Can't connect to Internet or run Malwarebytes

trezabrown · February 16, 2014

Can't connect to Internet or run Malwarebytes and some programs are not showing, but are on the computer. Can someone assist me? I didn't know if I could follow instructions that were given to me a year ago or if I should get new instructions.

Thanks

jeffce · February 17, 2014

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Let's get going!!
----------

jeffce · February 17, 2014

Presently....if you need to transfer our tools from one system to another please do so.

So you can not connect to your internet at all with this system?

------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

----------

Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.
Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
Scan your system for malware
If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.
----------

AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
----------

trezabrown · February 17, 2014

Thank you, I am following your instructions. FYI I am using another computer to download farber service scanner and then I'll put on put on flash and use on infected computer, again thank you...

trezabrown · February 17, 2014

The log below,

Anti-Roortkit found no malware.

AdwCleaner by Xplode is a setup.exe file that says Fusion install and it will not run.

Farbar Service Scanner Version: 16-02-2014
Ran by Teresa Brown (administrator) on 16-02-2014 at 22:34:46
Running from "C:\Documents and Settings\TEMP\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

jeffce · February 17, 2014

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
Double click dds to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------

FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
----------

trezabrown · February 17, 2014

The two Links you provided say blank page, I'll try to get the file on my ipad and email. Please note that the Anti Root file I was unable to update on infected computer becuz I cant go on the net, but I ran it anyway without the update. I will run it again from your new instructions above after I get one of the links to work...

trezabrown · February 17, 2014

Here you go per your instructions

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by Teresa Brown at 7:39:37 on 2014-02-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1501 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Sonic\PowerISO\PWRISOVM.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
uURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NASDAQ Quote Toolbar: {A057A204-BACC-4D26-CCD1-7FBE89E33DC9} - c:\program files\nasdaq\nasdaq.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll
TB: NASDAQ Quote Toolbar: {A057A204-BACC-4D26-CCD1-7FBE89E33DC9} - c:\program files\nasdaq\nasdaq.dll
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\temp\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PWRISOVM.EXE] c:\program files\sonic\poweriso\PWRISOVM.EXE -startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 11.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\button~1.lnk - c:\program files\initio\button manager v1.874\inihid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup & record\uBBMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\wcieactivex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{00918063-022C-48CB-B62D-E725D90E0C76} : NameServer = 98.191.158.2
TCP: Interfaces\{00918063-022C-48CB-B62D-E725D90E0C76} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
S3 Oefilvc;Oefilvc; [x]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver mx\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-17 06:07:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-02-17 06:03:33 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-16 00:07:03 -------- d-----w- C:\FixNCR
2014-02-15 16:35:57 107224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
==================== Find3M ====================
.
2013-09-04 17:23:52 1043136 ----a-w- c:\program files\NasdaqToolbar.exe
.
============= FINISH: 7:40:15.07 ===============

