Jump to content

Crossrider, Other Malware And Extremely Slow Pc


Recommended Posts

I need assistance to safely and permanently get rid of PUP.Optional.Crossrider.A and other malware.  I have uninstalled Mobogenie but cant get rid of it completely.  On startup the following message is displayed C;\Documents and Settings\user\application data\newnext.me\negine.dll.  My pc is also extremely slow and tends to hang.  I have run disk cleanup, disk defragmenter to no avail.  

 

Please assist as I am at my wits end 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2014
Ran by User (administrator) on TASDBN-PC-04 on 23-04-2014 22:30:50
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
(Rockwell Software Inc.) C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Attix5 Development (Pty) Ltd) C:\Program Files\Pastel IronTree\a5backup.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\Mobogenie\MgAssist.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Rockwell Software, Inc.) C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\PVSW\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Dropbox, Inc.) C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
(FirebirdSQL Project) C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17331200 2008-10-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-02-26] (Nero AG)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [30208 2005-12-07] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [49152 2006-04-13] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-02-16] (Apple Computer, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [257088 2007-03-02] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [748736 2014-04-17] ()
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [894344 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [NextLive] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\Policies\Explorer: [] 
HKU\S-1-5-21-116400832-3860757063-2949661848-1005\...\MountPoints2: {23f61dfa-a10d-11e0-a108-6c626dcf6475} - E:\curice/elena.exe
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Pervasive.SQL Workgroup Engine.lnk
ShortcutTarget: Pervasive.SQL Workgroup Engine.lnk -> C:\PVSW\bin\w3dbsmgr.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.za/
URLSearchHook: HKCU - (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} -  No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
BHO: HP Smart Print BHO - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @MapsGalaxy_39.com/Plugin - C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.co.za
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
 
========================== Services (Whitelisted) =================
 
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 dnWhoDisp; C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe [73728 2002-04-29] ()
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe [81920 2007-09-03] (FirebirdSQL Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2002944 2007-09-03] (FirebirdSQL Project)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1064312 2013-08-26] (Flexera Software LLC)
R3 Harmony; C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE [192512 2005-06-23] (Rockwell Software Inc.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP)
R2 IronTreeDL; C:\Program Files\Pastel IronTree\a5backup.exe [163840 2010-03-02] (Attix5 Development (Pty) Ltd)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [70848 2014-04-17] ()
S3 OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [98304 2004-12-02] (OPC Foundation)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [167936 2005-08-08] ()
R2 RSLinx; C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE [1896720 2005-07-29] (Rockwell Software, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 ABKTCX; C:\WINDOWS\System32\Drivers\ABKTCX.sys [71448 2004-06-03] (Rockwell Software Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HPFXBULK; C:\WINDOWS\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-13] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RsiKtControl; C:\WINDOWS\system32\RSIKT.SYS [30166 2004-06-03] (Rockwell Software, Inc.)
S3 RSSERIAL; C:\WINDOWS\SYSTEM32\RSSERIAL.SYS [155440 2004-06-03] (Rockwell Software Inc.)
S3 RS_SS_NT; C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS [142592 2004-06-03] (Rockwell Software, Inc.)
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55232 2014-03-27] (StdLib)
S4 IntelIde; No ImagePath
S1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-23 22:30 - 2014-04-23 22:31 - 00019615 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\FRST
2014-04-23 22:24 - 2014-04-23 22:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-23 22:23 - 2014-04-23 22:23 - 01365865 _____ () C:\Documents and Settings\User\Desktop\adwcleaner.exe
2014-04-23 22:22 - 2014-04-23 22:22 - 03972608 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe
2014-04-23 22:18 - 2014-04-23 22:18 - 01048576 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-23 12:27 - 2014-04-23 12:28 - 00000005 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan
2014-04-17 10:43 - 2014-04-17 18:09 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Brother
2014-04-17 10:35 - 2014-04-17 18:09 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Labels
2014-04-17 10:32 - 2007-04-19 12:30 - 00033280 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21L.DLL
2014-04-17 10:32 - 2007-04-16 06:23 - 00057344 ____R () C:\WINDOWS\system32\PT21F.DLL
2014-04-17 10:32 - 2007-03-26 02:37 - 00001112 ____R () C:\WINDOWS\system32\PT21L.INI
2014-04-17 10:32 - 2007-03-08 10:35 - 00016327 ____R () C:\WINDOWS\system32\PT21M.CHM
2014-04-17 10:32 - 2007-02-09 07:47 - 00090112 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21M.EXE
2014-04-17 10:32 - 2007-01-16 14:09 - 00010240 ____R (Brother Industries, Ltd.) C:\WINDOWS\system32\PT21M.DLL
2014-04-17 10:29 - 2014-04-17 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Brother P-touch
2014-04-17 10:28 - 2014-04-17 10:29 - 00000000 ____D () C:\Program Files\Brother
2014-04-17 10:28 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Common Files\Brother
2014-04-17 09:29 - 2014-04-17 08:27 - 00495616 _____ () C:\Documents and Settings\User\Desktop\Afrox 2014.xls
2014-04-17 09:28 - 2014-04-17 09:27 - 00463360 _____ () C:\Documents and Settings\User\Desktop\Afrox Guages 2014.xls
2014-04-16 06:52 - 2014-04-16 10:51 - 00035328 _____ () C:\Documents and Settings\User\Desktop\Shepherd Rep Priest - Master.xls
2014-04-11 10:54 - 2014-04-11 11:34 - 00013428 _____ () C:\Documents and Settings\User\My Documents\OUPSIE Boyancy.xlsx
2014-04-09 03:16 - 2014-04-09 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 03:04 - 2014-04-09 03:05 - 00011520 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 01:32 - 2014-04-09 03:16 - 00013588 _____ () C:\WINDOWS\KB2922229.log
2014-04-01 09:15 - 2014-04-01 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG2014
2014-03-29 10:04 - 2014-03-29 10:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ___HD () C:\$AVG
2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ____D () C:\Program Files\AVG
2014-03-29 09:59 - 2014-03-29 10:41 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
2014-03-28 07:54 - 2014-04-17 09:44 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ___RD () C:\Program Files\Skype
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-28 07:23 - 2014-03-28 07:23 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SkypeTalking
2014-03-27 22:37 - 2014-03-27 22:37 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-03-27 21:10 - 2014-03-27 21:10 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Optimizer Pro
2014-03-27 21:05 - 2014-03-28 07:42 - 00000000 ____D () C:\Program Files\SkypeTalking
2014-03-26 08:11 - 2014-03-26 08:11 - 00000790 _____ () C:\Documents and Settings\User\Desktop\The Holy Bible (2).LNK
2014-03-26 08:10 - 2014-03-26 08:10 - 00000790 _____ () C:\Documents and Settings\User\Start Menu\Programs\The Holy Bible.LNK
2014-03-26 08:09 - 2014-03-26 08:30 - 00000000 ____D () C:\Program Files\The Holy Bible Ver81
2014-03-26 08:09 - 1997-07-19 18:00 - 00193296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mci32.ocx
2014-03-26 08:09 - 1997-01-16 01:00 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\ST5UNST.EXE
2014-03-26 08:09 - 1997-01-16 01:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VB5StKit.dll
2014-03-24 08:39 - 2014-03-24 08:42 - 1470996198 _____ () C:\Documents and Settings\User\Desktop\20140323_185056.mp4
2014-03-24 08:04 - 2014-03-24 08:04 - 00285120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
==================== One Month Modified Files and Folders =======
 
