Jump to content

Possible infection - fake facebook login page


Recommended Posts

On 5/27 or 5/28 my girlfriend is on facebook and gets a message from a friend to view pics. She clicks the link and it sends her to another facebook login page. She entered her login and password, then hits enter, and it takes her to a fake you tube page asking her to update her flash player. She realizes at this point it is a scam/virus page. She does NOT click to update the flash player.

 

Here's the problem. She did enter her login and password and hit enter on the fake facebook login. I ran a scan with Norton Internet Security, then with Norton Power Eraser and then finally with Malwarebytes. None of them picked up anything on the computer. Shouldn't have something popped up? I am double checking to make sure the computer is clean.

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Hello, here are the requested. Malwarebytes report is pasted in and Roguekiller report is attached.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2014
Scan Time: 6:32:44 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.11
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: RS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275761
Time Elapsed: 9 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

RKreport_SCN_06062014_185322.log

Link to post
Share on other sites

  • Root Admin

Great that looks okay.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Here are the requested items. Pasted in JRT, AdwCleaner, Malrwarebytes log and ESET texts as instructed.  Attached Farbar Recovery Scan Tool FRST text. I did not get an additional.txt maybe because I had already run the progam for my first post?

 

Note: Per my PM message, Advanced System Protector, Greener Web, OpenIt!, RegClean Pro, Update for Zip Opener and Zip Opener Packages were accidentally installed after Step 5. I see referencs to them in the following. Thanks!!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Premium x64
Ran by RS on Fri 06/06/2014 at 19:54:08.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1917137902-2755131890-4101174463-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\RS\AppData\Roaming\mozilla\firefox\profiles\5akyyn81.default-1350577505979\searchplugins\safesearch.xml
Successfully deleted: [File] C:\Users\RS\AppData\Roaming\mozilla\firefox\profiles\5akyyn81.default-1350577505979\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Users\RS\AppData\Roaming\mozilla\firefox\profiles\5akyyn81.default-1350577505979\prefs.js

user_pref("keyword.URL", "hxxp://nortonsafe.search.ask.com/web?o=APN10506&gct=kwd&qsrc=2869&l=dis&prt=NIS&chn=retail&geo=US&ver=21&q=");
Emptied folder: C:\Users\RS\AppData\Roaming\mozilla\firefox\profiles\5akyyn81.default-1350577505979\minidumps [368 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/06/2014 at 20:00:07.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

AdwCleaner

 

# AdwCleaner v3.212 - Report created 07/06/2014 at 10:43:23
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : RS - RS-PC
# Running from : C:\Users\RS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Systweak
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[!] Folder Deleted : C:\Program Files (x86)\Advanced System Protector
[!] Folder Deleted : C:\Program Files (x86)\openit
[!] Folder Deleted : C:\Program Files (x86)\RegClean Pro
[!] Folder Deleted : C:\UseRS\RS\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[!] Folder Deleted : C:\UseRS\RS\AppData\Roaming\DigitalSites
[!] Folder Deleted : C:\UseRS\RS\AppData\Roaming\Systweak
File Deleted : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\sasnative64.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\Tasks\Digital Sites.job
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\Tasks\RegClean Pro_UPDATES.job
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\openit open it!
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean-Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\UseRS\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\prefs.js ]


*************************

AdwCleaner[R0].txt - [5838 octets] - [07/06/2014 10:40:25]
AdwCleaner[s0].txt - [4825 octets] - [07/06/2014 10:43:23]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4885 octets] ##########
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/7/2014
Scan Time: 10:48:21 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.07.05
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: RS

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275890
Time Elapsed: 15 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESET log

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir    a variant of MSIL/AdvancedSystemProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir    a variant of MSIL/AdvancedSystemProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir    a variant of MSIL/AdvancedSystemProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\scandll.dll.vir    a variant of MSIL/AdvancedSystemProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\UseRS\RS\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir    Win32/InstallCore.PC potentially unwanted application
C:\Documents and Settings\RS\AppData\Local\Temp\ICReinstall_ZipSetup.exe    a variant of Win32/InstallCore.NN potentially unwanted application
C:\Documents and Settings\RS\AppData\Local\Temp\is357113909\12900331_stp\rcpsetup_adppi15_adppi15.exe    Win32/Systweak.B potentially unwanted application
C:\Documents and Settings\RS\AppData\Local\Temp\is357113909\12900448_stp\uninstaller.exe    Win32/InstallCore.PC potentially unwanted application
C:\Documents and Settings\RS\Desktop\ZipSetup.exe    a variant of Win32/InstallCore.NN potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Greener Web\GreenerWebBHO.dll    a variant of Win32/BrowseFox.F potentially unwanted application
C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe    a variant of Win32/BrowseFox.H potentially unwanted application
C:\Users\RS\AppData\Local\Temp\ICReinstall_ZipSetup.exe    a variant of Win32/InstallCore.NN potentially unwanted application
C:\Users\RS\AppData\Local\Temp\is357113909\12900331_stp\rcpsetup_adppi15_adppi15.exe    Win32/Systweak.B potentially unwanted application
C:\Users\RS\AppData\Local\Temp\is357113909\12900448_stp\uninstaller.exe    Win32/InstallCore.PC potentially unwanted application
C:\Users\RS\Desktop\ZipSetup.exe    a variant of Win32/InstallCore.NN potentially unwanted application
 

Link to post
Share on other sites

Sorry, I thought I had posted the Farber log. I only got a first.txt. It did not give me a new addional.txt, so I am posting the original additional.txt from 6/2.