Per your instructions txt instead of a zip. attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 10:00:38 AM
System Uptime: 2/17/2014 7:36:11 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | CPU 1 | 2693/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 218.531 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP339: 9/23/2013 10:46:54 AM - System Checkpoint
RP340: 9/24/2013 12:59:24 PM - System Checkpoint
RP341: 9/25/2013 1:30:06 PM - System Checkpoint
RP342: 9/26/2013 4:12:33 PM - System Checkpoint
RP343: 9/27/2013 4:57:46 PM - System Checkpoint
RP344: 9/30/2013 9:04:22 AM - System Checkpoint
RP345: 10/1/2013 11:54:22 AM - System Checkpoint
RP346: 10/2/2013 12:32:44 PM - System Checkpoint
RP347: 10/3/2013 1:29:37 PM - System Checkpoint
RP348: 10/4/2013 2:01:21 PM - System Checkpoint
RP349: 10/7/2013 9:12:32 AM - System Checkpoint
RP350: 10/8/2013 10:04:55 AM - System Checkpoint
RP351: 10/9/2013 2:09:50 PM - System Checkpoint
RP352: 10/10/2013 2:42:00 PM - System Checkpoint
RP353: 10/11/2013 2:46:59 PM - System Checkpoint
RP354: 10/12/2013 3:58:16 PM - System Checkpoint
RP355: 10/13/2013 5:17:17 PM - System Checkpoint
RP356: 10/15/2013 9:53:40 AM - System Checkpoint
RP357: 10/16/2013 10:05:57 AM - System Checkpoint
RP358: 10/17/2013 12:00:41 PM - System Checkpoint
RP359: 10/18/2013 12:51:15 PM - System Checkpoint
RP360: 10/22/2013 9:18:28 AM - System Checkpoint
RP361: 10/23/2013 9:52:41 AM - System Checkpoint
RP362: 10/24/2013 12:51:35 PM - System Checkpoint
RP363: 10/25/2013 1:29:42 PM - System Checkpoint
RP364: 10/28/2013 9:05:19 AM - System Checkpoint
RP365: 10/29/2013 9:15:44 AM - System Checkpoint
RP366: 10/30/2013 11:04:18 AM - System Checkpoint
RP367: 10/31/2013 11:55:31 AM - System Checkpoint
RP368: 11/1/2013 2:32:10 PM - System Checkpoint
RP369: 11/5/2013 3:31:30 PM - System Checkpoint
RP370: 11/6/2013 3:44:00 PM - System Checkpoint
RP371: 11/21/2013 1:23:16 PM - System Checkpoint
RP372: 11/22/2013 1:41:32 PM - System Checkpoint
RP373: 11/23/2013 2:38:59 PM - System Checkpoint
RP374: 11/24/2013 4:09:00 PM - System Checkpoint
RP375: 11/25/2013 4:09:24 PM - System Checkpoint
RP376: 12/18/2013 4:34:24 PM - System Checkpoint
RP377: 2/13/2014 4:21:18 PM - System Checkpoint
.
==== Installed Programs ======================
.
AccountEdge ODBC Connect v13 US
AccountEdge Payroll Form Viewer
AccountEdge Payroll Form Viewer (v4)
AccountEdge Pro 2013 (v22)
Acrobat.com
Adobe Acrobat XI Pro
Adobe AIR
Adobe Connect 9 Add-in
Adobe Connect Add-in
Adobe Creative Suite 6 Design Standard
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader 9.2
Adobe SVG Viewer 3.0
Adobe® Content Viewer
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup & Record
Bonjour
Button Manager v1.874
Canon Camera Access Library
Canon CanoScan Toolbox 4.6
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX230 HS and PowerShot SX220 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Map Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CardScan 7.0.5
Cisco WebEx Meetings
Consumer In-Home Service Agreement
Coupon Printer for Windows
DBA Manufacturing Client
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Online
Dell Dock
Dell Driver Reset Tool
Dell System Restore
Google Chrome
GoToMeeting 5.4.0.1082
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 6
Java Auto Updater
Java 6 Update 16
Junk Mail filter update
Macromedia Dreamweaver MX
Macromedia Extension Manager
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Music Transfer
MYOB ODBC Direct v10 US
MYOB ODBC Direct v7
MYOB Payroll Tax Forms
MYOB Payroll Tax Forms (v16)
MYOB Premier Accounting 2007 (v16)
NASDAQ Quote Toolbar
Network Recording Player
OGA Notifier 2.0.0048.0
PDF Settings CS6
Picture Control Utility
PowerISO
Primo
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic Activation Module
Sony Picture Utility
Spelling Dictionaries Support For Adobe Reader 9
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
User Profile Hive Cleanup Service
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Writing Your California Employee Handbook
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/16/2014 10:43:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:43:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:43:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:43:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:42:27 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/16/2014 10:10:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:10:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:10:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:10:31 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/16/2014 10:09:34 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/15/2014 8:29:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 8:29:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 8:29:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 8:29:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 8:28:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/15/2014 8:18:26 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CDVINC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2/15/2014 2:34:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 2:34:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 2:34:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 2:34:36 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/15/2014 2:33:40 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
2/15/2014 2:33:39 PM, error: Microsoft Antimalware [1014] - Microsoft Antimalware has encountered an error trying to remove history of malware and other potentially unwanted software. Time: 1/16/2014 2:33:39 PM User: NT AUTHORITY\SYSTEM Error Code: 0x80070005 Error description: Access is denied.
2/13/2014 4:15:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/13/2014 4:15:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/13/2014 4:15:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/13/2014 4:15:57 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.9901.0&avdelta=1.159.346.0&asdelta=1.159.346.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
2/13/2014 4:15:54 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.159.346.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================

