Jump to content

pcreg\service.exe infection; pup infections


Recommended Posts

My sister has given me her laptop and see if Malwarebytes can resolve a recurring problem.

She is a subscriber to Malwarebytes Anti-Malware Pro.

For the past several days whenever she runs a full scan a variety of “PUPS” come up.  One day over 70 appeared.

Most troublesome is that one PUP in particular keeps coming up even if it is found; sent to quarantine; system is rebooted and a full scan is done immediately afterwards the same PUP appears as an infection yet again.

A mbam log report of earlier this morning shows the offensive PUP:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.05.27.06

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

lafsa :: LAFSA-PC [administrator]

 

Protection: Enabled

 

5/28/2014 4:29:30 AM

mbam-log-2014-05-28 (04-29-30).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 440079

Time elapsed: 1 hour(s), 32 minute(s), 2 second(s)

 

Memory Processes Detected: 2

C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> 3396 -> Delete on reboot.

C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> 3384 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Program Files\pcreg\service.exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0M84K10\service[1].exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully.

 

(end)

 

Her laptop is:

 

Dell Studio XPS 1640 [Vista]; 64 bit operating system.

 

Any assistance you can provide will be greatly appreciated.

 

Thank you

Link to post
Share on other sites

Welcome to the forum.

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

Please run a Quick Scan with Malwarebytes (if possible)

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then......

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

 

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Here are the reports you requested:

 

www.malwarebytes.org
 
Database version: v2014.05.28.09
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
lafsa :: LAFSA-PC [administrator]
 
Protection: Enabled
 
5/28/2014 8:44:13 PM
mbam-log-2014-05-28 (20-44-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 295950
Time elapsed: 5 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by lafsa (administrator) on LAFSA-PC on 28-05-2014 20:52:33
Running from C:\Users\lafsa\Downloads
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\SingleClick Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Cloud Reader) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-01-26]
CHR Extension: (Gmail) - C:\Users\lafsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()
S2 CLKMSVC10_1628BCEA; "C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe" /svc [X]
S2 MySql; C:/mysql/bin/mysqld.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [35840 2009-04-11] (Microsoft Corporation)
S4 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-05-27] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [269824 2006-05-16] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2006-08-25] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [33280 2006-05-16] (HP)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102472 2009-09-16] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [41032 2008-12-19] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [308296 2009-09-16] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-09-16] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-28 20:52 - 2014-05-28 20:52 - 00013126 _____ () C:\Users\lafsa\Downloads\FRST.txt
2014-05-28 20:51 - 2014-05-28 20:52 - 00000000 ___DC () C:\FRST
2014-05-28 20:51 - 2014-05-28 20:51 - 02066944 _____ (Farbar) C:\Users\lafsa\Downloads\FRST64.exe
2014-05-28 08:12 - 2014-05-28 08:12 - 00001299 ____C () C:\DelFix.txt
2014-05-28 08:07 - 2014-05-28 20:40 - 00017641 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 07:40 - 2014-05-28 07:40 - 00000000 ____D () C:\Users\lafsa\Downloads\erunt
2014-05-28 04:44 - 2014-05-28 04:44 - 01686759 _____ () C:\Users\lafsa\Downloads\PSTools.zip
2014-05-28 04:40 - 2014-05-28 04:42 - 00000000 ___DC () C:\Program Files (x86)\LastPass
2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2014-05-28 04:38 - 2014-05-28 04:38 - 14936064 _____ (LastPass) C:\Users\lafsa\Downloads\lastpass_x64.exe
2014-05-27 13:33 - 2014-05-27 13:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\lafsa\Downloads\mbar-1.07.0.1009 (1).exe
2014-05-27 11:14 - 2014-05-27 11:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-27 11:12 - 2014-05-27 11:12 - 00002352 _____ () C:\Windows\system32\.crusader
2014-05-25 20:30 - 2014-05-25 20:30 - 04995904 _____ (Systweak Inc ) C:\Users\lafsa\Downloads\rcpafterdownloadt_ad_28137_t3.exe
2014-05-24 17:59 - 2014-05-24 18:35 - 00000000 ___DC () C:\Qoobox
2014-05-24 17:47 - 2014-05-24 18:31 - 00000000 ____D () C:\Windows\ERDNT
2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ___DC () C:\Program Files (x86)\ERUNT
2014-05-24 02:40 - 2014-05-24 04:39 - 00000000 ____D () C:\Users\lafsa\AppData\Local\CrashDumps
2014-05-23 22:09 - 2014-05-23 22:09 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ___DC () C:\Program Files\CCleaner
2014-05-23 22:08 - 2014-05-23 22:08 - 04748896 _____ (Piriform Ltd) C:\Users\lafsa\Downloads\ccsetup414.exe
2014-05-23 22:04 - 2014-05-23 22:04 - 00831968 _____ () C:\Users\lafsa\Downloads\CCleaner_Setup.exe
2014-05-23 20:06 - 2014-05-28 08:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-23 20:03 - 2014-05-24 04:38 - 00000000 ___DC () C:\Program Files\HitmanPro
2014-05-23 20:01 - 2014-05-27 11:12 - 00000000 ___DC () C:\ProgramData\HitmanPro
2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ___DC () C:\ProgramData\GridinSoft
2014-05-23 19:17 - 2014-05-28 08:13 - 00000000 ___DC () C:\Program Files\pcreg
2014-05-23 19:17 - 2014-05-28 08:04 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-05-23 19:17 - 2014-05-28 08:00 - 00002900 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-23 19:14 - 2014-05-25 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ___DC () C:\Program Files (x86)\GridinSoft Trojan Killer
2014-05-23 19:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-23 18:59 - 2014-05-27 13:15 - 00000000 ___DC () C:\AdwCleaner
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-05-22 18:37 - 2014-05-22 18:38 - 07536640 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-05-22 18:37 - 2014-05-22 18:38 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2014-05-22 18:37 - 2014-05-22 18:38 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2014-05-18 15:21 - 2014-05-18 15:21 - 00921512 _____ (Oracle Corporation) C:\Users\lafsa\Downloads\chromeinstall-7u55 (1).exe
2014-05-17 15:19 - 2014-05-23 13:59 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-14 08:58 - 2014-05-05 20:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 08:58 - 2014-05-05 20:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 08:58 - 2014-05-05 20:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 08:58 - 2014-05-05 19:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 08:58 - 2014-05-05 19:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 08:58 - 2014-05-05 19:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 06:54 - 2014-03-25 12:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 06:54 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-10 12:19 - 2001-08-17 22:43 - 00024576 ____N (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
 