 

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by RS (administrator) on RS-PC on 07-06-2014 14:19:39
Running from C:\Users\RS\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
() C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [sPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-07] (Dell)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\Run: [NortonUtilities] => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe [279912 2009-09-14] (Symantec Corporation)
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\MountPoints2: {9bac35ff-5f0f-11e1-b4ec-0023aee6f934} - K:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> C:\WINDOWS\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5329D3FE5E7ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Greener Web - {1973d53b-7311-45d7-8270-f44571c041a0} - C:\Program Files (x86)\Greener Web\GreenerWebbho.dll (Greener Web)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.190.192.35 71.9.127.107 24.205.224.36

FireFox:
========
FF ProfilePath: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\searchplugins\huffpost-search.xml
FF SearchPlugin: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\searchplugins\youtube.xml
FF Extension: AVG PrivacyFix - C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-25]
FF Extension: Greener Web - C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\Extensions\{a3f28269-ad17-41a8-b032-3e0313ef8979}.xpi [2014-06-06]
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-13]

==================== Services (Whitelisted) =================

S3 Creative ALchemy AL1 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-07-09] (Creative Labs)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Update Greener Web; C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [317728 2014-06-06] ()
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140606.002\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140606.018\ENG64.SYS [126040 2014-05-12] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140606.018\EX64.SYS [2099288 2014-05-12] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-13] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 14:12 - 2014-06-07 14:12 - 00002417 _____ () C:\Users\RS\Desktop\ESET.txt
2014-06-07 11:09 - 2014-06-07 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-07 11:08 - 2014-06-07 11:09 - 02347384 _____ (ESET) C:\Users\RS\Desktop\esetsmartinstaller_enu.exe
2014-06-07 10:46 - 2014-06-07 10:46 - 00004969 _____ () C:\Users\RS\Desktop\AdwCleaner[s0].txt
2014-06-07 10:39 - 2014-06-07 10:43 - 00000000 ____D () C:\AdwCleaner
2014-06-07 10:39 - 2014-06-07 10:39 - 01333465 _____ () C:\Users\RS\Desktop\AdwCleaner.exe
2014-06-06 20:05 - 2014-06-06 20:05 - 00000882 _____ () C:\Users\RS\Desktop\Continue Zip Opener Installation.lnk
2014-06-06 20:03 - 2014-06-07 10:44 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-06 20:03 - 2014-06-06 20:03 - 00678768 _____ ( ) C:\Users\RS\Desktop\ZipSetup.exe
2014-06-06 20:00 - 2014-06-06 20:00 - 00002269 _____ () C:\Users\RS\Desktop\JRT.txt
2014-06-06 19:54 - 2014-06-06 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 19:53 - 2014-06-06 19:53 - 01016261 _____ (Thisisu) C:\Users\RS\Desktop\JRT.exe
2014-06-06 18:55 - 2014-06-06 18:55 - 00004912 _____ () C:\Users\RS\Desktop\RKreport_SCN_06062014_185322.log
2014-06-06 18:49 - 2014-06-06 18:49 - 05245952 _____ () C:\Users\RS\Desktop\RogueKillerX64.exe
2014-06-06 18:49 - 2014-06-06 18:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 18:28 - 2014-06-06 18:28 - 00000000 ____D () C:\Windows\ERDNT
2014-06-06 18:26 - 2014-06-06 18:27 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-06 18:26 - 2014-06-06 18:26 - 00000765 _____ () C:\Users\RS\Desktop\NTREGOPT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000746 _____ () C:\Users\RS\Desktop\ERUNT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-06 18:21 - 2014-06-06 18:21 - 00003010 _____ () C:\Windows\System32\Tasks\{E5A7C055-7DEF-4335-8C65-3987F0AE7987}
2014-06-06 18:19 - 2014-06-06 18:19 - 00791393 _____ (Lars Hederer ) C:\Users\RS\Desktop\erunt-setup.exe
2014-06-06 18:18 - 2014-06-06 18:18 - 00002868 _____ () C:\Users\RS\Desktop\Rkill.txt
2014-06-06 18:17 - 2014-06-06 18:17 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RS\Desktop\rkill.exe
2014-06-02 14:19 - 2014-06-07 14:19 - 00017636 _____ () C:\Users\RS\Desktop\FRST.txt
2014-06-02 14:19 - 2014-06-07 14:19 - 00000000 ____D () C:\FRST
2014-06-02 14:17 - 2014-06-07 14:17 - 02072576 _____ (Farbar) C:\Users\RS\Desktop\FRST64.exe
2014-06-02 05:42 - 2014-06-02 05:42 - 00000182 _____ () C:\Users\RS\Desktop\New Text Document (3).txt
2014-06-01 02:43 - 2014-06-01 02:43 - 00010752 _____ () C:\Users\RS\Desktop\cell phone.xlr
2014-06-01 01:19 - 2014-06-01 02:16 - 00000338 _____ () C:\Users\RS\Desktop\New Text Document.txt
2014-05-30 06:54 - 2014-06-07 10:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 06:53 - 2014-05-30 06:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 06:53 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 06:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 06:49 - 2014-05-30 06:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RS\Desktop\mbam-clean-2.0.2.0.exe
2014-05-30 06:39 - 2014-05-30 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 04:44 - 2014-05-31 01:49 - 00000077 _____ () C:\Users\RS\Desktop\New Text Document (2).txt
2014-05-29 00:50 - 2014-05-29 00:50 - 00000178 _____ () C:\ProgramData\SMRResults410.dat
2014-05-28 23:27 - 2014-05-28 23:27 - 03077584 ____N (Symantec Corporation) C:\Users\RS\Desktop\NPE.exe
2014-05-28 22:36 - 2014-05-28 22:36 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Norton Utilities 14
2014-05-26 22:34 - 2014-05-26 22:34 - 00000000 _____ () C:\Users\RS\Desktop\fi;e on ocean aor.txt
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 _____ () C:\Users\RS\Desktop\find hlepul kaiser fstull girl form.txt
2014-05-19 17:23 - 2014-05-19 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-19 13:41 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-19 13:40 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-19 13:40 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-19 13:40 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-19 13:39 - 2014-05-19 13:40 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-17 14:01 - 2014-05-17 14:01 - 00000184 _____ () C:\Users\RS\Desktop\manual safe mode.txt
2014-05-14 20:29 - 2014-05-14 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-14 12:12 - 2014-05-14 13:47 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-05-14 12:12 - 2014-05-14 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 14
2014-05-14 12:12 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-05-14 12:12 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-05-14 12:12 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-05-14 12:12 - 2004-08-04 07:00 - 00506368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-05-14 10:13 - 2014-05-05 17:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 10:13 - 2014-05-05 17:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 10:13 - 2014-05-05 17:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 10:13 - 2014-05-05 16:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 10:13 - 2014-05-05 16:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 10:13 - 2014-05-05 16:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 04:16 - 2014-03-25 09:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 04:16 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 08:18 - 2014-05-13 08:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 02:08 - 2013-10-30 00:26 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-05-13 01:28 - 2014-05-13 01:38 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-13 01:28 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\Public\Downloads\Norton