First.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Teresa Brown (administrator) on TERESAXP on 17-02-2014 07:48:12
Running from C:\Documents and Settings\TEMP\Desktop\Farbar R T
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Windows ® Codename Longhorn DDK provider) C:\Program Files\UPHClean\uphclean.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(PowerISO Computing, Inc.) C:\Program Files\Sonic\PowerISO\PWRISOVM.EXE
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AcroDist.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18084864 2009-03-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2009-03-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Dell DataSafe Online] - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\Sonic\PowerISO\PWRISOVM.EXE [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [RoxioDragToDisc] - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-12-21] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\Run: [Google Update] - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2012-03-15] (Google Inc.) <===== ATTENTION
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) <===== ATTENTION
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\Run: [CardScan AutoSync] - [X]
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-484763869-1606980848-839522115-1254\...\MountPoints2: {48148337-2161-11df-bf1f-0025640498f2} - K:\LaunchU3.exe -a
Startup: C:\Documents and Settings\administrator.CDVINC\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Button Manager v1.874.lnk
ShortcutTarget: Button Manager v1.874.lnk -> C:\Program Files\INITIO\Button Manager v1.874\inihid.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Copy of teresa brown\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Copy of teresa brown\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7619\Launcher.exe (No File)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\jimr\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\Teresa B\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\teresa brown\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\teresa brown\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files\Webshots\3.1.5.7619\Launcher.exe (No File)
Startup: C:\Documents and Settings\tueng\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Documents and Settings\tufin\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7bacbb170b-e153-4e42-9e92-4fecb90a6786%7d&q={searchTerms}
SearchScopes: HKLM - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7bacbb170b-e153-4e42-9e92-4fecb90a6786%7d&q={searchTerms}
SearchScopes: HKCU - DefaultScope {56748C63-B7C6-4A25-96BF-1D7D69A82F54} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = http://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7bacbb170b-e153-4e42-9e92-4fecb90a6786%7d&q={searchTerms}
SearchScopes: HKCU - {56748C63-B7C6-4A25-96BF-1D7D69A82F54} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: NASDAQ Quote Toolbar - {A057A204-BACC-4D26-CCD1-7FBE89E33DC9} - C:\Program Files\nasdaq\nasdaq.dll (Nasdaq )
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - NASDAQ Quote Toolbar - {A057A204-BACC-4D26-CCD1-7FBE89E33DC9} - C:\Program Files\nasdaq\nasdaq.dll (Nasdaq )
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/71.12/uploader2.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{00918063-022C-48CB-B62D-E725D90E0C76}: [NameServer]98.191.158.2

FireFox:
========
FF ProfilePath: C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\3uodvrq8.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: No Name - C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\3uodvrq8.default\Extensions\staged-xpis [2012-02-08]
FF Extension: No Name - C:\Documents and Settings\TEMP\Application Data\Mozilla\Firefox\Profiles\3uodvrq8.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-03-06]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe AcrobatXPro\Acrobat\Air\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Java Platform SE 7 U6) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.60.24) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-15]
CHR Extension: (Google Search) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-15]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-03-06]
CHR Extension: (The QR Code Generator) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2013-05-17]
CHR Extension: (AdBlock) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-25]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-15]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-08-28] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [399872 2010-09-13] (Windows ® Codename Longhorn DDK provider)
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 Oefilvc; No ImagePath

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R1 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
U1 WS2IFSL;
U3 mbr; \??\C:\DOCUME~1\TEMP\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-17 07:47 - 2014-02-17 07:48 - 00000000 ____D () C:\FRST
2014-02-17 07:46 - 2014-02-17 07:48 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Farbar R T
2014-02-17 07:45 - 2014-02-17 07:45 - 00005598 _____ () C:\Documents and Settings\TEMP\Desktop\attach.zip
2014-02-17 07:40 - 2014-02-17 07:40 - 00036743 _____ () C:\Documents and Settings\TEMP\Desktop\attach.txt
2014-02-17 07:40 - 2014-02-17 07:40 - 00011820 _____ () C:\Documents and Settings\TEMP\Desktop\dds.txt
2014-02-17 07:38 - 2014-02-17 07:20 - 00688992 ____R (Swearware) C:\Documents and Settings\TEMP\Desktop\dds.com
2014-02-16 23:29 - 2014-02-16 23:12 - 00543016 _____ (Fusion Install ) C:\Documents and Settings\TEMP\Desktop\Setup.exe
2014-02-16 22:34 - 2014-02-16 22:35 - 00003006 _____ () C:\Documents and Settings\TEMP\Desktop\FSS.txt
2014-02-16 22:34 - 2014-02-16 22:22 - 00453632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\FSS.exe
2014-02-16 22:07 - 2014-02-16 23:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-16 22:03 - 2014-02-16 23:00 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\mbar
2014-02-16 22:03 - 2014-02-16 22:41 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-16 22:03 - 2014-02-16 21:31 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\TEMP\Desktop\mbar-1.07.0.1009.exe
2014-02-15 16:07 - 2014-02-15 16:07 - 00000000 ____D () C:\FixNCR
2014-02-15 08:35 - 2014-02-16 22:44 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-15 08:35 - 2014-02-15 08:35 - 00000642 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to mbam.lnk