==================== One Month Modified Files and Folders =======
 
2014-05-28 20:52 - 2014-05-28 20:52 - 00013126 _____ () C:\Users\lafsa\Downloads\FRST.txt
2014-05-28 20:52 - 2014-05-28 20:51 - 00000000 ___DC () C:\FRST
2014-05-28 20:51 - 2014-05-28 20:51 - 02066944 _____ (Farbar) C:\Users\lafsa\Downloads\FRST64.exe
2014-05-28 20:40 - 2014-05-28 08:07 - 00017641 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 20:36 - 2011-08-27 09:16 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-28 20:35 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 20:35 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 20:35 - 2006-11-02 11:22 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 09:46 - 2009-06-30 22:37 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-28 09:46 - 2006-11-02 11:42 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 09:46 - 2006-11-02 11:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-28 09:24 - 2011-08-27 09:16 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 08:13 - 2014-05-23 19:17 - 00000000 ___DC () C:\Program Files\pcreg
2014-05-28 08:12 - 2014-05-28 08:12 - 00001299 ____C () C:\DelFix.txt
2014-05-28 08:12 - 2014-05-23 20:06 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 08:04 - 2014-05-23 19:17 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-05-28 08:00 - 2014-05-23 19:17 - 00002900 _____ () C:\Windows\System32\Tasks\pcreg
2014-05-28 07:40 - 2014-05-28 07:40 - 00000000 ____D () C:\Users\lafsa\Downloads\erunt
2014-05-28 07:38 - 2009-07-11 07:37 - 00000000 ___RD () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 04:44 - 2014-05-28 04:44 - 01686759 _____ () C:\Users\lafsa\Downloads\PSTools.zip
2014-05-28 04:42 - 2014-05-28 04:40 - 00000000 ___DC () C:\Program Files (x86)\LastPass
2014-05-28 04:42 - 2006-11-02 09:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2014-05-28 04:40 - 2014-05-28 04:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2014-05-28 04:38 - 2014-05-28 04:38 - 14936064 _____ (LastPass) C:\Users\lafsa\Downloads\lastpass_x64.exe
2014-05-27 14:11 - 2014-02-22 19:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-27 13:33 - 2014-05-27 13:33 - 12589848 _____ (Malwarebytes Corp.) C:\Users\lafsa\Downloads\mbar-1.07.0.1009 (1).exe
2014-05-27 13:33 - 2014-02-22 19:27 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 13:15 - 2014-05-23 18:59 - 00000000 ___DC () C:\AdwCleaner
2014-05-27 11:14 - 2014-05-27 11:14 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-05-27 11:14 - 2010-02-18 14:47 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Apps\2.0
2014-05-27 11:12 - 2014-05-27 11:12 - 00002352 _____ () C:\Windows\system32\.crusader
2014-05-27 11:12 - 2014-05-23 20:01 - 00000000 ___DC () C:\ProgramData\HitmanPro
2014-05-27 09:05 - 2011-05-17 06:20 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8901C488-680D-4A15-8FC2-EB9BDCA3FFC3}
2014-05-26 08:04 - 2009-08-14 09:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-25 20:30 - 2014-05-25 20:30 - 04995904 _____ (Systweak Inc ) C:\Users\lafsa\Downloads\rcpafterdownloadt_ad_28137_t3.exe
2014-05-25 16:15 - 2014-05-23 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
2014-05-24 18:41 - 2009-07-11 07:37 - 00000000 ____D () C:\Users\lafsa
2014-05-24 18:35 - 2014-05-24 17:59 - 00000000 ___DC () C:\Qoobox
2014-05-24 18:35 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default
2014-05-24 18:31 - 2014-05-24 17:47 - 00000000 ____D () C:\Windows\ERDNT
2014-05-24 18:29 - 2006-11-02 08:34 - 00000215 ____C () C:\Windows\system.ini
2014-05-24 18:19 - 2009-07-01 00:38 - 00000000 ___DC () C:\DELL
2014-05-24 18:19 - 2009-06-30 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-05-24 18:18 - 2012-08-05 15:54 - 00000000 ___DC () C:\Program Files (x86)\Garmin
2014-05-24 18:16 - 2013-04-03 22:01 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Garmin
2014-05-24 18:16 - 2013-04-03 21:50 - 00000000 ___DC () C:\ProgramData\Garmin
2014-05-24 18:16 - 2012-08-05 15:00 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Garmin
2014-05-24 18:15 - 2009-07-16 10:02 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-05-24 17:47 - 2014-05-24 17:47 - 00000000 ___DC () C:\Program Files (x86)\ERUNT
2014-05-24 04:39 - 2014-05-24 02:40 - 00000000 ____D () C:\Users\lafsa\AppData\Local\CrashDumps
2014-05-24 04:38 - 2014-05-23 20:03 - 00000000 ___DC () C:\Program Files\HitmanPro
2014-05-23 22:11 - 2009-07-11 11:55 - 00000000 ____D () C:\Users\lafsa\Tracing
2014-05-23 22:09 - 2014-05-23 22:09 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-23 22:09 - 2014-05-23 22:09 - 00000000 ___DC () C:\Program Files\CCleaner
2014-05-23 22:08 - 2014-05-23 22:08 - 04748896 _____ (Piriform Ltd) C:\Users\lafsa\Downloads\ccsetup414.exe
2014-05-23 22:04 - 2014-05-23 22:04 - 00831968 _____ () C:\Users\lafsa\Downloads\CCleaner_Setup.exe
2014-05-23 21:44 - 2009-11-28 21:12 - 00000000 ___DC () C:\Program Files (x86)\Nikon
2014-05-23 21:44 - 2009-11-28 21:11 - 00000000 ___HC () C:\ProgramData\PKP_DLdu.DAT
2014-05-23 21:44 - 2009-11-28 21:11 - 00000000 _____ () C:\Users\lafsa\AppData\Roaming\Calibrators
2014-05-23 21:42 - 2009-06-30 22:49 - 00000000 ___DC () C:\ProgramData\CyberLink