==================== One Month Modified Files and Folders =======

2014-06-07 14:19 - 2014-06-02 14:19 - 00017636 _____ () C:\Users\RS\Desktop\FRST.txt
2014-06-07 14:19 - 2014-06-02 14:19 - 00000000 ____D () C:\FRST
2014-06-07 14:19 - 2013-05-08 08:27 - 00000000 ____D () C:\Users\RS\Desktop\office
2014-06-07 14:19 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS\AppData\Local\Temp
2014-06-07 14:17 - 2014-06-02 14:17 - 02072576 _____ (Farbar) C:\Users\RS\Desktop\FRST64.exe
2014-06-07 14:12 - 2014-06-07 14:12 - 00002417 _____ () C:\Users\RS\Desktop\ESET.txt
2014-06-07 13:55 - 2010-10-04 19:18 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 13:31 - 2013-12-17 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 12:45 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 12:45 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 11:09 - 2014-06-07 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-07 11:09 - 2014-06-07 11:08 - 02347384 _____ (ESET) C:\Users\RS\Desktop\esetsmartinstaller_enu.exe
2014-06-07 10:53 - 2009-07-09 18:56 - 01276236 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 10:47 - 2014-05-30 06:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 10:46 - 2014-06-07 10:46 - 00004969 _____ () C:\Users\RS\Desktop\AdwCleaner[s0].txt
2014-06-07 10:45 - 2010-10-04 19:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 10:45 - 2010-07-31 22:43 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-07 10:45 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS\AppData\Local\SoftThinks
2014-06-07 10:45 - 2009-07-09 23:49 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-07 10:45 - 2009-07-09 23:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-07 10:45 - 2009-07-09 23:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-07 10:45 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 10:44 - 2014-06-06 20:03 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-07 10:44 - 2008-01-20 20:26 - 00730146 _____ () C:\Windows\PFRO.log
2014-06-07 10:43 - 2014-06-07 10:39 - 00000000 ____D () C:\AdwCleaner
2014-06-07 10:43 - 2006-11-02 08:42 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-07 10:39 - 2014-06-07 10:39 - 01333465 _____ () C:\Users\RS\Desktop\AdwCleaner.exe
2014-06-07 09:10 - 2014-05-02 15:39 - 00031744 _____ () C:\Users\RS\Desktop\Wind.xlr
2014-06-07 09:10 - 2010-08-10 01:04 - 00032982 _____ () C:\Users\RS\AppData\Roaming\wklnhst.dat
2014-06-07 01:00 - 2010-11-18 21:05 - 00000000 ____D () C:\Users\RS\AppData\Local\Paint.NET
2014-06-06 20:05 - 2014-06-06 20:05 - 00000882 _____ () C:\Users\RS\Desktop\Continue Zip Opener Installation.lnk
2014-06-06 20:03 - 2014-06-06 20:03 - 00678768 _____ ( ) C:\Users\RS\Desktop\ZipSetup.exe
2014-06-06 20:00 - 2014-06-06 20:00 - 00002269 _____ () C:\Users\RS\Desktop\JRT.txt
2014-06-06 19:54 - 2014-06-06 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 19:53 - 2014-06-06 19:53 - 01016261 _____ (Thisisu) C:\Users\RS\Desktop\JRT.exe
2014-06-06 18:55 - 2014-06-06 18:55 - 00004912 _____ () C:\Users\RS\Desktop\RKreport_SCN_06062014_185322.log
2014-06-06 18:49 - 2014-06-06 18:49 - 05245952 _____ () C:\Users\RS\Desktop\RogueKillerX64.exe
2014-06-06 18:49 - 2014-06-06 18:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 18:30 - 2013-02-28 01:14 - 00001202 _____ () C:\Users\RS\Desktop\match game.txt
2014-06-06 18:28 - 2014-06-06 18:28 - 00000000 ____D () C:\Windows\ERDNT
2014-06-06 18:27 - 2014-06-06 18:26 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-06 18:26 - 2014-06-06 18:26 - 00000765 _____ () C:\Users\RS\Desktop\NTREGOPT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000746 _____ () C:\Users\RS\Desktop\ERUNT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-06 18:21 - 2014-06-06 18:21 - 00003010 _____ () C:\Windows\System32\Tasks\{E5A7C055-7DEF-4335-8C65-3987F0AE7987}
2014-06-06 18:19 - 2014-06-06 18:19 - 00791393 _____ (Lars Hederer ) C:\Users\RS\Desktop\erunt-setup.exe
2014-06-06 18:18 - 2014-06-06 18:18 - 00002868 _____ () C:\Users\RS\Desktop\Rkill.txt
2014-06-06 18:17 - 2014-06-06 18:17 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RS\Desktop\rkill.exe
2014-06-06 16:39 - 2012-01-31 00:19 - 00003662 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FCAFDDBE-FA9B-41F8-9DFA-D2A2942C51EF}
2014-06-06 16:29 - 2010-08-04 18:40 - 00006836 _____ () C:\Users\RS\AppData\Local\d3d9caps.dat
2014-06-02 05:42 - 2014-06-02 05:42 - 00000182 _____ () C:\Users\RS\Desktop\New Text Document (3).txt
2014-06-01 02:43 - 2014-06-01 02:43 - 00010752 _____ () C:\Users\RS\Desktop\cell phone.xlr
2014-06-01 02:16 - 2014-06-01 01:19 - 00000338 _____ () C:\Users\RS\Desktop\New Text Document.txt
2014-05-31 01:49 - 2014-05-29 04:44 - 00000077 _____ () C:\Users\RS\Desktop\New Text Document (2).txt
2014-05-30 06:53 - 2014-05-30 06:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 06:49 - 2014-05-30 06:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RS\Desktop\mbam-clean-2.0.2.0.exe
2014-05-30 06:39 - 2014-05-30 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-30 03:26 - 2013-01-01 16:57 - 00000000 ____D () C:\Users\RS\Desktop\Linked up