2014-04-23 22:31 - 2014-04-23 22:30 - 00019615 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-23 22:30 - 2014-04-23 22:30 - 00000000 ____D () C:\FRST
2014-04-23 22:30 - 2012-04-24 01:03 - 00110225 _____ () C:\WINDOWS\pfirewall.log
2014-04-23 22:24 - 2014-04-23 22:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-23 22:23 - 2014-04-23 22:23 - 01365865 _____ () C:\Documents and Settings\User\Desktop\adwcleaner.exe
2014-04-23 22:22 - 2014-04-23 22:22 - 03972608 _____ () C:\Documents and Settings\User\Desktop\RogueKiller.exe
2014-04-23 22:20 - 2013-07-03 09:21 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Skype
2014-04-23 22:18 - 2014-04-23 22:18 - 01048576 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-23 21:33 - 2013-07-04 03:58 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 20:40 - 2011-06-28 00:11 - 01271294 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-23 20:38 - 2014-02-15 16:25 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Dropbox
2014-04-23 20:37 - 2014-02-15 16:28 - 00000000 ___RD () C:\Documents and Settings\User\My Documents\Dropbox
2014-04-23 20:35 - 2013-11-28 16:44 - 00045109 _____ () C:\WINDOWS\pvsw.log
2014-04-23 20:35 - 2011-06-27 23:56 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-23 20:32 - 2011-06-27 17:08 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-23 20:32 - 2011-06-27 17:08 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-23 20:31 - 2014-03-14 08:26 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-23 20:31 - 2013-07-04 03:58 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-23 20:31 - 2011-06-28 00:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 20:28 - 2011-06-28 00:34 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-04-23 20:28 - 2011-06-28 00:16 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-23 20:23 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
2014-04-23 20:23 - 2014-03-18 09:44 - 00000000 ____D () C:\Program Files\Mobogenie
2014-04-23 19:16 - 2013-08-26 09:54 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Akamai
2014-04-23 19:10 - 2011-06-27 16:59 - 00000000 ____D () C:\WINDOWS\Help
2014-04-23 18:39 - 2013-04-29 13:40 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Registry backup
2014-04-23 18:14 - 2013-03-24 11:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-23 17:26 - 2013-04-29 14:13 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Payments
2014-04-23 16:00 - 2012-09-10 15:17 - 00000512 ____H () C:\WINDOWS\Tasks\Instracon 1347283047.job
2014-04-23 15:45 - 2011-06-28 09:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2481109$
2014-04-23 15:43 - 2012-04-24 01:03 - 04058890 _____ () C:\WINDOWS\pfirewall.log.old
2014-04-23 15:42 - 2011-06-27 23:56 - 00000739 _____ () C:\WINDOWS\win.ini
2014-04-23 15:42 - 2011-06-27 16:32 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt
2014-04-23 14:34 - 2013-11-28 16:37 - 00188200 _____ () C:\WINDOWS\setupapi.log
2014-04-23 14:16 - 2011-06-30 15:05 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\CutePDF Writer
2014-04-23 12:28 - 2014-04-23 12:27 - 00000005 _____ () C:\Documents and Settings\User\Application Data\mbam.context.scan
2014-04-23 08:30 - 2011-07-07 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Documents\Shared Docs
2014-04-22 15:37 - 2013-05-02 22:30 - 00002137 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-04-22 15:28 - 2011-08-15 11:41 - 00000000 ____D () C:\Pastel11
2014-04-21 19:45 - 2012-07-20 10:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-20 22:32 - 2011-06-28 00:27 - 00111056 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-20 22:18 - 2011-06-27 17:04 - 00386408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 18:09 - 2014-04-17 10:43 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Brother
2014-04-17 18:09 - 2014-04-17 10:35 - 00000000 ____D () C:\Documents and Settings\User\My Documents\My Labels
2014-04-17 11:54 - 2014-01-09 15:38 - 00000000 ____D () C:\Documents and Settings\User\Desktop\OAC Garden Folder
2014-04-17 11:54 - 2013-09-04 08:26 - 00000000 ____D () C:\Documents and Settings\User\Desktop\OAC FORMS
2014-04-17 11:49 - 2013-08-26 13:12 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\cache
2014-04-17 11:17 - 2013-10-25 08:02 - 00000000 ____D () C:\Documents and Settings\User\Desktop\Deageo
2014-04-17 10:33 - 2011-06-28 00:45 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-17 10:29 - 2014-04-17 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Brother P-touch
2014-04-17 10:29 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Brother
2014-04-17 10:28 - 2014-04-17 10:28 - 00000000 ____D () C:\Program Files\Common Files\Brother
2014-04-17 09:44 - 2014-03-28 07:54 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-04-17 09:27 - 2014-04-17 09:28 - 00463360 _____ () C:\Documents and Settings\User\Desktop\Afrox Guages 2014.xls
2014-04-17 08:27 - 2014-04-17 09:29 - 00495616 _____ () C:\Documents and Settings\User\Desktop\Afrox 2014.xls
2014-04-16 10:51 - 2014-04-16 06:52 - 00035328 _____ () C:\Documents and Settings\User\Desktop\Shepherd Rep Priest - Master.xls
