Jump to content

Infected xp machine


Recommended Posts

Hello

 

My father in law who lives in france has recently been caught out by a pop up which told him to update his Java. Unfortunately he did this, and it was a fake request and all it did was install lots of nasties on his PC. A few days earlier he was also caught out by the Microsoft tech support phone scam which managed to get into his computer for a short while before he realised and disconected. He was unable to remove whatever they had installed but got a local expert to do it for him, not sure if anything remained.

 

When I visited him 2 weeks ago I installed Malwarebytes and ran a scan, it found over 1000 faults. I fixed the faults and ran another scan and it came back clean. I then connected to the internet updated malwarebytes again it found more faults. The next day I did the same again updated ran a scan, more faults. cleaned faults scanned agian, clean. repeated the next day, updated, scanned, more faults. rescan, clean. I can probably get the logs from Malwarebytes if needed.

 

Also his Bitdefender had quarantined some items, which I deleted. Further scans found nothing more.

 

Please can you help

 

Today he has run the FRST scan and both logs are enclosed

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2014
Ran by HP_Administrator (administrator) on YOUR-E6F02835AE on 28-04-2014 10:13:24
Running from C:\Documents and Settings\HP_Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Sonic Solutions) C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(SoftMaker Software GmbH) C:\Program Files\SoftMaker Office 2010\SMASH.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Plustek\OpticFilm 7400\QuickScan.exe
(Microsoft Corporation) C:\WINDOWS\eHome\ehmsas.exe
(Hewlett-Packard Company) C:\HP\KBD\KBD.EXE
(Hewlett-Packard Company) c:\windows\system\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
 

==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [ftutil2] => C:\WINDOWS\system32\ftutil2.dll [106496 2004-06-07] (Promise Technology, Inc.)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [143360 2006-02-21] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8466432 2007-08-28] (NVIDIA Corporation)
HKLM\...\Run: [DMAScheduler] => c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [90112 2006-04-13] (Sonic Solutions)
HKLM\...\Run: [HPBootOp] => C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [249856 2006-02-15] (Hewlett-Packard Company)
HKLM\...\Run: [Reminder] => C:\Windows\Creator\Remind_XP.exe [663552 2004-12-13] (SoftThinks)
HKLM\...\Run: [OpwareSE2] => C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [488816 2012-03-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19557480 2012-03-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1614344 2013-11-20] (Bitdefender)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [296056 2012-06-27] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-61794163-341634225-1899769401-1007\...\Run: [sMASH] => C:\Program Files\SoftMaker Office 2010\SMASH.EXE [229411 2010-05-21] (SoftMaker Software GmbH)
HKU\S-1-5-21-61794163-341634225-1899769401-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll => C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll [727952 2011-03-24] (Discordia, LTD)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickScan (OpticFilm 7400).lnk
ShortcutTarget: QuickScan (OpticFilm 7400).lnk -> C:\Program Files\Plustek\OpticFilm 7400\QuickScan.exe ()
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk
ShortcutTarget: PinMcLnk.lnk -> C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PAVILION&pf=desktop
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49dZOvweDdIjt_OdIIl7Ln4uc8ANy1m8o2X7nNydAko47u-61w0MvdZdN5u_ca_05KJlLnNe_Q4Pjfgi9PP-NDOHvauHMryoKuQULQU0ZMzN9dtRdUfUVF2PeHbw1vWCUA,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49dZOvweDdIjt_OdIIl7Ln4uc8ANy1m8o2X7nNydAko47u-61w0MvdZdN5u_ca_05KJlLnNe_Q4Pjfgi9PP-NDOHvauHMryoKuQULQU0ZMzN9dtRdUfUVF2PeHbw1vWCUA,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49dZOvweDdIjt_OdIIl7Ln4uc8ANy1m8o2X7nNydAko47u-61w0MvdZdN5u_ca_05KJlLnNe_Q4Pjfgi9PP-NDOHvauHMryoKuQULQU0ZMzN9dtRdUfUVF2PeHbw1vWCUA,,&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZLPTi8JOzLs49dZOvweDdIjt_OdIIl7Ln4uc8ANy1m8o2X7nNydAko47u-61w0MvdZdN5u_ca_05KJlLnNe_Q4Pjfgi9PP-NDOHvauHMryoKuQULQU0ZMzN9dtRdUfUVF2PeHbw1vWCUA,,&q={searchTerms}
BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKCU - vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @ei.TelevisionFanatic.com/Plugin - C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-25]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-11-02]
 