2014-05-30 03:09 - 2011-05-10 19:24 - 00000000 ____D () C:\Users\RS\Documents\all stuff as of 5-10-11
2014-05-29 00:50 - 2014-05-29 00:50 - 00000178 _____ () C:\ProgramData\SMRResults410.dat
2014-05-29 00:42 - 2013-09-01 11:22 - 00000000 ____D () C:\Users\RS\AppData\Local\NPE
2014-05-29 00:29 - 2014-05-02 07:58 - 00000000 ____D () C:\NPE
2014-05-28 23:28 - 2009-07-09 23:30 - 00000000 ____D () C:\ProgramData\Norton
2014-05-28 23:27 - 2014-05-28 23:27 - 03077584 ____N (Symantec Corporation) C:\Users\RS\Desktop\NPE.exe
2014-05-28 22:37 - 2011-02-03 20:17 - 00003072 _____ () C:\Windows\SysWOW64\Cache.db
2014-05-28 22:36 - 2014-05-28 22:36 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Norton Utilities 14
2014-05-27 05:03 - 2010-11-03 19:28 - 00006144 _____ () C:\Users\RS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 22:34 - 2014-05-26 22:34 - 00000000 _____ () C:\Users\RS\Desktop\fi;e on ocean aor.txt
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 _____ () C:\Users\RS\Desktop\find hlepul kaiser fstull girl form.txt
2014-05-19 17:23 - 2014-05-19 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-19 17:17 - 2013-12-25 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-19 17:17 - 2013-12-25 11:40 - 00002632 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-19 17:17 - 2013-06-07 11:37 - 00003284 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-19 17:17 - 2013-06-07 11:36 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-19 13:41 - 2013-10-25 08:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-19 13:40 - 2014-05-19 13:39 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-19 13:40 - 2009-07-09 23:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-17 14:01 - 2014-05-17 14:01 - 00000184 _____ () C:\Users\RS\Desktop\manual safe mode.txt
2014-05-16 17:33 - 2011-03-19 12:01 - 00000000 ____D () C:\Program Files\DivX
2014-05-16 17:33 - 2011-03-19 11:58 - 00000000 ____D () C:\ProgramData\DivX
2014-05-16 17:33 - 2011-03-19 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-16 08:41 - 2011-06-18 11:20 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 20:30 - 2014-05-14 20:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-14 13:47 - 2014-05-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-05-14 12:12 - 2014-05-14 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 14
2014-05-14 10:18 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 10:17 - 2006-11-02 05:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-14 04:31 - 2013-12-17 23:02 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 04:31 - 2012-10-23 12:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 04:31 - 2012-06-15 12:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 13:32 - 2012-04-25 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 08:18 - 2014-05-13 08:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 01:38 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-13 01:36 - 2013-12-25 11:37 - 00000831 _____ () C:\Users\RS\Desktop\Norton Installation Files.lnk
2014-05-13 01:35 - 2013-06-07 11:25 - 00000000 ____D () C:\Users\RS\AppData\Local\LogMeIn Rescue Applet
2014-05-13 01:35 - 2006-11-02 08:21 - 00320568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-13 01:32 - 2013-06-07 11:37 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-13 01:32 - 2013-06-07 11:37 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-13 01:31 - 2013-06-07 11:36 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-13 01:28 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-05-12 23:14 - 2014-05-03 06:32 - 00000000 ____D () C:\Windows\pss
2014-05-12 07:26 - 2014-05-30 06:53 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 06:53 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 06:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 23:51 - 2011-05-05 19:33 - 00000000 ____D () C:\Users\RS\Documents\My PageManager
2014-05-11 11:24 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 11:05 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-05-10 03:50 - 2010-10-04 19:18 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 03:50 - 2010-10-04 19:18 - 00003634 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 03:40 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS
2014-05-10 03:40 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-05-10 03:39 - 2006-11-02 05:33 - 72876032 _____ () C:\Windows\system32\config\software_previous
2014-05-10 03:39 - 2006-11-02 05:33 - 59244544 _____ () C:\Windows\system32\config\components_previous
2014-05-10 03:39 - 2006-11-02 05:33 - 17825792 _____ () C:\Windows\system32\config\system_previous
2014-05-10 03:39 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-05-10 03:39 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-05-10 03:39 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-05-10 03:38 - 2010-07-31 22:40 - 00000000 ___RD () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-10 03:38 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\spool
2014-05-10 03:38 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-10 03:37 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\registration