==================== One Month Modified Files and Folders =======

2014-02-17 07:48 - 2014-02-17 07:47 - 00000000 ____D () C:\FRST
2014-02-17 07:48 - 2014-02-17 07:46 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\Farbar R T
2014-02-17 07:46 - 2011-11-29 10:34 - 00000436 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E59546A6-99D3-42A2-8E7B-3AB8D0A6E8EE}.job
2014-02-17 07:46 - 2008-04-25 13:28 - 01647201 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-17 07:45 - 2014-02-17 07:45 - 00005598 _____ () C:\Documents and Settings\TEMP\Desktop\attach.zip
2014-02-17 07:41 - 2011-11-29 03:15 - 00000424 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-02-17 07:40 - 2014-02-17 07:40 - 00036743 _____ () C:\Documents and Settings\TEMP\Desktop\attach.txt
2014-02-17 07:40 - 2014-02-17 07:40 - 00011820 _____ () C:\Documents and Settings\TEMP\Desktop\dds.txt
2014-02-17 07:38 - 2012-02-08 08:52 - 00000000 ____D () C:\Documents and Settings\TEMP\Local Settings\Application Data\Adobe
2014-02-17 07:37 - 2008-04-25 08:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-17 07:36 - 2008-04-25 13:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-17 07:36 - 2008-04-25 01:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-17 07:36 - 2008-04-25 01:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-17 07:20 - 2014-02-17 07:38 - 00688992 ____R (Swearware) C:\Documents and Settings\TEMP\Desktop\dds.com
2014-02-16 23:32 - 2008-04-25 13:32 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-16 23:31 - 2012-02-08 08:52 - 00000178 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-02-16 23:12 - 2014-02-16 23:29 - 00543016 _____ (Fusion Install ) C:\Documents and Settings\TEMP\Desktop\Setup.exe
2014-02-16 23:00 - 2014-02-16 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-16 23:00 - 2014-02-16 22:03 - 00000000 ____D () C:\Documents and Settings\TEMP\Desktop\mbar
2014-02-16 22:57 - 2013-02-01 09:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-16 22:44 - 2014-02-15 08:35 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-02-16 22:41 - 2014-02-16 22:03 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-16 22:35 - 2014-02-16 22:34 - 00003006 _____ () C:\Documents and Settings\TEMP\Desktop\FSS.txt
2014-02-16 22:33 - 2012-03-15 08:09 - 00000990 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-839522115-1254UA.job
2014-02-16 22:22 - 2014-02-16 22:34 - 00453632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\FSS.exe
2014-02-16 21:31 - 2014-02-16 22:03 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\TEMP\Desktop\mbar-1.07.0.1009.exe
2014-02-15 16:07 - 2014-02-15 16:07 - 00000000 ____D () C:\FixNCR
2014-02-15 14:41 - 2013-09-04 09:24 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\nasdaq
2014-02-15 14:28 - 2011-05-02 15:03 - 00182172 _____ () C:\WINDOWS\setupapi.log
2014-02-15 11:33 - 2012-03-15 08:09 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1606980848-839522115-1254Core.job
2014-02-15 08:35 - 2014-02-15 08:35 - 00000642 _____ () C:\Documents and Settings\TEMP\Desktop\Shortcut to mbam.lnk
2014-02-15 08:18 - 2010-01-16 03:41 - 00001953 _____ () C:\WINDOWS\setupact.log

