49:10 Software Distribution Service 3.0
21-01-2014 08:57:55 Software Distribution Service 3.0
22-01-2014 08:48:24 Software Distribution Service 3.0
23-01-2014 08:50:03 Software Distribution Service 3.0
24-01-2014 08:50:39 Software Distribution Service 3.0
25-01-2014 09:05:14 Software Distribution Service 3.0
26-01-2014 07:11:46 Software Distribution Service 3.0
27-01-2014 01:08:31 Software Distribution Service 3.0
28-01-2014 01:07:49 Software Distribution Service 3.0
29-01-2014 01:06:28 Software Distribution Service 3.0
30-01-2014 01:06:39 Software Distribution Service 3.0
31-01-2014 01:06:17 Software Distribution Service 3.0
01-02-2014 01:14:03 Software Distribution Service 3.0
02-02-2014 01:06:43 Software Distribution Service 3.0
02-02-2014 07:02:49 Software Distribution Service 3.0
03-02-2014 01:05:53 Software Distribution Service 3.0
04-02-2014 01:05:59 Software Distribution Service 3.0
05-02-2014 01:06:22 Software Distribution Service 3.0
06-02-2014 01:08:40 Software Distribution Service 3.0
07-02-2014 01:08:03 Software Distribution Service 3.0
08-02-2014 01:04:57 Software Distribution Service 3.0
09-02-2014 01:06:28 Software Distribution Service 3.0
09-02-2014 07:03:29 Software Distribution Service 3.0
10-02-2014 01:07:58 Software Distribution Service 3.0
11-02-2014 01:08:11 Software Distribution Service 3.0
12-02-2014 01:07:02 Software Distribution Service 3.0
13-02-2014 01:06:09 Software Distribution Service 3.0
13-02-2014 08:00:54 Software Distribution Service 3.0
14-02-2014 08:50:09 System Checkpoint
14-02-2014 20:41:45 Software Distribution Service 3.0
15-02-2014 20:44:36 Software Distribution Service 3.0
16-02-2014 06:56:25 Software Distribution Service 3.0
16-02-2014 20:47:57 Software Distribution Service 3.0
18-02-2014 17:35:20 Software Distribution Service 3.0
19-02-2014 17:34:19 Software Distribution Service 3.0
20-02-2014 17:32:40 Software Distribution Service 3.0
22-02-2014 02:46:28 System Checkpoint

==================== Hosts content: ==========================

2001-08-18 08:00 - 2012-01-16 20:23 - 00000027 ___AC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0EE129C-A5AE-4B89-A414-3E5B295D802A}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-09-10 03:17 - 2012-09-10 03:17 - 00025592 _____ () C:\Program Files\MyTomTom 3\DeviceDetection.dll
2012-09-10 03:17 - 2012-09-10 03:17 - 00073720 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2012-09-10 03:17 - 2012-09-10 03:17 - 00254968 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2011-01-04 10:45 - 2009-06-29 01:07 - 00040960 ____N () C:\Program Files\CMS Products\BounceBack Ultimate\CMSITService.exe
2011-01-04 10:44 - 2009-06-30 10:56 - 00126976 ____N () C:\Program Files\CMS Products\BounceBack Ultimate\DMO.dll
2010-04-12 08:41 - 2010-04-12 08:41 - 00854016 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-12 08:41 - 2010-04-12 08:41 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-01-31 14:30 - 2011-01-31 14:30 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-07-10 03:46 - 2013-07-10 03:46 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_cb7dda04\mscorlib.dll
2013-07-10 03:45 - 2013-07-10 03:45 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_780dabcb\system.windows.forms.dll
2013-07-10 03:45 - 2013-07-10 03:45 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ad828bd3\system.drawing.dll
2013-07-10 03:44 - 2013-07-10 03:44 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7a46d014\system.dll
2013-07-10 03:45 - 2013-07-10 03:45 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_afcc11a6\system.xml.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F784F4D8

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 09:04:51 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/20/2014 11:27:11 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/20/2014 11:05:13 PM) (Source: COM+) (User: )
Description: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector failed

Error: (02/16/2014 04:55:34 PM) (Source: Application Hang) (User: )
Description: Fault bucket 736169863.

Error: (02/16/2014 04:55:23 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/14/2014 05:11:26 PM) (Source: Application Hang) (User: )
Description: Fault bucket 736169863.