Files to move or delete:
====================
C:\Users\RS\AppData\Roaming\desktop.ini
C:\ProgramData\SMRResults410.dat


Some content of TEMP:
====================
C:\Users\RS\AppData\Local\Temp\ICReinstall_ZipSetup.exe
C:\Users\RS\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-07 11:04

==================== End Of Log ============================

 

 

 

Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0213.2138.38808 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help English (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help French (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help German (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
ccc-utility64 (Version: 2009.0213.2138.38808 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0027 - Dell, Inc.)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.2.0.0 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Norton Utilities (HKLM-x32\...\Norton Utilities_is1) (Version: 14.5 - Symantec Corporation)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Creator Premier (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2 - Roxio) Hidden
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Sid Meier's Gettysburg! (HKLM-x32\...\Sid Meier's Gettysburg!) (Version:  - )
Sid Meier's Gettysburg! 2000/XP Compatibility Update (HKLM-x32\...\InstallShield_{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}) (Version: 1.00.0000 - FIRAXIS Games, Inc.)
Sid Meier's Gettysburg! 2000/XP Compatibility Update (x32 Version: 1.00.0000 - FIRAXIS Games, Inc.) Hidden
Skins (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinRAR 4.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)

==================== Restore Points  =========================

11-05-2014 07:08:46 Scheduled Checkpoint
12-05-2014 00:20:21 Scheduled Checkpoint
12-05-2014 20:19:18 Scheduled Checkpoint
13-05-2014 10:57:41 Scheduled Checkpoint
14-05-2014 12:22:46 Scheduled Checkpoint
14-05-2014 17:12:45 Windows Update
15-05-2014 10:38:00 Scheduled Checkpoint
16-05-2014 10:03:24 Scheduled Checkpoint
17-05-2014 10:54:13 Scheduled Checkpoint
18-05-2014 01:22:39 Scheduled Checkpoint
18-05-2014 23:16:18 Scheduled Checkpoint
19-05-2014 19:04:41 Scheduled Checkpoint
19-05-2014 20:38:37 Installed Java 7 Update 55
20-05-2014 00:21:41 Windows Update
20-05-2014 22:35:30 Scheduled Checkpoint
21-05-2014 10:57:43 Scheduled Checkpoint
22-05-2014 15:36:48 Scheduled Checkpoint
23-05-2014 04:53:47 Scheduled Checkpoint
24-05-2014 00:49:19 Scheduled Checkpoint
25-05-2014 05:45:29 Scheduled Checkpoint
25-05-2014 22:48:45 Scheduled Checkpoint
26-05-2014 13:28:14 Scheduled Checkpoint
27-05-2014 23:21:33 Scheduled Checkpoint
28-05-2014 11:52:00 Scheduled Checkpoint
29-05-2014 07:40:14 Norton_Power_Eraser_20140529004014467
29-05-2014 23:30:07 Scheduled Checkpoint
30-05-2014 16:03:39 Scheduled Checkpoint
31-05-2014 04:49:38 Scheduled Checkpoint
31-05-2014 21:50:13 Scheduled Checkpoint
01-06-2014 22:41:15 Scheduled Checkpoint
02-06-2014 12:10:40 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {047B5C21-24EA-43B3-9861-F7B6BF2684D3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1917137902-2755131890-4101174463-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {07184902-7DB2-4339-ACCB-38CF8972FA2A} - System32\Tasks\alarm 2 => C:\Users\RS\Desktop\Linked up\music\hang ten\09 Hang Ten In East Berlin.mp3 [2012-08-12] ()
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {186D925E-B3D7-4B61-85F9-57D3F937D02B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1C282E67-0C83-4A41-B75B-16EBAA0E4BFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-04] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4B0F468C-B0C4-4377-AE76-84D0069BCEA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1917137902-2755131890-4101174463-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4B3968E7-792D-4B3B-BAF1-C55BED66C665} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {58861CE6-C1AE-4EFE-A885-07A2EF232046} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {58B5B1B8-3453-499B-A184-30ABED01018E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {5A497C53-0D0C-4D28-B3B4-00E1293CC984} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - RS => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {84C0BFA6-8152-40E3-BA67-17D5918CD439} - System32\Tasks\Alarm => C:\Users\RS\Desktop\Linked up\music\hang ten\09 Hang Ten In East Berlin.mp3 [2012-08-12] ()
Task: {D4C3C13E-D84A-4120-BB9F-5E751FA4FA2E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E7336EDF-3DA9-43CE-A4FF-F433B0E8A854} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-04] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F2667DDF-1BE3-4D40-B2A4-433FCC14E0A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-10 02:41 - 2009-03-30 04:24 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2010-08-08 04:23 - 2006-09-20 08:35 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
2010-08-08 04:23 - 2006-10-30 16:59 - 00024576 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