2014-04-11 11:34 - 2014-04-11 10:54 - 00013428 _____ () C:\Documents and Settings\User\My Documents\OUPSIE Boyancy.xlsx
2014-04-11 09:39 - 2014-03-18 08:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-09 12:54 - 2014-01-07 15:12 - 00011000 _____ () C:\Documents and Settings\User\Desktop\Prophetic Report.xlsx
2014-04-09 11:46 - 2014-03-15 10:24 - 00000000 ____D () C:\Documents and Settings\User\Desktop\GARDEN FOLDERS
2014-04-09 03:32 - 2014-03-14 08:26 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-09 03:17 - 2011-06-27 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-09 03:16 - 2014-04-09 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 03:16 - 2014-04-09 01:32 - 00013588 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00098871 _____ () C:\WINDOWS\iis6.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00092951 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00044340 _____ () C:\WINDOWS\ocgen.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00042318 _____ () C:\WINDOWS\tsoc.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00030672 _____ () C:\WINDOWS\comsetup.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00027844 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00018581 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00016245 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00006375 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00005130 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00004665 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00004635 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 03:16 - 2014-01-04 13:55 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 03:12 - 2013-08-15 14:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 03:05 - 2014-04-09 03:04 - 00011520 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 03:05 - 2014-01-04 13:55 - 00010400 _____ () C:\WINDOWS\updspapi.log
2014-04-09 03:05 - 2014-01-04 13:55 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 03:05 - 2011-06-28 09:41 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 03:04 - 2011-06-28 06:22 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-02 15:38 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Application Data\newnext.me
2014-04-01 09:15 - 2014-04-01 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-29 16:57 - 2014-03-18 09:45 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\genienext
2014-03-29 10:41 - 2014-03-29 09:59 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Avg2014
2014-03-29 10:18 - 2011-07-03 03:33 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Buoxce
2014-03-29 10:08 - 2014-03-29 10:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-03-29 10:06 - 2014-03-29 10:06 - 00000000 ____D () C:\Documents and Settings\User\Application Data\AVG2014
2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ___HD () C:\$AVG
2014-03-29 10:04 - 2014-03-29 10:04 - 00000000 ____D () C:\Program Files\AVG
2014-03-29 09:30 - 2013-12-02 09:30 - 00000558 _____ () C:\net.txt
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ___RD () C:\Program Files\Skype
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-28 07:54 - 2014-03-28 07:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-28 07:54 - 2013-07-03 09:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-28 07:42 - 2014-03-27 21:05 - 00000000 ____D () C:\Program Files\SkypeTalking
2014-03-28 07:40 - 2014-03-19 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Rockwell Software
2014-03-28 07:40 - 2011-08-15 11:38 - 00000000 ____D () C:\Program Files\Common Files\Pervasive Software Shared
2014-03-28 07:27 - 2011-06-27 23:58 - 00000212 __RSH () C:\boot.ini
2014-03-28 07:23 - 2014-03-28 07:23 - 00000000 ____D () C:\Documents and Settings\User\Application Data\SkypeTalking
2014-03-27 22:37 - 2014-03-27 22:37 - 00055232 _____ (StdLib) C:\WINDOWS\system32\Drivers\tStLibG.sys
2014-03-27 21:12 - 2013-11-27 10:21 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-03-27 21:10 - 2014-03-27 21:10 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Optimizer Pro
2014-03-27 15:46 - 2013-04-29 14:15 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Email docs
2014-03-26 08:30 - 2014-03-26 08:09 - 00000000 ____D () C:\Program Files\The Holy Bible Ver81
2014-03-26 08:11 - 2014-03-26 08:11 - 00000790 _____ () C:\Documents and Settings\User\Desktop\The Holy Bible (2).LNK
2014-03-26 08:10 - 2014-03-26 08:10 - 00000790 _____ () C:\Documents and Settings\User\Start Menu\Programs\The Holy Bible.LNK
2014-03-26 07:56 - 2013-12-01 16:29 - 00006289 _____ () C:\WINDOWS\setupact.log
2014-03-24 14:51 - 2012-07-10 14:56 - 00002926 _____ () C:\Documents and Settings\User\Application Data\Rim.DesktopHelper.Exception.log
2014-03-24 14:51 - 2012-07-10 14:56 - 00002849 _____ () C:\Documents and Settings\User\Application Data\Rim.Desktop.Exception.log
2014-03-24 08:42 - 2014-03-24 08:39 - 1470996198 _____ () C:\Documents and Settings\User\Desktop\20140323_185056.mp4
2014-03-24 08:37 - 2013-10-21 08:44 - 00000000 ____D () C:\Documents and Settings\User\My Documents\SelfMV
2014-03-24 08:04 - 2014-03-24 08:04 - 00285120 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
 