2014-05-23 21:42 - 2009-06-30 22:38 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 21:37 - 2009-06-30 22:38 - 00000000 ___DC () C:\Program Files\Dell
2014-05-23 20:12 - 2011-01-02 14:12 - 00000258 _RSHC () C:\ProgramData\ntuser.pol
2014-05-23 19:19 - 2014-05-23 19:19 - 00000000 ___DC () C:\ProgramData\GridinSoft
2014-05-23 19:14 - 2014-05-23 19:14 - 00000000 ___DC () C:\Program Files (x86)\GridinSoft Trojan Killer
2014-05-23 18:10 - 2014-03-10 14:27 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-05-23 16:27 - 2006-11-02 11:21 - 00393808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-23 16:15 - 2009-07-11 07:37 - 00106080 _____ () C:\Users\lafsa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-23 14:58 - 2009-08-30 18:09 - 00007728 _____ () C:\Users\lafsa\AppData\Local\d3d9caps.dat
2014-05-23 14:01 - 2009-07-11 10:52 - 00000000 ____D () C:\Users\lafsa\AppData\Roaming\Apple Computer
2014-05-23 13:59 - 2014-05-17 15:19 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-23 13:59 - 2011-12-17 15:30 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2014-05-23 13:58 - 2012-02-10 11:22 - 00000000 ___DC () C:\Program Files\iPod
2014-05-23 13:54 - 2009-06-30 22:32 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-05-23 13:53 - 2009-06-30 23:01 - 00000000 ___DC () C:\Program Files (x86)\Creative
2014-05-23 13:50 - 2010-05-06 16:31 - 00000000 ____D () C:\ProgramData\SMART Technologies
2014-05-23 13:45 - 2014-04-03 08:32 - 00000000 ___DC () C:\Program Files (x86)\ResMed
2014-05-23 13:42 - 2009-11-28 21:14 - 00000000 ___HC () C:\ProgramData\PKP_DLdw.DAT
2014-05-23 13:42 - 2009-11-28 21:14 - 00000000 _____ () C:\Users\lafsa\AppData\Roaming\Channel
2014-05-23 13:37 - 2009-07-24 13:08 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-05-23 13:36 - 2014-03-02 09:14 - 00000000 ___DC () C:\Program Files (x86)\QuickTime
2014-05-23 13:31 - 2010-10-14 06:18 - 00000000 ___DC () C:\Program Files (x86)\NTID
2014-05-23 13:28 - 2009-07-11 10:48 - 00000000 ___DC () C:\ProgramData\Apple
2014-05-23 13:07 - 2009-07-23 17:38 - 00061102 ____C () C:\ProgramData\hpzinstall.log
2014-05-23 13:03 - 2009-07-23 17:37 - 00000000 ____D () C:\ProgramData\HP
2014-05-23 12:59 - 2009-07-23 17:42 - 00000000 ___DC () C:\Program Files (x86)\HP
2014-05-23 12:40 - 2009-06-30 22:40 - 00000000 ___DC () C:\ProgramData\Adobe
2014-05-23 12:40 - 2009-06-30 22:40 - 00000000 ___DC () C:\Program Files (x86)\Adobe
2014-05-23 12:36 - 2009-07-16 10:07 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Google
2014-05-23 10:13 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-05-22 18:43 - 2009-10-29 14:28 - 00000000 ____D () C:\Windows\pss
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\SysWOW64\WindowsPowerShell
2014-05-22 18:40 - 2014-05-22 18:40 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-05-22 18:38 - 2014-05-22 18:37 - 07536640 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2014-05-22 18:38 - 2014-05-22 18:37 - 00196608 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2014-05-22 18:38 - 2014-05-22 18:37 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2014-05-22 10:37 - 2006-11-02 08:46 - 00723270 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 15:28 - 2013-11-03 08:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-18 15:21 - 2014-05-18 15:21 - 00921512 _____ (Oracle Corporation) C:\Users\lafsa\Downloads\chromeinstall-7u55 (1).exe
2014-05-14 09:09 - 2009-06-30 22:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:07 - 2013-08-14 21:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:05 - 2006-11-02 08:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-10 12:19 - 2009-07-30 10:14 - 00000000 ___DC () C:\Program Files (x86)\Audible
2014-05-08 22:19 - 2011-08-27 09:16 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 22:19 - 2011-08-27 09:16 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 11:49 - 2009-07-16 14:07 - 00000000 ____D () C:\Users\lafsa\AppData\Local\Adobe
2014-05-05 20:46 - 2014-05-14 08:58 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:21 - 2014-05-14 08:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:21 - 2014-05-14 08:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 19:32 - 2014-05-14 08:58 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 19:14 - 2014-05-14 08:58 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 19:14 - 2014-05-14 08:58 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 18:43 - 2014-02-27 13:29 - 00000000 ____D () C:\Users\SingleClick Admin
2014-05-02 18:43 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-02 18:43 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-05-02 18:43 - 2006-11-02 08:33 - 94109696 _____ () C:\Windows\system32\config\software_previous
2014-05-02 18:43 - 2006-11-02 08:33 - 28835840 _____ () C:\Windows\system32\config\system_previous
2014-05-02 18:39 - 2006-11-02 08:33 - 54525952 _____ () C:\Windows\system32\config\components_previous
2014-05-02 18:39 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-02 12:14 - 2006-11-02 08:33 - 00786432 _____ () C:\Windows\system32\config\default_previous
2014-05-02 12:14 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-04-29 19:45 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\ProgramData\PKP_DLdw.DAT
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-28 20:42
 