2009-04-09 13:29 - 2009-04-09 13:29 - 01762032 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-07-09 23:28 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-07-09 23:18 - 2009-07-09 23:18 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 07:19 - 2008-11-25 07:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-11-18 09:00 - 2008-11-18 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-09 23:15 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-07-09 23:15 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-08-26 05:29 - 2009-08-26 05:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00263920 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00132336 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-05-13 08:18 - 2014-05-13 08:18 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 04:31 - 2014-05-14 04:31 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2014 00:59:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 00:31:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/02/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 07:02:54 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/02/2014 03:40:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 01:18:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 08:12:26 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/31/2014 00:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 05:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 04:16:39 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (06/02/2014 00:59:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3

Error: (06/02/2014 00:59:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dock Login Service%%2

Error: (06/02/2014 11:02:36 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 10:52:35 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 10:42:34 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 10:32:36 AM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/02/2014 10:02:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3

Error: (06/02/2014 10:02:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dock Login Service%%2

Error: (06/02/2014 03:40:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3

Error: (06/02/2014 03:40:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dock Login Service%%2


Microsoft Office Sessions:
=========================
Error: (06/02/2014 00:59:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 00:31:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/02/2014 10:02:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 07:02:54 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/02/2014 03:40:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 01:18:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 08:12:26 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/31/2014 00:52:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 05:58:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 04:16:39 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


CodeIntegrity Errors:
===================================
  Date: 2014-06-02 14:19:40.382
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:40.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:40.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.501
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:39.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-02 14:19:38.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 6134.07 MB
Available physical RAM: 3786.59 MB
Total Pagefile: 12451.68 MB
Available Pagefile: 9943.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:523.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.45 GB) NTFS
Drive e: (May 12 2014) (CDROM) (Total:4.38 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: C8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.
  • Then RESTART THE COMPUTER

 

 

Next:
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  • Then RESTART THE COMPUTER

 

 

Next:
Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.

Link to post
Share on other sites

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jun 10 02:29:15 2014

Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_21Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_22Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_23Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_24Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_26Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.6.0_29Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_05Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_07Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_09Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_11Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_13Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_15Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_17Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_21Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_25Found and removed: C:\Users\RS\AppData\LocalLow\Sun\Java\jre1.7.0_51Found and removed: Software\Classes\JavaPlugin.160_31Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins

 

 

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by RS (administrator) on 10-06-2014 at 02:43:47
Running from "C:\Users\RS\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1             localhost

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RS-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-23-AE-E6-F9-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b936:d24a:706a:48c5%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, June 10, 2014 2:38:33 AM
   Lease Expires . . . . . . . . . . : Tuesday, June 10, 2014 3:38:33 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 251667374
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-E8-58-27-00-23-AE-E6-F9-34
   DNS Servers . . . . . . . . . . . : 68.190.192.35
                                       71.9.127.107
                                       24.205.224.36
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{817B19A0-2F41-4AE7-8DF0-48A3965D7B62}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  vip01rvsdca.rvsd.ca.charter.com
Address:  68.190.192.35