Files to move or delete:
====================
C:\Documents and Settings\User\easyFile-employer.exe
 
 
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\1381228536_Cloud_Backup_Setup.exe
C:\Documents and Settings\User\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\User\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dll
C:\Documents and Settings\User\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\User\Local Settings\Temp\isutldll.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\Mobogenie_Setup_2.1.37_122100041.exe
C:\Documents and Settings\User\Local Settings\Temp\mpegc.dll
C:\Documents and Settings\User\Local Settings\Temp\msvcp90.dll
C:\Documents and Settings\User\Local Settings\Temp\msvcr90.dll
C:\Documents and Settings\User\Local Settings\Temp\propsys.dll
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\Update.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2014
Ran by User at 2014-04-23 22:32:08
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2 - Hewlett-Packard) Hidden
4300 (Version: 71.0.215.000 - Hewlett-Packard) Hidden
4300_Help (Version: 71.0.215.000 - Hewlett-Packard) Hidden
4300Trb (Version: 71.0.215.000 - Hewlett-Packard) Hidden
5600 (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600_Help (Version: 50.0.206.000 - Hewlett-Packard) Hidden
5600Trb (Version: 50.0.206.000 - Hewlett-Packard) Hidden
7500_7600_7700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AiO_Scan (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiO_Scan_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 50.0.206.000 - Hewlett-Packard) Hidden
AiOSoftwareNPI (Version: 71.0.215.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Software Update (HKLM\...\{A260B422-70E1-41E2-957D-F76FA21266D5}) (Version: 1.1.0.3 - Apple Computer, Inc.)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3920 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 2.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 70.0.283.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Brother P-touch Editor 4.2 (HKLM\...\InstallShield_{003447F5-0058-4B77-9C1E-50488F77C4A7}) (Version: 4.2 - Brother Industries, Ltd.)
Brother P-touch Editor 4.2 (Version: 4.2 - Brother Industries, Ltd.) Hidden
Brother P-touch Quick Editor 2.0 (HKLM\...\InstallShield_{AD50DAD0-7669-4AAE-99E6-914B0A9D1188}) (Version: 2.0.201 - Brother Industries, Ltd. )
Brother P-touch Quick Editor 2.0 (Version: 2.0.201 - Brother Industries, Ltd. ) Hidden
Brother P-touch Software (Version: 1.0.006 - Brother Industries, Ltd. ) Hidden
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D-Link AirPlus Xtreme G AP Manager for DWL-2100AP (HKLM\...\{6414E7C5-C329-4C99-A223-FCCDB499E3E9}) (Version:  - )
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
e@syFile-employer (HKLM\...\easyFileEmployer.0612E4541602589CA8807A3EA214FDF182FEF49D.1) (Version: 6.2.2 - South African Revenue Service)
e@syFile-employer (Version: 6.2.2 - South African Revenue Service) Hidden
FARO LS 1.1.501.0 (HKLM\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fax_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
Firebird 2.0.3 (HKLM\...\FBDBServer_2_0_is1) (Version:  - Firebird Project)
FlameRobin 0.8.6 (HKLM\...\FlameRobin_is1) (Version:  - The FlameRobin Project)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Customer Participation Program 7.0 (HKLM\...\HPExtendedCapabilities) (Version: 7.0 - HP)
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Officejet Pro All-In-One Series (HKLM\...\{7729A02E-D1AD-4830-8FC5-11853500D90D}) (Version: 1.0 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Photosmart, Officejet and Deskjet 7.0.A (HKLM\...\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}) (Version:  - HP)
HP PSC & OfficeJet 5.3.B (HKLM\...\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}) (Version:  - HP)
HP Smart Print 1.1.5.0 (HKLM\...\{8B157EE4-0BAB-4CCE-B92C-5844AB6E20F1}) (Version: 1.1.5.0 - Hewlett-Packard)
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 6.14.10.5260 - Intel Corporation)
iTunes (HKLM\...\{01B51908-02EF-453B-87A9-815182E8C2F2}) (Version: 7.1.0.59 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
L7600 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (HKLM\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MPM (HKLM\...\{D48AD533-BAD5-469B-A9AA-272C6D80E70B}) (Version: 1.00.0000 - Hewlett-Packard)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571033}) (Version: 7.02.5851 - Nero AG)
NewCopy (Version: 50.0.206.000 - Hewlett-Packard) Hidden
NewCopy_CDA (Version: 71.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Pastel IronTree (HKLM\...\{65CC95F7-D4F6-458C-AC73-7A9A740E6C6B}) (Version: 5.1.4.17 - Pastel IronTree)
Pastel Partner Version 11 (HKLM\...\{6BA86C13-2E82-4A79-86F1-9A4E44E2B760}) (Version: 11.2.4 - Softline Pastel)
Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.00.000 - Prolific Technology INC)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1702.0 - CyberLink Corporation)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
ProductContext (Version: 50.0.206.000 - Hewlett-Packard) Hidden
ProductContextNPI (Version: 71.0.215.000 - Hewlett-Packard) Hidden
Quick Payroll (HKLM\...\{739DCD95-5BC3-4529-9ECA-E2A77986C2C7}) (Version: 1.2.22 - QuickBooks)
QuickBooks Pro Edition 2006 (HKLM\...\{5545B622-9998-4f13-9CD6-B908675BDCB2}) (Version:  - )
QuickTime (HKLM\...\{5E863175-E85D-44A6-8968-82507D34AE7F}) (Version: 7.1.5.120 - Apple Computer, Inc.)
Readme (Version: 71.0.215.000 - Hewlett-Packard) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0179 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}) (Version: 1.01.0086 - REALTEK Semiconductor Corp.)
RSLinx Classic (HKLM\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.50.00.20 (CPR 7) - Rockwell Software, Inc.)
Sabre (HKLM\...\Sabre_is1) (Version:  - 247Software)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
SketchUp Import for AutoCAD 2014 (HKLM\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Striata Reader (HKLM\...\{13d868cf-47e9-4b3d-9366-a0c60f82e5aa}) (Version: 2.15-1 - Striata Communication Solutions)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
The Holy Bible KJV Ver.8.0.1 (HKLM\...\ST5UNST #1) (Version:  - )
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
tripTrack Version 1.389 (HKLM\...\tripTrack_is1) (Version:  - Ketchup Solutions)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Mail (HKLM\...\{184E7118-0295-43C4-B72C-1D54AA75AAF7}) (Version:  - )
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Zulu DJ Software (HKLM\...\Zulu) (Version:  - NCH Software)
 