==================== End Of Log ============================
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : lafsa [Admin rights]
Mode : Scan -- Date : 05/28/2014 21:04:28
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (DllCanUnloadNow) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968F34)
[Address] EAT @explorer.exe (DllGetClassObject) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968FF0)
[Address] EAT @explorer.exe (FastMimeGetFileExtension) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7794B720)
[Address] EAT @explorer.exe (FastMimeGetIsMimeFilterEnabled) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945B20)
[Address] EAT @explorer.exe (FastMimeLookupKnownType) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945A68)
[Address] EAT @explorer.exe (FastMimeSetIsMimeFilterEnabled) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77945FD8)
[Address] EAT @explorer.exe (IEGetFrameUtilExports) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DD0)
[Address] EAT @explorer.exe (IEGetProcessModule) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DB0)
[Address] EAT @explorer.exe (IEGetTabWindowExports) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77968DC0)
[Address] EAT @explorer.exe (IERT_DelayLoadFailureHook) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x779691B0)
[Address] EAT @explorer.exe (ImpersonateUser) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77970C98)
[Address] EAT @explorer.exe (LCIECalculatePackedStringSize) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B5A4)
[Address] EAT @explorer.exe (LCIEPackString) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B684)
[Address] EAT @explorer.exe (LCIEUnpackString) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x7795B520)
[Address] EAT @explorer.exe (ResetIEExtensibility) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77971CF0)
[Address] EAT @explorer.exe (ResetIERegistrySettings) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77971AE0)
[Address] EAT @explorer.exe (RevertImpersonate) : WININET.dll -> HOOKED (C:\Windows\system32\iertutil.dll @ 0x77970D18)
[Address] EAT @explorer.exe (DllCanUnloadNow) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD00459C)
[Address] EAT @explorer.exe (DllGetClassObject) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD0045C8)
[Address] EAT @explorer.exe (DllMain) : XmlLite.dll -> HOOKED (C:\Windows\System32\SndVolSSO.dll @ 0xFD00457C)
[Address] EAT @explorer.exe (BCryptAddContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2594C)
[Address] EAT @explorer.exe (BCryptAddContextFunctionProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26340)
[Address] EAT @explorer.exe (BCryptCloseAlgorithmProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC124FC)
[Address] EAT @explorer.exe (BCryptConfigureContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC255B8)
[Address] EAT @explorer.exe (BCryptConfigureContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25F14)
[Address] EAT @explorer.exe (BCryptCreateContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25128)
[Address] EAT @explorer.exe (BCryptCreateHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC144BC)
[Address] EAT @explorer.exe (BCryptDecrypt) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13484)
[Address] EAT @explorer.exe (BCryptDeleteContext) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC252C8)
[Address] EAT @explorer.exe (BCryptDeriveKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14124)
[Address] EAT @explorer.exe (BCryptDestroyHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14904)
[Address] EAT @explorer.exe (BCryptDestroyKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14338)
[Address] EAT @explorer.exe (BCryptDestroySecret) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14420)
[Address] EAT @explorer.exe (BCryptDuplicateHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14998)
[Address] EAT @explorer.exe (BCryptDuplicateKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14270)
[Address] EAT @explorer.exe (BCryptEncrypt) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13168)
[Address] EAT @explorer.exe (BCryptEnumAlgorithms) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12564)
[Address] EAT @explorer.exe (BCryptEnumContextFunctionProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26718)
[Address] EAT @explorer.exe (BCryptEnumContextFunctions) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25CDC)
[Address] EAT @explorer.exe (BCryptEnumContexts) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25454)
[Address] EAT @explorer.exe (BCryptEnumProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12970)
[Address] EAT @explorer.exe (BCryptEnumRegisteredProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25050)
[Address] EAT @explorer.exe (BCryptExportKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13770)
[Address] EAT @explorer.exe (BCryptFinalizeKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC130F8)
[Address] EAT @explorer.exe (BCryptFinishHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14860)
[Address] EAT @explorer.exe (BCryptFreeBuffer) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12C44)
[Address] EAT @explorer.exe (BCryptGenRandom) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15034)
[Address] EAT @explorer.exe (BCryptGenerateKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12FE0)
[Address] EAT @explorer.exe (BCryptGenerateSymmetricKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12EEC)
[Address] EAT @explorer.exe (BCryptGetFipsAlgorithmMode) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC27250)
[Address] EAT @explorer.exe (BCryptGetProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12C70)
[Address] EAT @explorer.exe (BCryptHashData) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC1481C)
[Address] EAT @explorer.exe (BCryptImportKey) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC139BC)
[Address] EAT @explorer.exe (BCryptImportKeyPair) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC13ADC)
[Address] EAT @explorer.exe (BCryptOpenAlgorithmProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC120F0)
[Address] EAT @explorer.exe (BCryptQueryContextConfiguration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2574C)
[Address] EAT @explorer.exe (BCryptQueryContextFunctionConfiguration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC260E0)
[Address] EAT @explorer.exe (BCryptQueryContextFunctionProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26BB0)
[Address] EAT @explorer.exe (BCryptQueryProviderRegistration) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24E00)
[Address] EAT @explorer.exe (BCryptRegisterConfigChangeNotify) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26E38)
[Address] EAT @explorer.exe (BCryptRegisterProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24A74)
[Address] EAT @explorer.exe (BCryptRemoveContextFunction) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC25B20)
[Address] EAT @explorer.exe (BCryptRemoveContextFunctionProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2653C)
[Address] EAT @explorer.exe (BCryptResolveProviders) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC27030)
[Address] EAT @explorer.exe (BCryptSecretAgreement) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14000)
[Address] EAT @explorer.exe (BCryptSetAuditingInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15510)
[Address] EAT @explorer.exe (BCryptSetContextFunctionProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC2699C)
[Address] EAT @explorer.exe (BCryptSetProperty) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC12E2C)
[Address] EAT @explorer.exe (BCryptSignHash) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14AF0)
[Address] EAT @explorer.exe (BCryptUnregisterConfigChangeNotify) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC26F50)
[Address] EAT @explorer.exe (BCryptUnregisterProvider) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC24CBC)
[Address] EAT @explorer.exe (BCryptVerifySignature) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC14DE4)
[Address] EAT @explorer.exe (GetAsymmetricEncryptionInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15400)
[Address] EAT @explorer.exe (GetCipherInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15364)
[Address] EAT @explorer.exe (GetHashInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC153D0)
[Address] EAT @explorer.exe (GetRngInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC155E8)
[Address] EAT @explorer.exe (GetSecretAgreementInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15490)
[Address] EAT @explorer.exe (GetSignatureInterface) : ncrypt.dll -> HOOKED (C:\Windows\system32\bcrypt.dll @ 0xFDC15410)
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9320421ASG ATA Device +++++
--- User ---
[MBR] 18ba7263226a027ee89824789d471ca2
[bSP] 35d795a8da2df7ea9c1836bfe839d26b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 MB
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 290205 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_05282014_210428.txt >>
 