Files to move or delete:
====================
C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\TEMP\Local Settings\Application Data\Akamai\netsession_win.exe

Some content of TEMP:
====================
C:\Documents and Settings\Copy of teresa brown\Local Settings\Temp\pixsetup.exe
C:\Documents and Settings\Copy of teresa brown\Local Settings\Temp\ppadsetup.exe
C:\Documents and Settings\Copy of teresa brown\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Copy of teresa brown\Local Settings\Temp\sp31598.exe
C:\Documents and Settings\Copy of teresa brown\Local Settings\Temp\uninst.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-108ff97b.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2e2deb62.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2f5ece9c.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-2f871b39.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4108e08f.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-464b71aa.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-4ca6e3e1.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-64d19f0e.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-691c61.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7fe0d3da.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a375b9ad.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a93779ff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c83cf2fa.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-d3672cb1.exe
C:\Documents and Settings\TEMP\Local Settings\Temp\ipl.dll
C:\Documents and Settings\TEMP\Local Settings\Temp\iplpx.dll
C:\Documents and Settings\TEMP\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\TEMP\Local Settings\Temp\smile-latest.exe
C:\Documents and Settings\TEMP\Local Settings\Temp\WebshotSupplantLauncher.exe
C:\Documents and Settings\teresa brown\Local Settings\Temp\pixsetup.exe
C:\Documents and Settings\teresa brown\Local Settings\Temp\ppadsetup.exe
C:\Documents and Settings\teresa brown\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\teresa brown\Local Settings\Temp\sp31598.exe
C:\Documents and Settings\teresa brown\Local Settings\Temp\uninst.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Addition attached:

Have to figure where the attachment is...

trezabrown · February 17, 2014

attach.zip (addition txt)

attach.zip

jeffce · February 17, 2014

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\DOCUME~1\TEMP\LOCALS~1\Temp\mbr.sys

Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------

trezabrown · February 17, 2014

Thank you for your contnued assistance with this matter. Do you know that I can't go on the internet with the infected computer. I do all correspondence and website with this computer and put on a flash. I tried to do what you asked, but I think I need to be on infected computer? It can't find the file.

Please advise, thank you...

jeffce · February 18, 2014

Of course...my apologies....

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------

trezabrown · February 19, 2014

Jeff, hello, ComboFix was not able to update Windows Recovery so the scan was done without the update...

Thank you

Combo Fix log.txt

jeffce · February 19, 2014

Well done!

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Right-click and Run as Administrator SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind*i8042prt.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

trezabrown · February 19, 2014

Nothing found...

TDSSKiller.2.8.16.0_19.02.2014_06.40.48_log.txt

jeffce · February 19, 2014

Don't forget the log from SystemLook.

trezabrown · February 19, 2014

Where can I find that log? I don't see anything else that was created. Thanks

trezabrown · February 19, 2014

Found it the email didn't contain the second part of your message, but I got it now...

jeffce · February 19, 2014

Ok post it when you have it.

trezabrown · February 20, 2014

SystemLook.txt attached...

SystemLook.txt

jeffce · February 20, 2014

Right-click and Run as Administrator SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind*i8042prt*
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

trezabrown · February 20, 2014

I'm running it again, didn't the last system look txt file contain any info? Perhaps, I'm doing something wrong...

trezabrown · February 20, 2014

The file has the same info as previous attachmentSystemLook.txt, I may be doing something wrong...

jeffce · February 20, 2014

No you are doing just fine. Well done.

Do you have your Windows CD or can you borrow one from a friend? If so, get it out as we may need this during the following steps:

Click on Start, Run, type cmd in the Run bar.
In the Command Prompt Window, type (or copy and paste) sfc /scannow and press Enter.

The scan may take some time, so be patient. Windows will repair any corrupted or missing files that it finds. If information from the installation CD is needed to repair the problem, you may be prompted to insert your Windows CD.

After you run System File Checker, try to run connect to the internet.

Let me know how that works.

trezabrown · February 20, 2014

Thank you, Jeff,

What I have is a re-installation CD for Windows XP Pro service pack 3, hopefully that is what I need. Let me know, I am at work and I'll do what you ask per your instruction this evening. If this is not what I need let me know becuz I can probably find a CD for Windows here at work...

Can't connect to Internet or run Malwarebytes

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information