==================== Restore Points  =========================
 
23-01-2014 11:07:05 System Checkpoint
24-01-2014 06:03:12 Printer Driver Amyuni Document Converter 2.51 Installed
25-01-2014 06:08:07 System Checkpoint
26-01-2014 07:08:07 System Checkpoint
27-01-2014 07:56:07 System Checkpoint
27-01-2014 14:22:17 Printer Driver Amyuni Document Converter 2.51 Installed
27-01-2014 14:23:16 Printer Driver Amyuni Document Converter 2.51 Installed
28-01-2014 15:08:07 System Checkpoint
29-01-2014 11:27:37 Printer Driver Amyuni Document Converter 2.51 Installed
29-01-2014 11:30:04 Printer Driver Amyuni Document Converter 2.51 Installed
30-01-2014 11:56:27 System Checkpoint
31-01-2014 06:54:49 Printer Driver Amyuni Document Converter 2.51 Installed
31-01-2014 07:00:16 Printer Driver Amyuni Document Converter 2.51 Installed
31-01-2014 07:00:56 Printer Driver Amyuni Document Converter 2.51 Installed
01-02-2014 08:08:33 System Checkpoint
02-02-2014 09:08:33 System Checkpoint
03-02-2014 09:56:35 System Checkpoint
03-02-2014 10:36:47 Installed Samsung Kies3
03-02-2014 12:35:02 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:35:47 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:36:46 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:37:42 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:45:17 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:53:03 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:53:49 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 12:55:12 Printer Driver Amyuni Document Converter 2.51 Installed
03-02-2014 15:25:40 Printer Driver Amyuni Document Converter 2.51 Installed
04-02-2014 12:18:23 Printer Driver Amyuni Document Converter 2.51 Installed
04-02-2014 12:21:43 Printer Driver Amyuni Document Converter 2.51 Installed
04-02-2014 20:24:25 Printer Driver Amyuni Document Converter 2.51 Installed
05-02-2014 12:21:13 Printer Driver Amyuni Document Converter 2.51 Installed
05-02-2014 12:23:44 Printer Driver Amyuni Document Converter 2.51 Installed
05-02-2014 12:26:12 Printer Driver Amyuni Document Converter 2.51 Installed
06-02-2014 12:56:48 System Checkpoint
07-02-2014 13:25:29 System Checkpoint
08-02-2014 13:36:20 System Checkpoint
09-02-2014 14:48:21 System Checkpoint
10-02-2014 09:14:08 Printer Driver Amyuni Document Converter 2.51 Installed
11-02-2014 10:03:47 System Checkpoint
11-02-2014 14:03:50 Printer Driver Amyuni Document Converter 2.51 Installed
11-02-2014 14:06:51 Printer Driver Amyuni Document Converter 2.51 Installed
11-02-2014 14:07:50 Printer Driver Amyuni Document Converter 2.51 Installed
12-02-2014 14:17:42 System Checkpoint
12-02-2014 19:56:35 Printer Driver Amyuni Document Converter 2.51 Installed
13-02-2014 20:17:44 System Checkpoint
14-02-2014 09:13:49 Printer Driver Amyuni Document Converter 2.51 Installed
14-02-2014 09:16:42 Printer Driver Amyuni Document Converter 2.51 Installed
15-02-2014 09:17:44 System Checkpoint
16-02-2014 10:17:46 System Checkpoint
17-02-2014 11:05:45 System Checkpoint
18-02-2014 12:17:44 System Checkpoint
19-02-2014 13:05:44 System Checkpoint
20-02-2014 11:15:16 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:16:22 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:36:29 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:38:35 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:39:34 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:42:50 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:44:00 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:45:18 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 11:52:10 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:07:10 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:12:34 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:13:21 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:16:05 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:30:54 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:31:27 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:35:59 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 12:48:44 Printer Driver Amyuni Document Converter 2.51 Installed
20-02-2014 13:04:55 Printer Driver Amyuni Document Converter 2.51 Installed
21-02-2014 11:42:08 Printer Driver Amyuni Document Converter 2.51 Installed
22-02-2014 12:06:15 System Checkpoint
23-02-2014 12:18:15 System Checkpoint
24-02-2014 12:51:19 Printer Driver Amyuni Document Converter 2.51 Installed
24-02-2014 12:53:01 Printer Driver Amyuni Document Converter 2.51 Installed
24-02-2014 13:04:39 Printer Driver Amyuni Document Converter 2.51 Installed
24-02-2014 13:22:29 Printer Driver Amyuni Document Converter 2.51 Installed
24-02-2014 13:26:17 Printer Driver Amyuni Document Converter 2.51 Installed
24-02-2014 13:31:54 Printer Driver Amyuni Document Converter 2.51 Installed
25-02-2014 14:06:15 System Checkpoint
26-02-2014 14:18:15 System Checkpoint
27-02-2014 16:24:53 System Checkpoint
28-02-2014 06:07:09 Printer Driver Amyuni Document Converter 2.51 Installed