 
 
Thank you

 

 

 

Addition.txt

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download the attached fixlist.txt to the same folder as FRST.exe.

    Run FRST.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02

Ran by lafsa at 2014-05-30 05:16:21 Run:1

Running from C:\Users\lafsa\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 

S4 pcregservice; C:\Program Files\pcreg\pcreg.exe [249024 2014-04-25] ()

C:\ProgramData\PKP_DLdu.DAT

C:\ProgramData\PKP_DLdw.DAT

C:\Program Files\pcreg

Task: {C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe 

Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcreg\service.exe 

 

 

 

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

pcregservice => Service deleted successfully.

C:\ProgramData\PKP_DLdu.DAT => Moved successfully.

C:\ProgramData\PKP_DLdw.DAT => Moved successfully.

C:\Program Files\pcreg => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C31F4B6B-526F-450F-9CD2-9BA0BCA27A2A} => Key deleted successfully.

C:\Windows\System32\Tasks\pcreg => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg => Key deleted successfully.

C:\Windows\Tasks\pcreg.job => Moved successfully.

 

==== End of Fixlog ====

 


ComboFix 14-05-29.01 - lafsa 05/30/2014   5:29.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4090.2232 [GMT -4:00]

Running from: c:\users\lafsa\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2014-04-28 to 2014-05-30  )))))))))))))))))))))))))))))))

.

.