========================== Services (Whitelisted) =================
 
S4 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-11-20] (Bitdefender)
S2 ELService; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [180224 2006-06-01] (Intel Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-08-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-11-20] (Bitdefender)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [778032 2014-01-16] (BitDefender)
R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [242504 2012-12-10] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [516936 2014-01-16] (BitDefender)
R0 bb-run; C:\WINDOWS\System32\DRIVERS\bb-run.sys [17408 2003-11-05] (Promise Technology, Inc.)
R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116560 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2013-11-20] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-11-02] (BitDefender LLC)
S3 ELacpi; C:\WINDOWS\System32\DRIVERS\ELacpi.sys [9728 2006-05-09] (Intel Corporation)
R1 ELhid; C:\WINDOWS\System32\Drivers\Elhid.sys [10112 2006-05-09] (Intel Corporation)
R1 ELkbd; C:\WINDOWS\System32\Drivers\Elkbd.sys [6912 2006-05-09] (Intel Corporation)
R1 ELmon; C:\WINDOWS\System32\Drivers\Elmon.sys [7040 2006-05-09] (Intel Corporation)
R1 ELmou; C:\WINDOWS\System32\Drivers\Elmou.sys [6400 2006-05-09] (Intel Corporation)
R0 ftsata2; C:\WINDOWS\System32\DRIVERS\ftsata2.sys [175104 2005-06-29] (Promise Technology, Inc.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [165744 2013-11-02] (BitDefender LLC)
R3 MonitorFunction; C:\WINDOWS\System32\DRIVERS\TVMonitor.sys [13304 2013-10-17] (TeamViewer GmbH)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R2 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [360376 2013-11-02] (BitDefender S.R.L.)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [26840 2012-08-21] (GEAR Software Inc.)
U0 Pml Driver HPZ12;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2014-04-28 10:13 - 2014-04-28 10:13 - 00017292 _____ () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-04-28 10:13 - 2014-04-28 10:13 - 00000000 ____D () C:\FRST
2014-04-28 10:10 - 2014-04-28 10:10 - 01049600 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-04-13 17:00 - 2014-04-27 07:07 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 16:59 - 2014-04-13 16:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-13 16:59 - 2014-04-13 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 16:59 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-12 16:47 - 2014-04-12 16:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-12 16:43 - 2014-04-12 16:43 - 00002731 _____ () C:\WINDOWS\updspapi.log
2014-04-12 16:42 - 2014-04-12 16:43 - 00023408 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-12 16:41 - 2014-04-12 16:47 - 00016474 _____ () C:\WINDOWS\KB2922229.log
2014-04-12 13:46 - 2014-04-14 10:38 - 00000000 ____D () C:\Avenger
2014-04-12 10:44 - 2014-04-12 10:44 - 00054016 _____ () C:\WINDOWS\system32\Drivers\gyghvj.sys
2014-04-08 12:48 - 2014-04-08 13:50 - 00055920 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-08 11:49 - 2014-04-08 11:49 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Lollipop
2014-04-08 11:48 - 2014-04-08 11:48 - 00000464 __RSH () C:\Documents and Settings\All Users\ntuser.pol
 