Name:    google.com
Addresses:  2607:f8b0:4007:800::1004
      74.125.224.130
      74.125.224.131
      74.125.224.133
      74.125.224.128
      74.125.224.135
      74.125.224.136
      74.125.224.132
      74.125.224.142
      74.125.224.137
      74.125.224.129
      74.125.224.134



Pinging google.com [74.125.224.163] with 32 bytes of data:

Reply from 74.125.224.163: bytes=32 time=11ms TTL=52

Reply from 74.125.224.163: bytes=32 time=11ms TTL=52



Ping statistics for 74.125.224.163:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 11ms, Maximum = 11ms, Average = 11ms

Server:  vip01rvsdca.rvsd.ca.charter.com
Address:  68.190.192.35

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=39ms TTL=51

Reply from 206.190.36.45: bytes=32 time=41ms TTL=51



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 39ms, Maximum = 41ms, Average = 40ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 11 ...00 23 ae e6 f9 34 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 12 ...00 00 00 00 00 00 00 e0  isatap.{817B19A0-2F41-4AE7-8DF0-48A3965D7B62}
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    276
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::b936:d24a:706a:48c5/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2014 02:39:46 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 02:37:07 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 02:33:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 02:48:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 02:19:45 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/09/2014 04:17:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 02:56:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:42:31 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/08/2014 11:54:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 11:09:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (06/10/2014 02:39:46 AM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3

Error: (06/10/2014 02:39:46 AM) (Source: Service Control Manager) (User: )
Description: Dock Login Service%%2

Error: (06/10/2014 02:35:09 AM) (Source: Service Control Manager) (User: )
Description: Creative Audio Service1

Error: (06/10/2014 02:33:33 AM) (Source: Service Control Manager) (User: )
Description: SessionLauncher%%3

Error: (06/10/2014 02:33:33 AM) (Source: Service Control Manager) (User: )
Description: Dock Login Service%%2

Error: (06/10/2014 01:18:22 AM) (Source: netbt) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/10/2014 01:08:19 AM) (Source: netbt) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/10/2014 00:58:19 AM) (Source: netbt) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/10/2014 00:48:20 AM) (Source: netbt) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/10/2014 00:38:20 AM) (Source: netbt) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (06/10/2014 02:39:46 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 02:37:07 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/10/2014 02:33:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 02:48:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/09/2014 02:19:45 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/09/2014 04:17:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 02:56:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2014 01:42:31 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/08/2014 11:54:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 11:09:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\RS\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-07 14:19:54.663
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:54.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:54.344
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:54.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-07 14:19:53.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Canon MX310 series
Canon My Printer
ccc-utility64 (Version: 2009.0213.2138.38808)
EMCGadgets64 (Version: 1.1.501)
Greener Web (Version: 2014.06.07.005323)
Intel® Matrix Storage Manager
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Paint.NET v3.5.6 (Version: 3.56.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 6134.07 MB
Available physical RAM: 4125.75 MB
Total Pagefile: 12379.68 MB
Available Pagefile: 10293.29 MB
Total Virtual: 4095.88 MB
Available Virtual: 3999.09 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:525.75 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.45 GB) NTFS

========================= Users: ========================================

User accounts for \\RS-PC

Administrator            Guest                    RS                       

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini022413-01.dmp
C:\Windows\Minidump\Mini042811-01.dmp
C:\Windows\Minidump\Mini070313-01.dmp
C:\Windows\Minidump\Mini092413-01.dmp
C:\Windows\Minidump\Mini110112-01.dmp
C:\Windows\Minidump\Mini111112-01.dmp
C:\Windows\Minidump\Mini111812-01.dmp
C:\Windows\Minidump\Mini120612-01.dmp
C:\Windows\Minidump\Mini122413-01.dmp

**** End of log ****
 

Link to post
Share on other sites

  • Root Admin

This computer has sustained quite a bit of damage. As said from the beginning we may not be able to correct all the issues.

Please visit this Microsoft link and run their automated fix tool.
Event ID 10 is logged in the Application log
 

 

Then run the following
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
  • Then RESTART THE COMPUTER

 

 

Then run a new scan with FRST and post back the new log.

Link to post
Share on other sites

I was unable to use the Tool on that page. I downloaded it but it does not work with my operating system (Vista). It says on the page "Event ID 10 is logged in the Application log after you install Service Pack 1 for Windows 7 or Windows Server 2008 R2".

 

I think a lot of the damage is from when i hit he wrong download button on step 5 and mistakenly installed Advanced System Protector, Greener Web, OpenIt!, RegClean Pro, Update for Zip Opener and Zip Opener. 

Link to post
Share on other sites

  • Root Admin

Some of these items appear to be long standing but we'll see what we can do.

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Norton found greenwebho.dll yesterday (mistakenly installed on step 5) and quarantined it. The scan today only uncovered a couple of tracking cookies. The computer is running fine and there are no visible signs of problems, though I concerned about what you have seen in the logs posted. :unsure:

Link to post
Share on other sites

  • Root Admin

Just some damage but as I said I think its been there a while.