2014-05-30 09:40 . 2014-05-30 09:40 -------- d-----w- c:\users\SingleClick Admin\AppData\Local\temp

2014-05-30 09:40 . 2014-05-30 09:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-05-24 21:47 . 2014-05-24 21:47 -------- dc----w- c:\program files (x86)\ERUNT

2014-05-24 06:40 . 2014-05-24 08:39 -------- d-----w- c:\users\lafsa\AppData\Local\CrashDumps

2014-05-24 02:09 . 2014-05-24 02:09 -------- dc----w- c:\program files\CCleaner

2014-05-24 00:06 . 2014-05-28 12:12 -------- d-----w- c:\windows\ERUNT

2014-05-24 00:03 . 2014-05-24 08:38 -------- dc----w- c:\program files\HitmanPro

2014-05-24 00:01 . 2014-05-27 15:12 -------- dc----w- c:\programdata\HitmanPro

2014-05-23 23:19 . 2014-05-23 23:19 -------- dc----w- c:\programdata\GridinSoft

2014-05-23 23:14 . 2014-05-23 23:14 -------- dc----w- c:\program files (x86)\GridinSoft Trojan Killer

2014-05-23 23:00 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll

2014-05-23 22:59 . 2014-05-27 17:15 -------- dc----w- C:\AdwCleaner

2014-05-22 22:40 . 2014-05-22 22:40 -------- d-----w- c:\windows\system32\WindowsPowerShell

2014-05-17 19:19 . 2014-05-23 17:59 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-05-14 12:58 . 2014-05-06 00:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-14 12:58 . 2014-05-05 23:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-05-14 12:58 . 2014-05-06 00:46 17847808 ----a-w- c:\windows\system32\mshtml.dll

2014-05-14 12:58 . 2014-05-06 00:21 96768 ----a-w- c:\windows\system32\mshtmled.dll

2014-05-14 10:54 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll

2014-05-10 16:19 . 2001-08-18 02:43 24576 ------w- c:\windows\SysWow64\msxml3a.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-27 17:33 . 2014-02-22 23:27 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-05-14 13:05 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe

2014-05-02 12:56 . 2011-03-25 07:12 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2014-03-11 13:52 . 2010-10-25 02:25 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2014-03-08 04:06 . 2014-04-09 13:31 10926592 ----a-w- c:\windows\system32\ieframe.dll

2014-03-08 03:49 . 2014-04-09 13:31 2334720 ----a-w- c:\windows\system32\jscript9.dll

2014-03-08 03:41 . 2014-04-09 13:31 1347072 ----a-w- c:\windows\system32\urlmon.dll

2014-03-08 03:40 . 2014-04-09 13:31 1392128 ----a-w- c:\windows\system32\wininet.dll

2014-03-08 03:39 . 2014-04-09 13:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2014-03-08 03:38 . 2014-04-09 13:31 237056 ----a-w- c:\windows\system32\url.dll

2014-03-08 03:37 . 2014-04-09 13:31 85504 ----a-w- c:\windows\system32\jsproxy.dll

2014-03-08 03:34 . 2014-04-09 13:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2014-03-08 03:34 . 2014-04-09 13:31 816640 ----a-w- c:\windows\system32\jscript.dll

2014-03-08 03:33 . 2014-04-09 13:31 599040 ----a-w- c:\windows\system32\vbscript.dll

2014-03-08 03:32 . 2014-04-09 13:31 729088 ----a-w- c:\windows\system32\msfeeds.dll

2014-03-08 03:32 . 2014-04-09 13:31 2147840 ----a-w- c:\windows\system32\iertutil.dll

2014-03-08 03:24 . 2014-04-09 13:31 248320 ----a-w- c:\windows\system32\ieui.dll

2014-03-07 23:12 . 2014-04-09 13:31 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-03-07 23:02 . 2014-04-09 13:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-03-07 23:02 . 2014-04-09 13:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2014-03-07 22:57 . 2014-04-09 13:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-03-07 22:56 . 2014-04-09 13:32 421376 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-12-07 02:31 . 2013-12-07 02:31 49940480 -c--a-w- c:\program files (x86)\GUTFD68.tmp

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-28 14936064]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableSecureUIAPath"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-23 23:26 1091912 -c--a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 13:15]

.

2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 13:15]

.

.

--------- X64 Entries -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = www.google.com

mLocal Page = c:\windows\system32\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: LastPass - file://c:\users\lafsa\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\users\lafsa\AppData\LocalLow\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="C:/mysql/bin/mysqld.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]

"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2014-05-30  05:43:52

ComboFix-quarantined-files.txt  2014-05-30 09:43

.

Pre-Run: 212,229,652,480 bytes free

Post-Run: 212,224,270,336 bytes free

.

- - End Of File - - 5B4D96CC8AEA10E83CCFACFC030BB964

CDB4DE4BBD714F152979DA2DCBEF57EB

 

Link to post
Share on other sites

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next.........

Please run a Quick Scan with Malwarebytes like this: (Ver: 1.75)
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

Last:

Re-scan with FRST and please Make sure the Addition Box is checked.

Post or attach the logs.

MrC

Link to post
Share on other sites

I had to "Attach" a couple of the logs as I got a message that "Posting" them all made the post too large.