==================== One Month Modified Files and Folders =======
 
2014-04-28 10:13 - 2014-04-28 10:13 - 00017292 _____ () C:\Documents and Settings\HP_Administrator\Desktop\FRST.txt
2014-04-28 10:13 - 2014-04-28 10:13 - 00000000 ____D () C:\FRST
2014-04-28 10:10 - 2014-04-28 10:10 - 01049600 _____ (Farbar) C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe
2014-04-28 10:10 - 2011-01-02 17:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 10:05 - 2005-10-10 18:11 - 00000230 _____ () C:\WINDOWS\wiadebug.log
2014-04-28 10:03 - 2005-10-11 09:52 - 01309819 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-28 10:01 - 2013-03-31 10:39 - 00000444 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{E880036B-0963-45EA-92BC-A3902CFEAEA4}.job
2014-04-28 09:41 - 2012-06-09 06:43 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-28 08:10 - 2005-10-11 09:52 - 00032544 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-28 08:00 - 2010-12-22 18:19 - 00000188 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-04-28 07:59 - 2005-11-15 00:30 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-28 07:58 - 2014-03-28 09:21 - 00000244 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-28 07:58 - 2012-01-13 10:05 - 00000300 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-61794163-341634225-1899769401-1007.job
2014-04-28 07:58 - 2011-01-02 17:40 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-28 07:58 - 2005-10-11 09:52 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-28 07:58 - 2005-10-10 18:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-27 21:14 - 2010-12-22 14:48 - 00196608 _____ () C:\WINDOWS\system32\config\IntelDH.evt
2014-04-27 12:18 - 2011-03-19 08:03 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2014-04-27 12:16 - 2010-12-22 14:51 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-04-27 12:15 - 2010-12-23 16:16 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\Headings
2014-04-27 11:09 - 2013-01-15 12:44 - 00011264 _____ () C:\Documents and Settings\HP_Administrator\My Documents\Copy of Satellite channels.xlr
2014-04-27 11:09 - 2010-12-23 16:37 - 00019300 _____ () C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2014-04-27 07:22 - 2010-12-23 16:16 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\Impots
2014-04-27 07:07 - 2014-04-13 17:00 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 21:09 - 2010-12-22 18:21 - 00000000 ____D () C:\Documents and Settings\HP_Administrator
2014-04-24 15:09 - 2005-10-10 17:26 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-22 20:57 - 2005-10-10 17:20 - 00000673 _____ () C:\WINDOWS\win.ini
2014-04-21 12:27 - 2010-12-23 16:20 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\My Documents\PAH Medical
2014-04-14 10:38 - 2014-04-12 13:46 - 00000000 ____D () C:\Avenger
2014-04-14 10:38 - 2010-12-23 18:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715_0$
2014-04-14 07:18 - 2005-10-17 14:10 - 00000279 __RSH () C:\boot.ini
2014-04-14 07:18 - 2005-10-10 18:08 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-13 17:00 - 2014-03-24 14:37 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2014-04-13 17:00 - 2014-03-24 14:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-13 16:59 - 2014-04-13 16:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-13 16:59 - 2014-04-13 16:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-13 16:59 - 2014-03-24 14:36 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-12 20:54 - 2011-07-13 08:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2555917$
2014-04-12 16:47 - 2014-04-12 16:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-12 16:47 - 2014-04-12 16:41 - 00016474 _____ () C:\WINDOWS\KB2922229.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00026780 _____ () C:\WINDOWS\iis6.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00024636 _____ () C:\WINDOWS\FaxSetup.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00011824 _____ () C:\WINDOWS\ocgen.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00011284 _____ () C:\WINDOWS\tsoc.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00008217 _____ () C:\WINDOWS\comsetup.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00007550 _____ () C:\WINDOWS\msmqinst.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00004979 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00004332 _____ () C:\WINDOWS\netfxocm.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00002756 _____ () C:\WINDOWS\plusoc.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001720 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001368 _____ () C:\WINDOWS\ocmsn.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001352 _____ () C:\WINDOWS\ehOCGen.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001244 _____ () C:\WINDOWS\tabletoc.log
2014-04-12 16:47 - 2014-03-24 15:13 - 00001236 _____ () C:\WINDOWS\msgsocm.log
2014-04-12 16:47 - 2013-08-14 23:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-12 16:44 - 2010-12-23 18:01 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-12 16:43 - 2014-04-12 16:43 - 00002731 _____ () C:\WINDOWS\updspapi.log
2014-04-12 16:43 - 2014-04-12 16:42 - 00023408 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-12 16:43 - 2014-03-24 15:13 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-12 16:32 - 2010-12-22 14:28 - 00000000 ____D () C:\Program Files\GemMaster
2014-04-12 13:46 - 2005-10-10 17:25 - 00229592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-12 11:03 - 2010-12-23 12:48 - 00055920 _____ () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-12 10:44 - 2014-04-12 10:44 - 00054016 _____ () C:\WINDOWS\system32\Drivers\gyghvj.sys
2014-04-12 10:44 - 2013-12-11 13:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-04-08 15:09 - 2014-03-28 09:21 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-08 13:50 - 2014-04-08 12:48 - 00055920 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-04-08 11:49 - 2014-04-08 11:49 - 00000000 ____D () C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Lollipop
2014-04-08 11:48 - 2014-04-08 11:48 - 00000464 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-04-08 11:48 - 2012-04-09 18:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-04-03 09:51 - 2014-04-13 16:59 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-03-24 14:36 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-03 08:50 - 2010-12-24 13:22 - 00000308 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-61794163-341634225-1899769401-1007.job
2014-03-30 23:09 - 2012-11-12 16:32 - 00000483 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-30 08:00 - 2005-10-10 17:27 - 00531060 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
 