28-02-2014 06:08:58 Printer Driver Amyuni Document Converter 2.51 Installed
28-02-2014 08:17:02 Printer Driver Amyuni Document Converter 2.51 Installed
01-03-2014 08:18:15 System Checkpoint
02-03-2014 09:06:14 System Checkpoint
03-03-2014 10:18:17 System Checkpoint
04-03-2014 10:04:14 Printer Driver Amyuni Document Converter 2.51 Installed
04-03-2014 10:09:36 Printer Driver Amyuni Document Converter 2.51 Installed
05-03-2014 09:23:46 Installed Google Earth.
05-03-2014 10:33:48 Printer Driver Amyuni Document Converter 2.51 Installed
05-03-2014 10:51:00 Printer Driver Amyuni Document Converter 2.51 Installed
05-03-2014 10:52:00 Printer Driver Amyuni Document Converter 2.51 Installed
05-03-2014 10:52:59 Printer Driver Amyuni Document Converter 2.51 Installed
05-03-2014 10:53:44 Printer Driver Amyuni Document Converter 2.51 Installed
06-03-2014 11:27:02 System Checkpoint
07-03-2014 11:27:26 System Checkpoint
08-03-2014 12:15:26 System Checkpoint
09-03-2014 12:27:26 System Checkpoint
10-03-2014 11:36:08 Printer Driver Amyuni Document Converter 2.51 Installed
10-03-2014 11:44:18 Printer Driver Amyuni Document Converter 2.51 Installed
11-03-2014 12:39:31 System Checkpoint
12-03-2014 07:41:43 Printer Driver Amyuni Document Converter 2.51 Installed
12-03-2014 07:46:46 Printer Driver Amyuni Document Converter 2.51 Installed
12-03-2014 07:48:42 Printer Driver Amyuni Document Converter 2.51 Installed
13-03-2014 06:32:18 Printer Driver Amyuni Document Converter 2.51 Installed
13-03-2014 06:33:22 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 05:42:50 Software Distribution Service 3.0
14-03-2014 11:44:04 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:45:11 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:46:10 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:46:59 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:47:56 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:48:36 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:49:40 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 11:50:31 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 12:01:47 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 12:08:39 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 12:09:30 Printer Driver Amyuni Document Converter 2.51 Installed
14-03-2014 12:14:54 Printer Driver Amyuni Document Converter 2.51 Installed
15-03-2014 12:46:59 System Checkpoint
17-03-2014 06:42:19 System Checkpoint
18-03-2014 05:50:42 Printer Driver Amyuni Document Converter 2.51 Installed
18-03-2014 07:01:25 Software Distribution Service 3.0
18-03-2014 10:54:41 Installed BlackBerry Desktop Software.
19-03-2014 06:22:42 Installed RSLinx Classic
20-03-2014 08:27:07 System Checkpoint
21-03-2014 09:11:22 System Checkpoint
22-03-2014 09:59:19 System Checkpoint
23-03-2014 11:11:20 System Checkpoint
24-03-2014 11:14:02 System Checkpoint
24-03-2014 12:38:36 Printer Driver Amyuni Document Converter 2.51 Installed
24-03-2014 12:40:58 Printer Driver Amyuni Document Converter 2.51 Installed
24-03-2014 12:42:59 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:13:31 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:16:50 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:23:52 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:24:36 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:25:17 Printer Driver Amyuni Document Converter 2.51 Installed
25-03-2014 07:26:11 Printer Driver Amyuni Document Converter 2.51 Installed
26-03-2014 07:50:08 System Checkpoint
27-03-2014 07:54:53 Printer Driver Amyuni Document Converter 2.51 Installed
28-03-2014 05:40:51 Removed Rockwell Windows Firewall Configuration Utility 1.00.01
28-03-2014 05:41:42 Removed Skype Click to Call
28-03-2014 05:48:48 Removed Skype™ 6.14
28-03-2014 14:07:51 Printer Driver Amyuni Document Converter 2.51 Installed
29-03-2014 08:04:07 Installed AVG 2014
29-03-2014 08:04:36 Installed AVG 2014
30-03-2014 08:42:50 System Checkpoint
31-03-2014 09:40:50 System Checkpoint
01-04-2014 10:40:52 System Checkpoint
02-04-2014 11:21:00 System Checkpoint
03-04-2014 12:20:56 System Checkpoint
04-04-2014 13:10:13 System Checkpoint
05-04-2014 13:20:20 System Checkpoint
06-04-2014 14:09:07 System Checkpoint
07-04-2014 15:09:07 System Checkpoint
08-04-2014 15:21:08 System Checkpoint
09-04-2014 01:00:39 Software Distribution Service 3.0
10-04-2014 01:53:07 System Checkpoint
11-04-2014 01:55:36 System Checkpoint
12-04-2014 02:41:03 System Checkpoint
13-04-2014 02:53:04 System Checkpoint
14-04-2014 03:55:33 System Checkpoint
15-04-2014 04:09:33 System Checkpoint
16-04-2014 05:26:45 System Checkpoint
17-04-2014 06:13:33 System Checkpoint
17-04-2014 08:27:05 Installed Brother P-touch Software
18-04-2014 08:49:17 System Checkpoint
19-04-2014 08:53:20 System Checkpoint
20-04-2014 21:32:35 System Checkpoint
21-04-2014 23:00:06 System Checkpoint
22-04-2014 23:47:34 System Checkpoint
23-04-2014 16:10:23 Removed Japanese Fonts Support For Adobe Reader X.
 