Error: (02/14/2014 05:11:22 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/14/2014 03:18:52 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/14/2014 02:16:04 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/13/2014 11:08:05 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

System errors:
=============
Error: (02/20/2014 11:05:45 PM) (Source: Service Control Manager) (User: )
Description: The MS Software Shadow Copy Provider service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/20/2014 11:05:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (02/20/2014 11:05:13 PM) (Source: Service Control Manager) (User: )
Description: The COM+ System Application service failed to start due to the following error:
%%1053

Error: (02/20/2014 11:05:13 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

Error: (02/20/2014 11:05:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service COMSysApp with arguments ""
in order to run the server:
{ECABAFBC-7F19-11D2-978E-0000F8757E2A}

Error: (02/20/2014 11:04:27 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Error: (02/20/2014 10:29:08 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (02/20/2014 09:42:58 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (02/17/2014 00:23:58 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (02/17/2014 00:23:14 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Microsoft Office Sessions:
=========================
Error: (05/14/2012 05:37:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/10/2012 08:35:34 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1261 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/09/2011 05:45:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32138 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/08/2011 08:49:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/30/2011 01:52:13 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46236 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (04/29/2011 01:01:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/28/2011 08:49:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 117 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/10/2011 07:03:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 177 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (01/07/2011 06:57:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 264 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (12/26/2010 08:46:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2401 seconds with 120 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 1023.01 MB
Available physical RAM: 315.21 MB
Total Pagefile: 2460.3 MB
Available Pagefile: 1671.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:2.18 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CS3DLX_CD3) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS
Drive e: (TurboTax 2012) (CDROM) (Total:0.36 GB) (Free:0 GB) CDFS
Drive l: () (Fixed) (Total:465.72 GB) (Free:374.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: FD478BC7)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 14B2572E)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from Control Panel, Add/Remove

 

Then run the following

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

Next, please uninstall all of the following software from Control Panel, Add/Remove

 

 

MusicMatch Jukebox
OemjiSearchPlus
Uniblue SpeedUpMyPC
WeatherBug

 

Then run the following.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here is the Java Log.  I couldn't find any of the 4 pieces of software you wanted me to remove from Control Panel, Add/Remove....MusicMatch, Oemji, Uniblue and WeatherBug.

 

 

 

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Feb 22 12:28:43 2014

Found and removed: C:\Program Files\Java\j2re1.4.2_04

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Documents and Settings\Dan\Application Data\Sun\Java\jre1.6.0_30

Found and removed: C:\Documents and Settings\Dan\Application Data\Sun\Java\jre1.6.0_35

Found and removed: C:\Documents and Settings\Dan\Application Data\Sun\Java\jre1.7.0_17

Found and removed: C:\Documents and Settings\Dan\Application Data\Sun\Java\JRERunOnce.exe

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\JavaPlugin.142_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.4.2.0

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

Found and removed: SYSTEM\ControlSet001\Enum\Root\LEGACY_MSISERVER\0000\Control

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Feb 22 12:29:33 2014

------------------------------------

Finished reporting.

 

 

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2014
Ran by Dan at 2014-02-22 13:03:15 Run:1
Running from C:\Documents and Settings\Dan\Desktop\FRSTfix
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
C:\Downloads\Install_AIM.exe
L:\Documents and Settings\Dan\Local Settings\Temp\ms0cfg32.exe
L:\Downloads\Install_AIM.exe
L:\Program Files\AIM\Sysfiles\WxBug.EXE
L:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
L:\Program Files\Oemji
L:\Program Files\Uniblue
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [4112384 2004-07-12] (NVIDIA Corporation)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-21] (Oracle Corporation)
C:\Documents and Settings\Dan\Local Settings\temp\ntdll_dump.dll
C:\Documents and Settings\Dan\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u39-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Sherry\Local Settings\temp\JuniperSetupClientInstaller.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F784F4D8

*****************

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.
C:\Downloads\Install_AIM.exe => Moved successfully.
L:\Documents and Settings\Dan\Local Settings\Temp\ms0cfg32.exe => Moved successfully.
L:\Downloads\Install_AIM.exe => Moved successfully.
L:\Program Files\AIM\Sysfiles\WxBug.EXE => Moved successfully.
L:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll => Moved successfully.
L:\Program Files\Oemji => Moved successfully.
L:\Program Files\Uniblue => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Unable to delete value
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key not found.
HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll not found.
JavaQuickStarterService => Service not found.
C:\Documents and Settings\Dan\Local Settings\temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\Dan\Local Settings\temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\jre-6u39-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Sherry\Local Settings\temp\JuniperSetupClientInstaller.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":430C6D84" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":F784F4D8" ADS removed successfully.

The system needs a manual reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

I'm very sorry for the delay.  In the future if I've not replied within 24 when I'm already helping you please send me a PM to let me know.

 

Please run a Quick Scan with Malwarebytes
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.
 

Then run the following.

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan :: FAMILYDESKTOP [administrator]

Protection: Enabled

2/27/2014 8:11:18 PM
mbam-log-2014-02-27 (20-11-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424782
Time elapsed: 49 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

 Results of screen317's Security Check version 0.99.79 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Digital Spy Camera  
 Spy Gear Digital Spy Camera
 Windows Defender Signatures  
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.107 
 Google Chrome 33.0.1750.117 
 Google Chrome plugins... 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 46% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Link to post
Share on other sites

  • Root Admin

Well the system found and removed a lot of PUP and we removed old compromised Java.

The computer does not appear to be showing signs of an infection at this time anymore.

Your issues with email now may have nothing to do with the infection.

Please see if the following article is helpful for the email issue

Outlook Express Inbox does not Display New Messages

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.