Some content of TEMP:
====================
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ShoppinHelper2new2.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\vcredist_x86.exe
 

==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2014
Ran by HP_Administrator at 2014-04-28 15:18:20
Running from C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\DN6FELGH
Boot Mode: Normal
==========================================================
 

==================== Security Center ========================
 
AV: Bitdefender Antivirus (Disabled - Up to date) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall (Disabled) {4055920F-2E99-48A8-A270-4243D2B8F242}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKLM\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.20.0.1483 - Bitdefender)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Camera Support Core Library (Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (Version: 5.2 - Canon) Hidden
Camera Window DVC (Version: 5.4 - Canon) Hidden
Camera Window MC (Version: 5.4 - Canon) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM\...\InstallShield_{001AB29C-5468-4972-8D24-2EBDB2B12133}) (Version: 5.4 - Canon)
Canon Camera Window DS for ZoomBrowser EX (HKLM\...\InstallShield_{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}) (Version: 5.2 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM\...\InstallShield_{89EB3ED7-225A-412E-B048-623D502C000F}) (Version: 5.4 - Canon)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}) (Version: 1.3.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{68D27126-BF6A-457D-8DD0-5F35E8D41310}) (Version: 1.3.1.21 - Canon)
Canon MP Navigator 2.0 (HKLM\...\MP Navigator 2.0) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MP560 series User Registration (HKLM\...\Canon MP560 series User Registration) (Version:  - )
Canon PhotoRecord (HKLM\...\{6693BD7C-CB4E-43AC-A0D6-10D1A1B88DCF}) (Version: 02.02.02000 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{001EB665-D9EC-415E-9E13-AD2125B2B992}) (Version: 2.1 - Canon)
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}) (Version: 3.1.14 - Canon)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Canon ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.02.0100 - Canon)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
CP_AtenaShokunin1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_CalendarTemplates1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_LightScribeConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_OnlineProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Basic1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CP_Panorama1Config (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_PosterPrintConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
cp_UpdateProjectsConfig (Version: 70.0.170.000 - Hewlett-Packard) Hidden
CueTour (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Customer Experience Enhancement (HKLM\...\InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}) (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680 - Hewlett-Packard) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.220 - ALPS ELECTRIC CO., LTD.)
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - )
FullDPAppQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Boot Optimizer (HKLM\...\{1341D838-719C-4A05-B50F-49420CA1B4BB}) (Version: 3.0.0 - Hewlett-Packard)
HP DigitalMedia Archive (HKLM\...\{F80239D8-7811-4D5E-B033-0D0BBFE32920}) (Version: 2.0 - Hewlett-Packard)