 

# AdwCleaner v3.210 - Report created 23/05/2014 at 19:01:08

# Updated 19/05/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : lafsa - LAFSA-PC

# Running from : C:\Users\lafsa\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : Viewpoint Manager Service

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\ProgramData\Ask

[!] Folder Deleted : C:\ProgramData\Viewpoint

[!] Folder Deleted : C:\Program Files (x86)\Conduit

[!] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility

[!] Folder Deleted : C:\Users\lafsa\AppData\Local\apn

[!] Folder Deleted : C:\Users\lafsa\AppData\Local\Conduit

[!] Folder Deleted : C:\Users\lafsa\AppData\LocalLow\Conduit

[!] Folder Deleted : C:\Users\lafsa\AppData\Roaming\DriverCure

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Google Chrome v34.0.1847.137

 

*************************

 

AdwCleaner[R0].txt - [5125 octets] - [23/05/2014 18:59:55]

AdwCleaner[s0].txt - [4781 octets] - [23/05/2014 19:01:08]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4841 octets] ##########

# AdwCleaner v3.211 - Report created 30/05/2014 at 09:10:04

# Updated 26/05/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : lafsa - LAFSA-PC

# Running from : C:\Users\lafsa\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Google Chrome v35.0.1916.114

 

*************************

 

AdwCleaner[R0].txt - [6276 octets] - [23/05/2014 18:59:55]

AdwCleaner[R1].txt - [5329 octets] - [24/05/2014 04:54:36]

AdwCleaner[R2].txt - [1226 octets] - [27/05/2014 08:51:52]

AdwCleaner[R3].txt - [1042 octets] - [27/05/2014 10:26:22]

AdwCleaner[R4].txt - [1103 octets] - [27/05/2014 13:15:09]

AdwCleaner[s0].txt - [5815 octets] - [23/05/2014 19:01:08]

AdwCleaner[s1].txt - [4810 octets] - [24/05/2014 04:55:29]

AdwCleaner[s2].txt - [1300 octets] - [27/05/2014 08:53:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5995 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows Vista Home Premium x64

Ran by lafsa on Fri 05/30/2014 at  9:16:43.74

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 05/30/2014 at  9:23:38.39

End of JRT log

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.05.30.06

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

lafsa :: LAFSA-PC [administrator]

 

Protection: Enabled

 

5/30/2014 9:26:55 AM

mbam-log-2014-05-30 (09-26-55).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297439

Time elapsed: 4 minute(s), 15 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

FRST.txt second post.txt

Link to post
Share on other sites

I apologize for the oversight in not previously posting the "Addition.txt from FRST."  it is below.

 

I cannot give a definitive answer to how it is so far as I have restricted my use of my sister's laptop to only performing your instructions on conducting the repair and have not used it for any other purpose.  The problem "PUP" was only appearing when I ran a Malwarebytes "Full Scan" and not when I ran a "Quick Scan."  I would like to run a "Full Scan" and otherwise use her laptop for a day or so before I could firmly assert it was now working properly.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by lafsa at 2014-05-30 09:33:13
Running from C:\Users\lafsa\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0422.2237 - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0422.2238.38828 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help English (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help French (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help German (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0422.2237.38828 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
ccc-utility64 (Version: 2009.0422.2238.38828 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 12.0.1.0 - Synaptics)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.0 - Nikon)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Integrated Webcam Driver (1.05.02.1227)   (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft UI Engine (x32 Version: 4.0.0318.1 - Microsoft Corporation) Hidden
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2009.0422.2238.38828 - ATI) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
22-05-2014 14:42:29 Windows Update
22-05-2014 14:54:05 Windows Backup
22-05-2014 22:38:28 Windows Update
23-05-2014 16:37:32 Removed Absolute Notifier.
23-05-2014 16:39:26 Removed Adobe Reader X (10.1.10).
23-05-2014 16:40:47 Removed Advanced Audio FX Engine
23-05-2014 16:53:37 Removed File Uploader
23-05-2014 16:56:09 Removed Garmin Communicator Plugin
23-05-2014 16:56:29 Removed Garmin Communicator Plugin x64
23-05-2014 17:02:27 Removed HP Product Detection
23-05-2014 17:25:52 Removed Apple Application Support
23-05-2014 17:28:23 Removed Bonjour
23-05-2014 17:28:56 Removed C-Print Pro Server 2.6.2
23-05-2014 17:31:56 Removed QuickTime 7
23-05-2014 17:37:22 Removed WIDCOMM Bluetooth Software 6.1.0.4402
23-05-2014 17:40:21 Removed ViewNX
23-05-2014 17:43:03 Removed ResScan.
23-05-2014 17:46:01 Removed SMART Notebook.
23-05-2014 17:52:51 Removed Live! Cam Avatar Creator
23-05-2014 17:53:49 Removed Java 7 Update 55
23-05-2014 17:55:08 Removed iTunes
23-05-2014 18:03:20 Removed Apple Mobile Device Support
23-05-2014 18:04:22 Removed Apple Software Update
23-05-2014 18:14:25 Removed Banctec Service Agreement
24-05-2014 00:11:10 Removed Quickset.
24-05-2014 01:35:37 Removed Quickset.
24-05-2014 01:40:06 Removed Spelling Dictionaries Support For Adobe Reader 9.
24-05-2014 01:42:30 Removed Nikon Message Center
24-05-2014 01:43:18 Removed Nikon Transfer
24-05-2014 01:45:15 Removed Picture Control Utility
24-05-2014 22:10:17 Removed HP Update.
24-05-2014 22:11:13 削除 PMB
24-05-2014 22:12:56 Removed Netflix in Windows Media Center
24-05-2014 22:13:26 Removed Google Earth Plug-in.
24-05-2014 22:15:44 Garmin Express
24-05-2014 22:17:27 Removed Garmin USB Drivers
24-05-2014 22:18:20 Removed Complete Care Consumer Service Agreement
27-05-2014 10:04:19 Windows Update
28-05-2014 13:18:40 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2006-11-02 08:34 - 2014-05-24 18:28 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1127F92F-9EDB-4B9B-88CB-230CA8608B96} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19D816FB-BE2A-4AEC-84F2-1444CE82F335} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4B46EBFC-AECC-45AB-82BF-54D60F89D724} - System32\Tasks\{4D60D156-724A-4FA9-8148-F4CC7E07A3E3} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {54486FFB-CDB3-4B54-AD53-30EB7EE4ABB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {71FFE9F4-0BA2-450D-AF82-1F2FDD7E4E05} - System32\Tasks\tmp292A => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {83A61D0C-49F6-4C8B-8DED-A6F472011CA7} - System32\Tasks\tmpDB67 => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
Task: {9DD2166A-0A2E-40F4-8BDE-51E319B0F630} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)
Task: {AFE51F9E-72B8-4F83-87E9-E8EF9AB8376E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-01 00:54 - 2009-05-10 13:27 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2014-05-23 19:35 - 2014-05-13 19:40 - 04217672 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 19:36 - 2014-05-13 19:40 - 00414536 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 19:35 - 2014-05-13 19:40 - 01732424 ____C () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:06C5B98F
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: FAService => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Viewpoint Manager Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Absolute Notifier => "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: FATrayAlert => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => "C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
 