==================== Hosts content: ==========================
 
2011-06-27 23:54 - 2013-03-24 11:21 - 00000785 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Instracon 1347283047.job => C:\Documents and Settings\All Users\Documents\Shared Docs\Intuit\AutoBackupEXE.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-28 05:41 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2012-05-18 15:30 - 2010-10-14 10:04 - 00151552 _____ () C:\WINDOWS\system32\HP1100LM.DLL
2012-05-18 15:30 - 2010-10-14 10:04 - 00069632 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2012-05-18 15:30 - 2010-10-14 10:04 - 02306048 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hp1100su.dll
2012-05-18 15:30 - 2010-10-14 10:04 - 00794624 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1100GC.dll
2012-03-14 17:38 - 2009-08-16 17:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2014-03-18 09:44 - 2014-04-17 11:21 - 00070848 _____ () C:\Program Files\Mobogenie\MgAssist.exe
2014-03-18 09:44 - 2014-04-17 11:21 - 00748736 _____ () C:\Program Files\Mobogenie\DaemonProcess.exe
2014-03-18 09:44 - 2014-04-17 11:21 - 00065728 _____ () C:\Program Files\Mobogenie\Device.dll
2011-06-27 16:26 - 2005-08-08 13:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2013-02-05 00:21 - 2013-02-05 00:21 - 00049184 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00744992 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00106016 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00039456 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2011-06-27 23:54 - 2008-04-14 14:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2011-06-27 23:55 - 2008-04-14 14:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2007-04-15 13:43 - 2007-04-15 13:43 - 00112208 _____ () C:\PVSW\bin\w3dbsmgr.exe
2007-04-15 14:04 - 2007-04-15 14:04 - 00165456 _____ () C:\PVSW\bin\W3COMSRV.DLL
2014-04-23 20:36 - 2014-04-23 20:36 - 00041984 _____ () C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Documents and Settings\User\Application Data\Dropbox\bin\libcef.dll
2014-04-11 09:39 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 09:39 - 2014-04-02 03:57 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 09:39 - 2014-04-02 03:58 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 09:39 - 2014-04-02 03:57 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:806222FC
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192se
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: 
Description: 
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/23/2014 06:58:41 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context:  Application, SystemIndex Catalog
 
Error: (04/23/2014 02:18:20 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/23/2014 00:26:02 PM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/23/2014 00:25:58 PM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/23/2014 08:57:32 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/20/2014 10:28:01 PM) (Source: Microsoft Office 12) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 12.0.6691.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.
 
Error: (04/20/2014 11:25:49 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/20/2014 11:21:22 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 15.0.4014.1067, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/23/2014 08:35:44 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (04/23/2014 07:06:50 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (04/23/2014 05:57:37 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Content Service service hung on starting.
 
Error: (04/23/2014 05:55:18 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 7 service failed to start due to the following error: 
%%1053
 
Error: (04/23/2014 05:55:18 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the TeamViewer 7 service to connect.
 
Error: (04/23/2014 05:53:23 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1
 
Error: (04/23/2014 04:07:56 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Util sizlsearch service, but this action failed with the following error: 
%%1058
 
Error: (04/23/2014 04:07:56 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Update sizlsearch service, but this action failed with the following error: 
%%1058
 
Error: (04/23/2014 04:07:51 PM) (Source: Service Control Manager) (User: )
Description: The Util sizlsearch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/23/2014 04:07:51 PM) (Source: Service Control Manager) (User: )
Description: The Update sizlsearch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2013 07:45:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 207281 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error: (03/19/2012 11:58:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 159983 seconds with 25380 seconds of active time.  This session ended with a crash.
 
Error: (12/14/2011 05:58:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27798 seconds with 4980 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 68%
Total physical RAM: 2038.23 MB
Available physical RAM: 641.35 MB
Total Pagefile: 3922.77 MB
Available Pagefile: 2613.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.88 GB) (Free:173.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 7A37E62D)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Kind Regards

 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin...

 

 

 

fixlist.txt

Link to post
Share on other sites

Hi Kevin

 

Thank you for your help!  There is the posting of the fixlog as requested

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-04-2014
Ran by User at 2014-04-24 01:19:36 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
C:\Program Files\Mobogenie
AppInit_DLLs: c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll => c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\Datamngr\apcrtldr.dll <===== ATTENTION
C:\Program Files\Movies Toolbar
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
SearchScopes: HKLM - DefaultScope {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = http://search.tb.ask...t=sb&searchfor={searchTerms}
SearchScopes: HKLM - {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = http://search.tb.ask...t=sb&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...pn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebs...t=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {7f5cae72-31fd-4f9e-9b93-686e9a0e374f} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
S4 IntelIde; No ImagePath
S1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]
U1 WS2IFSL; 
C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie
C:\Documents and Settings\User\easyFile-employer.exe
C:\Documents and Settings\User\Local Settings\Temp\1381228536_Cloud_Backup_Setup.exe
C:\Documents and Settings\User\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\User\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dll
C:\Documents and Settings\User\Local Settings\Temp\Execute2App.exe
C:\Documents and Settings\User\Local Settings\Temp\isutldll.dll
C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\User\Local Settings\Temp\Mobogenie_Setup_2.1.37_122100041.exe
C:\Documents and Settings\User\Local Settings\Temp\mpegc.dll
C:\Documents and Settings\User\Local Settings\Temp\msvcp90.dll
C:\Documents and Settings\User\Local Settings\Temp\msvcr90.dll
C:\Documents and Settings\User\Local Settings\Temp\propsys.dll
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\User\Local Settings\Temp\Update.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:806222FC
End
*****************
 
 
"C:\Program Files\Mobogenie" directory move:
 
Could not move "C:\Program Files\Mobogenie" directory. => Scheduled to move on reboot.
 
"c:\docume~1\alluse~1\applic~1\wincert\win32c~1.dll" => Value Data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => Value deleted successfully.
C:\Program Files\Movies Toolbar => Moved successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7f5cae72-31fd-4f9e-9b93-686e9a0e374f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7f5cae72-31fd-4f9e-9b93-686e9a0e374f} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7f5cae72-31fd-4f9e-9b93-686e9a0e374f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7f5cae72-31fd-4f9e-9b93-686e9a0e374f} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f} => Key deleted successfully.
IntelIde => Service deleted successfully.
VirtualBackplane => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mobogenie => Moved successfully.
C:\Documents and Settings\User\easyFile-employer.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\1381228536_Cloud_Backup_Setup.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\AcDeltree.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\BackupSetup.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpthnspf.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Execute2App.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\isutldll.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Mobogenie_Setup_2.1.37_122100041.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\mpegc.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\msvcp90.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\msvcr90.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\propsys.dll => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\User\Local Settings\Temp\Update.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":806222FC" ADS removed successfully.
 