HP DVD Play 2.1 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Photosmart for Media Center PC (HKLM\...\HP Photosmart for Media Center PC) (Version:  - )
HP Photosmart Premier Software 6.5 (HKLM\...\HP Photo & Imaging) (Version: 6.5 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevices (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Quick Resume Technology Drivers (HKLM\...\EL) (Version:  - )
Intel® Viiv™ Software (HKLM\...\{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}) (Version: 1.0.3.2019 - Intel Corporation)
Internet Library (Version: 1.3.4 - Canon Inc.) Hidden
Internet Services (HKLM\...\InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}) (Version: FE UI-1.0.0.1680 - Hewlett Packard)
Internet Services (Version: FE UI-1.0.0.1680 - Hewlett Packard) Hidden
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
LightScribe  1.4.105.1 (Version: 1.4.105.1 - http://www.lightscribe.com) Hidden
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
MovieEdit Task (Version: 1.3.1.21 - Canon) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Noiseware Community Edition (HKLM\...\{CB3B7C24-30A1-4961-8039-94919F5ED2EE}) (Version: 2.6.0.1 - Imagenomic)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OmniPage SE 2.0 (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
OpticFilm 7400 (HKLM\...\{F2902CE1-C69F-4878-9E5D-6756733F6683}) (Version: 4.1.0 - )
OptionalContentQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
PC-Doctor 5 for Windows (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4060.15 - PC-Doctor, Inc.)
PhotoGallery (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.14 - Canon) Hidden
PlanMaker Viewer (HKLM\...\PlanMaker Viewer) (Version:  - SoftMaker Software GmbH)
Presto! ImageFolio 4 (HKLM\...\{783033B0-D8E6-11D5-9293-0050BA073EEC}) (Version: 4.50.03 - NewSoft Technology Corporation)
Presto! PageManager 7.10 (HKLM\...\{99D5EF59-CF6F-4030-901B-4DDDB7F99403}) (Version: 7.10.03 - NewSoft Technology Corporation)
Python 2.2 pywin32 extensions (build 203) (HKLM\...\pywin32-py2.2) (Version:  - )
Python 2.2.3 (HKLM\...\Python 2.2.3) (Version: 2.2.3 - PythonLabs at Zope Corporation)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RandMap (Version: 70.0.170.000 - Hewlett-Packard) Hidden
RAW Image Task 2.1 (Version: 2.1 - Canon) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6167 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shopping Helper Smartbar (HKLM\...\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
Shopping Helper Smartbar Engine (HKCU\...\{abaedcee-2b2b-40fa-8c44-b14d4e1f7433}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
SkinsHP1 (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShow (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SlideShowMusic (Version: 70.0.170.000 - Hewlett-Packard) Hidden
SoftMaker Office 2010 (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB00}) (Version: 10.0.596 - SoftMaker Software GmbH)
Sonic Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Sonic Solutions)
Sonic MyDVD Plus (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.2.0 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.6 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.6 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sonic_PrimoSDK (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TextMaker Viewer (HKLM\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows Media Player 10 (KB926251) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