==================== Faulty Device Manager Devices =============
 
Name: Creative Live! Camera
Description: 
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Creative Technology Ltd.
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Creative Live! Camera
Description: 
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Creative Technology Ltd.
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Creative Live! Camera
Description: 
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Creative Technology Ltd.
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (12/10/2013 04:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3319 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error: (11/13/2013 10:40:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 671 seconds with 660 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-30 09:33:08.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 09:33:08.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 09:33:08.531
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 09:33:08.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 05:15:10.929
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 05:15:10.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 05:15:10.539
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-30 05:15:10.349
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-28 20:54:19.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-28 20:54:18.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 44%
Total physical RAM: 4089.95 MB
Available physical RAM: 2277.8 MB
Total Pagefile: 8381.17 MB
Available Pagefile: 6402.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:197.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:4.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: ECD0E75A)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Thank you.
Link to post
Share on other sites

It looks good, just get these:

Download the attached fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Let me know....MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02

Ran by lafsa at 2014-05-31 03:33:59 Run:2

Running from C:\Users\lafsa\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

AlternateDataStreams: C:\ProgramData\TEMP:06C5B98F

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npViewpoint.dll ()

C:\Users\lafsa\AppData\Local\temp\Quarantine.exe

*****************

 

C:\ProgramData\TEMP => ":06C5B98F" ADS removed successfully.

C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully.

C:\Users\lafsa\AppData\Local\temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

If there's not other problems......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
I am getting a message on my sister's laptop that says:

Smart  Failure Predicted on a Hard Disk 0: ST9320421ASG- (S1)

 

Warning:  Immediately back-up your data and replace your hard disk drive. A failure may be imminent.

 

Press F1 to Continue.

 

After I "Press F1" everything seems [so far] to be working properly but a message pops up on the lower left hand side of her screen that says "Backup Failed."  This is probably not related to the original issue but what does it mean?  Thank you

Link to post
Share on other sites

Sounds like the hard drive is going bad:

http://lmgtfy.com/?q=Smart+%20Failure+Predicted+on+a+Hard+Disk+0%3A+ST9320421ASG-+(S1)

-------------------------------

The log looks OK

You should upgrade to the latest version of Malwarebytes:

https://forums.malwarebytes.org/index.php?showtopic=146017

-------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Well I have the proverbial good news and bad news.

 

The good news is that I ran all of the tasks as directed in your last response without incident.

 

The bad news is after doing so I ran a "Full Scan" with Malwaresbytes and yet another PUP.Optional was found as seen in the log below.  This has been the recurring issue on my sister's laptop for the past week or so.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.05.31.07
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
lafsa :: LAFSA-PC [administrator]
 
Protection: Enabled
 
5/31/2014 12:23:20 PM
mbam-log-2014-05-31 (12-23-20).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443306
Time elapsed: 1 hour(s), 38 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XRTF2OJH\service[1].exe (PUP.Optional.SearchSafer) -> Quarantined and deleted successfully.
 
(end)
 
What to do now?   Thank you.
Link to post
Share on other sites

Nothing, it wasn't cleaned before and is only a temporary internet file.
You can set IE to clear all temporary internet files on close:
http://www.sevenforums.com/tutorials/162666-internet-explorer-empty-temporary-internet-files-folder-when-closed.html

and/or use your CCleaner to clean out temp files. (make sure it's set correctly...tutorial here)

If you run another full scan it shouldn't be there.

You should update Malwarebytes Anti-Malware also:
https://forums.malwarebytes.org/index.php?showtopic=146017

MrC

Link to post
Share on other sites

I reset the i.e. settings per instructions.

 

I confirmed that the ccleaner settings I had been using were correct.  They were.

 

I ran a Malwarebytes Full Scan and no problems were detected.

 

I have not ignored your admonitions to install the newest version of Malwarebytes but I need to see my sister and find out where she put the registration number so I can perform the manual installation.

 

As of now we seems to be working fine.  I will notify you if any unforeseen difficulties rear their ugly heads in the next few day.

 

Thank you for you assistance in this matter.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.