Can I proceed with the next step as I am not sure whether you want to see the log file of the step before proceeding to the next step
Link to post
Share on other sites

The Malwarebytes quick scan and removal log

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.04.23.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: TASDBN-PC-04 [administrator]
 
Protection: Enabled
 
24/04/2014 01:40:30
mbam-log-2014-04-24 (01-40-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279708
Time elapsed: 31 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKCR\CrossriderApp0049074.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0049074.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Data: C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\User\Application Data\newnext.me\nengine.dll",EntryPoint -m l -> Quarantined and deleted successfully.
HKCU\Software\Crossrider|Verifier (PUP.Optional.CrossRider.A) -> Data: ebbf46c77d403e0d6f50a6ca7bf46fb6 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Documents and Settings\User\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
 
Files Detected: 5
C:\Documents and Settings\User\My Documents\Downloads\the holy bible king james version setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\blackberry desktop manager setup (1).exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\My Documents\Downloads\blackberry desktop manager setup.exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
Link to post
Share on other sites

The Adwcleaner log

 

# AdwCleaner v3.202 - Report created 24/04/2014 at 02:31:00
# Updated 23/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - TASDBN-PC-04
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : MgAssistService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wincert
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin
Folder Deleted : C:\Documents and Settings\User\.android
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\genienext
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\User\AppData\LocalLow\DataMngr
Folder Deleted : C:\Documents and Settings\User\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\User\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\User\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\User\My Documents\Mobogenie
Folder Deleted : C:\Documents and Settings\User\My Documents\Optimizer Pro
File Deleted : C:\alotserviceruntime.log
File Deleted : C:\Documents and Settings\User\daemonprocess.txt
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Deleted : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~1\IE\dtUser.exe]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotAppbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividmoviestoolbardlaIE
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10883 octets] - [24/04/2014 02:25:59]
AdwCleaner[s0].txt - [11103 octets] - [24/04/2014 02:31:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11164 octets] ##########
Link to post
Share on other sites

The Junkware Removal Tool Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 24/04/2014 at  2:51:27.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ammyy"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/04/2014 at  3:07:33.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Securitycheck log

 

 Results of screen317's Security Check version 0.99.82  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 45  
 Java 6 Update 6  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Let me know if any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

Results of ESET Scan

 

C:\Documents and Settings\All Users\Documents\Shared Docs\CuteWriter\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Temp\nsj57D.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Temp\nsj57D.tmp\~nst595.tmp a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Temp\nsu56D.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Temp\nsu56D.tmp\~nst59A.tmp a variant of Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.F potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\Latest\BUSolution.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\Latest\IEHelper.dll a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\3B7D5F08-BAB0-7891-B078-417A620E2FC8\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\DM_CCf2t8WAdo\DownloadManager.exe a variant of MSIL/Soft32Downloader.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\DM_HFwwjuYdxq\DownloadManager.exe a variant of MSIL/Soft32Downloader.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\DM_JBtQkhKl3K\DownloadManager.exe a variant of MSIL/Soft32Downloader.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\DM_rV4QPGe6qz\DownloadManager.exe a variant of MSIL/Soft32Downloader.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\nsb1B8\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\nsk1AF\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\nsk1AF\Uninstall.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\Local Settings\Temp\nsn22C\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Allpics\Downloads\karaokecdgcreatorsetup.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\User\My Documents\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Documents and Settings\User\Local Settings\Temp\1381228536_Cloud_Backup_Setup.exe.xBAD Win32/MyPCBackup.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Zulu\uninst.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Zulu\zulu.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\Program Files\NCH Software\Zulu\zulusetup_v2.00.exe a variant of Win32/Toolbar.Conduit.I potentially unwanted application deleted - quarantined
C:\WINDOWS\Temp\4b752916\SetupDataMngr_iLivid.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application deleted - quarantined
C:\WINDOWS\Temp\66d286c\SetupDataMngr_iLivid.exe a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application deleted - quarantined
C:\WINDOWS\Temp\nsf574\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\WINDOWS\Temp\nsl56C\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
 
I have updated Java to Version 7 Update 55.  However I cannot delete the older version as it is needed to run an essential program that I need for submitting tax information and it cannot operate with any other java.
 
Is there perhaps a workaround for this?
Link to post
Share on other sites

Hi Kevin

 

My PC is much faster and clear of any malware. I run a full system scan on AVG Antivirus FREE as well as Malwarebytes PRO.  Both came up clear.  

 

What is going to happen to all the quarantined files that is currently on AVG, Malwarebytes, Farbar and ESET.  The last two appears C:\Program Files\.

 

With regard to the Old version of Java will it suffice if the old Java Version is Disabled (Unticked) in the Java Console under the JAVA tab where you can manage the Java runtime versions for java applications and applets.  Both the old and new version appears under the subtab USER where it can be enabled (Ticked) or disabled (Unticked) as an option.  Under the subtab SYSTEM only the latest version appears as enabled and nothing can be added.  It is just a thought as I am only using Chrome or Internet explorer.  From the link you sent me it appears that the noscript is for firefox etc.

 

Thank you so much for your assistance.

 

Kind Regards

Link to post
Share on other sites

Yep apologies, NoScript is for Firefox. The solution you post for Java sounds good to me.

 

For Malwarebytes, open the Quarantine tab, use delete all function...

 

For ESET the option to uninstall was given in the instructions, if those were not followed do the following:

 

Remove ESET Online Scanner (Only if installed)

 


Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER.
Click to select ESET Online Scanner from the application list, and then click Remove. Only re-boot if prompted

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Let me know if any remaining issues or concerns, if none are we ok to close out....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin.....

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.