vShare Plugin (HKLM\...\vShare) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows iLivid Toolbar (HKLM\...\Searchqu 406 MediaBar) (Version: 2.5.0.103268 - Bandoo Media, Inc) <==== ATTENTION
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
29-01-2014 12:37:33 System Checkpoint
30-01-2014 13:33:48 System Checkpoint
31-01-2014 14:33:15 System Checkpoint
01-02-2014 16:09:27 System Checkpoint
02-02-2014 17:25:46 System Checkpoint
03-02-2014 18:54:36 System Checkpoint
04-02-2014 19:13:21 System Checkpoint
05-02-2014 19:31:27 System Checkpoint
06-02-2014 19:35:41 System Checkpoint
07-02-2014 20:16:13 System Checkpoint
09-02-2014 00:02:47 System Checkpoint
10-02-2014 10:46:44 System Checkpoint
11-02-2014 11:40:41 System Checkpoint
12-02-2014 11:00:16 Software Distribution Service 3.0
13-02-2014 11:31:35 System Checkpoint
14-02-2014 11:52:26 System Checkpoint
15-02-2014 12:06:45 System Checkpoint
16-02-2014 12:33:05 System Checkpoint
17-02-2014 13:46:13 System Checkpoint
17-02-2014 20:15:35 RegCure Pro Backup
19-02-2014 09:32:37 System Checkpoint
20-02-2014 17:19:53 System Checkpoint
21-02-2014 17:20:43 System Checkpoint
22-02-2014 17:58:15 System Checkpoint
23-02-2014 18:25:35 System Checkpoint
24-02-2014 19:02:07 System Checkpoint
26-02-2014 10:35:36 System Checkpoint
27-02-2014 10:58:21 System Checkpoint
28-02-2014 11:16:00 System Checkpoint
01-03-2014 11:19:22 System Checkpoint
02-03-2014 11:42:54 System Checkpoint
03-03-2014 11:51:40 System Checkpoint
04-03-2014 12:29:27 System Checkpoint
05-03-2014 13:01:18 System Checkpoint
06-03-2014 13:54:43 System Checkpoint
07-03-2014 14:08:48 System Checkpoint
08-03-2014 14:09:09 System Checkpoint
09-03-2014 14:16:00 System Checkpoint
10-03-2014 14:19:21 System Checkpoint
11-03-2014 18:24:50 System Checkpoint
12-03-2014 11:00:16 Software Distribution Service 3.0
13-03-2014 11:00:44 System Checkpoint
14-03-2014 11:43:48 System Checkpoint
15-03-2014 12:10:57 System Checkpoint
16-03-2014 13:20:13 System Checkpoint
17-03-2014 14:12:22 System Checkpoint
18-03-2014 16:51:51 System Checkpoint
18-03-2014 23:02:56 Software Distribution Service 3.0
20-03-2014 07:02:46 System Checkpoint
21-03-2014 07:38:56 System Checkpoint
24-03-2014 12:30:28 Removed Ask Toolbar.
24-03-2014 12:31:41 Removed Bonjour
24-03-2014 13:09:32 Configured easy Internet sign-up
25-03-2014 13:42:50 System Checkpoint
26-03-2014 14:05:25 System Checkpoint
27-03-2014 11:00:20 Software Distribution Service 3.0
28-03-2014 11:25:33 System Checkpoint
29-03-2014 12:37:44 System Checkpoint
30-03-2014 13:08:28 System Checkpoint
31-03-2014 13:09:44 System Checkpoint
01-04-2014 13:45:37 System Checkpoint
02-04-2014 15:32:21 System Checkpoint
03-04-2014 16:16:30 System Checkpoint
04-04-2014 16:46:56 System Checkpoint
05-04-2014 17:23:00 System Checkpoint
06-04-2014 17:24:04 System Checkpoint
08-04-2014 08:40:35 System Checkpoint
08-04-2014 09:49:27 Uniblue SpeedUpMyPC installation
08-04-2014 10:56:35 Restore Operation
08-04-2014 11:01:35 Restore Operation
08-04-2014 11:05:59 Removed Java 7 Update 25
08-04-2014 11:18:31 Restore Operation
08-04-2014 11:24:27 Restore Operation
10-04-2014 18:07:09 System Checkpoint
12-04-2014 10:20:07 System Checkpoint
12-04-2014 14:42:31 Software Distribution Service 3.0
13-04-2014 15:39:22 System Checkpoint
21-04-2014 10:47:44 System Checkpoint
25-04-2014 12:31:41 System Checkpoint
26-04-2014 13:23:22 System Checkpoint
27-04-2014 14:25:42 System Checkpoint
 
==================== Hosts content: ==========================
 
2004-08-10 13:00 - 2004-08-10 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => ?
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => ?
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-61794163-341634225-1899769401-1007.job => ?
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-61794163-341634225-1899769401-1007.job => ?
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{E880036B-0963-45EA-92BC-A3902CFEAEA4}.job => ?
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-20 07:42 - 2013-08-27 15:20 - 00204280 ____N () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-11-02 20:46 - 2013-10-01 13:39 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2013-11-02 20:46 - 2011-11-14 21:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2013-11-02 20:46 - 2013-10-01 13:39 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-03-24 18:43 - 2014-03-24 18:43 - 00668840 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_014\ashttpbr.mdl
2014-03-24 18:43 - 2014-03-24 18:43 - 00489120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_014\ashttpdsp.mdl
2014-03-24 18:43 - 2014-03-24 18:43 - 02137584 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_014\ashttpph.mdl
2014-03-24 18:43 - 2014-03-24 18:43 - 01124088 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00030_014\ashttprbl.mdl
2010-12-22 18:06 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2010-12-22 18:06 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-12-22 18:04 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2010-12-22 18:05 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2012-04-09 20:40 - 2006-09-20 08:35 - 00020480 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
2013-11-02 20:46 - 2012-04-27 17:08 - 00093040 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
2012-04-09 20:40 - 2006-10-30 16:59 - 00024576 _____ () C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
2012-04-09 20:41 - 2009-03-27 16:22 - 00339968 _____ () C:\Program Files\Plustek\OpticFilm 7400\QuickScan.exe
2012-04-09 20:41 - 2008-05-28 13:55 - 00086016 _____ () C:\Program Files\Plustek\OpticFilm 7400\plkcom32.dll
2012-04-09 20:41 - 2010-08-26 18:36 - 00884736 _____ () C:\Program Files\Plustek\OpticFilm 7400\ScndrvU.drv
2012-04-09 20:41 - 2004-04-06 18:45 - 00040960 _____ () C:\Program Files\Plustek\OpticFilm 7400\DetectSession.dll
2010-12-28 17:34 - 2010-10-20 16:33 - 00481872 ____N () C:\Program Files\vShare\vshare_toolbar.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\PowerPointViewer.exe:BDU
AlternateDataStreams: C:\WINDOWS\system32\LegitCheckControl.DLL:BDU
AlternateDataStreams: C:\WINDOWS\system32\muweb.dll:BDU
AlternateDataStreams: C:\WINDOWS\system32\wuweb.dll:BDU
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: nwiz => nwiz.exe /installquiet /keeploaded /nodetect
MSCONFIG\startupreg: PCDrProfiler =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2014 03:21:24 PM) (Source: Application Hang) (User: )
Description: Hanging application mpncopy.exe, version 6.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/13/2014 10:08:01 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.0.0.500, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/03/2014 10:17:36 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
Error: (04/03/2014 10:17:31 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/31/2014 10:49:06 PM) (Source: Application Hang) (User: )
Description: Fault bucket 736169863.
 
Error: (03/31/2014 10:49:03 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/31/2014 11:42:58 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
Error: (03/31/2014 11:42:50 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/28/2014 09:22:17 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 404 (HTTP Response Status)
 
Error: (03/21/2014 10:01:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21547
 

System errors:
=============
Error: (04/28/2014 10:10:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/28/2014 09:10:23 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/28/2014 08:10:44 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/28/2014 08:00:23 AM) (Source: DCOM) (User: YOUR-E6F02835AE)
Description: DCOM got error "%%1058" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (04/28/2014 07:59:14 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203
 
Error: (04/28/2014 07:59:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%2
 
Error: (04/27/2014 09:10:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/27/2014 08:10:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/27/2014 07:10:21 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (04/27/2014 06:10:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 

Microsoft Office Sessions:
=========================
Error: (04/24/2014 03:21:24 PM) (Source: Application Hang)(User: )
Description: mpncopy.exe6.0.0.0hungapp0.0.0.000000000
 
Error: (04/13/2014 10:08:01 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.0.0.500hungapp0.0.0.000000000
 
Error: (04/03/2014 10:17:36 AM) (Source: Application Hang)(User: )
Description: 1180947459
 
Error: (04/03/2014 10:17:31 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/31/2014 10:49:06 PM) (Source: Application Hang)(User: )
Description: 736169863
 
Error: (03/31/2014 10:49:03 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000
 
Error: (03/31/2014 11:42:58 AM) (Source: Application Hang)(User: )
Description: 1180947459
 
Error: (03/31/2014 11:42:50 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (03/28/2014 09:22:17 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt404 (HTTP Response Status)
 
Error: (03/21/2014 10:01:49 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21547
 

==================== Memory info ===========================
 
Percentage of memory in use: 32%
Total physical RAM: 2046.39 MB
Available physical RAM: 1384.97 MB
Total Pagefile: 3937.33 MB
Available Pagefile: 3273.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.41 MB
 
==================== Drives ================================
 
Drive c: (HP_PAVILION) (Fixed) (Total:459.13 GB) (Free:413.1 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.61 GB) (Free:1.42 GB) FAT32 ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 7F477F47)
Partition 1: (Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=0C)
 
==================== End Of Log ============================

 

 

Link to post
Share on other sites

Welcome to the forum.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Thanks for the quick reply MrC.

Here is the roguekiller report. didn't know if you needed the malwarebytes report too so have included that aswell

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/04/2014
Scan Time: 22:32:11
Logfile: RK 32 Scan.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.29.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 1
Time Elapsed: 0 min, 36 sec

Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/04/2014
Scan Time: 21:42:56
Logfile: Malware scan 29.04.14.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.29.04
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: HP_Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281283
Time Elapsed: 3 hr, 43 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Lollipop, C:\Documents and Settings\HP_Administrator\Local Settings\Temp\6cabd9a7-f9a9-47ab-9a07-19352576e197\software\LollipopInstaller_uni.exe, Quarantined, [ab55817fba463bc5f43245828380b24e],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Link to post
Share on other sites

Please uninstall these from your add/remove programs:
Shopping Helper Smartbar
Shopping Helper Smartbar Engine
Windows iLivid Toolbar


------------------------------------------------

Next:

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-----------------------------------------------

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

-----------------------------------

Last:

Update and run a Threat Scan with Malwarebytes

----------------------------------

Let me know how it is, MrC

Link to post
Share on other sites

Hi MrC

 

My father in law tried to uninstall the 3 programs, Windows iLivid Toolbar was sucsessfully removed but Shopping Helper Smartbar and
Shopping Helper Smartbar Engine would not remove, he tried both in normal mode and in safe mode. He has done nothing else until advised on how to proceed with removal.

 

Peter

Link to post
Share on other sites

Hello again

 

Just had email from father in law, he is having problems with FRST.exe.

 

This is what he says

 

"I've made several attempts to make progress but cannot even get FRST.exe to run without Bitfefender stopping it due to an infected file EVEN though Bitdefender was dissabled at the time
 
The faulty file is listed as C:\documents and settings\hpadminisrtator\localsettings\temporaryinternetfiles\content.ie5\dn6felgh\frst.txt"
 
can he just delete frst.txt or is there something else he can do
 
Any advice to help him out would be most welcome
 
Peter
Link to post
Share on other sites

From the log, FRST.exe is located here: (on your Desktop)

C:\Documents and Settings\HP_Administrator\Desktop\FRST.exe

Now download Fixlist.txt and move it to your Desktop
FRST.exe and Fixlist.txt should both be on your Desktop
Now double click on FRST.exe and click Fix
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

 

MrC

Link to post
Share on other sites

MrC

 

Father in law is having major problems.........he just cannot get FRST.exe to run without bitdefender stopping it and moving frst.exe to recycle bin. have told him to disable bitdefender and try again. It also took nearly 24 hrs to resore frst.exe from recycle bin!!!

 

Any suggestions??

Link to post
Share on other sites

MrC

 

Father in law has asked me to thank you for all your help in trying to fix his PC. Unfortunately he has had to admit defeat, as nothing he does is able to get frst.exe to run. As i am in UK and he is in France I am unable to assist him other than over the phone or by email.

 

Thanks again

 

Peter

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.