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • Inside the folder you extract the file will be a folder called MBAR and inside that folder is one called Plugins - please find the file "fixdamage.exe" in that folder. Right click over it and choose "Run as administrator" and then restart the computer.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

 

Next:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Link to post
Share on other sites

Here are the 3 logs - mbar-log, then system-log, then FSS. Thanks.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.06.11.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
RS :: RS-PC [administrator]

6/11/2014 5:13:13 AM
mbar-log-2014-06-11 (05-13-13).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 288967
Time elapsed: 9 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.660000 GHz
Memory total: 6432038912, free: 4123697152

Downloaded database version: v2014.06.11.04
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
     06/11/2014 05:13:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\jraid.sys
\SystemRoot\system32\drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rtlh64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\t3.sys
\SystemRoot\system32\drivers\NISx64\1503000.00C\ccSetx64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\NISx64\1503000.00C\Ironx64.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\system32\drivers\RTSTOR64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMTDIV.SYS
\SystemRoot\system32\DRIVERS\hidir.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140610.001\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\packet.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140610.038\EX64.SYS
\??\C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140610.038\ENG64.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8009912060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa80098fb690
Lower Device Driver Name: \Driver\RTSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8009911060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa80098fb060
Lower Device Driver Name: \Driver\RTSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009903060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa800990cb20
Lower Device Driver Name: \Driver\RTSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009910060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000075\
Lower Device Object: 0xfffffa80098f0770
Lower Device Driver Name: \Driver\RTSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007516790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80065f5050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007516790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008839260, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007516790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80065f5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C8000000

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 144522

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 145408  Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31602688  Numsec = 1433542656
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8009910060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80098f0040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009910060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80098f0770, DeviceName: \Device\00000075\, DriverName: \Driver\RTSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8009903060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80099044e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009903060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800990cb20, DeviceName: \Device\00000076\, DriverName: \Driver\RTSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8009911060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009903b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009911060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80098fb060, DeviceName: \Device\00000077\, DriverName: \Driver\RTSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8009912060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009911b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009912060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80098fb690, DeviceName: \Device\00000078\, DriverName: \Driver\RTSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-31602688-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

 

 

 

 

Farbar Service Scanner Version: 10-06-2014
Ran by RS (administrator) on 11-06-2014 at 05:30:06
Running from "C:\Users\RS\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

Link to post
Share on other sites

  • Root Admin

Please restart the computer and then run the FRST program again and scan the system. Make sure to place a check mark on the ADDITION.TXT entry to get a new log for that.

 

Then post back both new logs.

 

 

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!


 

Link to post
Share on other sites

All 3 logs posted below as instructed.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 01
Ran by RS (administrator) on RS-PC on 12-06-2014 01:09:27
Running from C:\Users\RS\Desktop
Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\nis.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 14\RMTray.exe
() C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [sPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-05-14] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-07] (Dell)
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1917137902-2755131890-4101174463-1000\...\Run: [NortonUtilities] => C:\Program Files (x86)\Norton Utilities 14\RMTray.exe [279912 2009-09-14] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5329D3FE5E7ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.190.192.35 71.9.127.107 24.205.224.36

FireFox:
========
FF ProfilePath: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\searchplugins\huffpost-search.xml
FF SearchPlugin: C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\searchplugins\youtube.xml
FF Extension: AVG PrivacyFix - C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-25]
FF Extension: Greener Web - C:\Users\RS\AppData\Roaming\Mozilla\Firefox\Profiles\5akyyn81.default-1350577505979\Extensions\{a3f28269-ad17-41a8-b032-3e0313ef8979}.xpi [2014-06-06]
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-13]

==================== Services (Whitelisted) =================

S3 Creative ALchemy AL1 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [79360 2009-07-09] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-08-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Update Greener Web; C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [317728 2014-06-06] ()
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140611.001\IDSvia64.sys [525016 2014-05-12] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140611.032\ENG64.SYS [126040 2014-05-12] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140611.032\EX64.SYS [2099288 2014-05-12] (Symantec Corporation)
R2 Packet; C:\Windows\SysWOW64\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems) [File not signed]
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-29] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-13] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-10-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-29] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-12 01:09 - 2014-06-12 01:09 - 00014483 _____ () C:\Users\RS\Desktop\FRST.txt
2014-06-12 01:09 - 2014-06-12 01:09 - 00000000 ____D () C:\Users\RS\Desktop\FRST-OlderVersion
2014-06-12 01:00 - 2014-06-12 01:00 - 00854378 _____ () C:\Users\RS\Desktop\SecurityCheck.exe
2014-06-11 05:28 - 2014-06-11 05:30 - 00002772 _____ () C:\Users\RS\Desktop\FSS.txt
2014-06-11 05:26 - 2014-06-11 05:26 - 00415744 _____ (Farbar) C:\Users\RS\Desktop\FSS.exe
2014-06-11 05:13 - 2014-06-11 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-11 05:12 - 2014-06-11 05:12 - 00000000 ____D () C:\Users\RS\Desktop\mbar rootkit
2014-06-11 05:11 - 2014-06-11 05:11 - 00000000 ____D () C:\Users\RS\mbar rootkit
2014-06-11 05:09 - 2014-06-11 05:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\RS\Desktop\mbar-1.07.0.1012.exe
2014-06-10 14:57 - 2014-06-10 14:57 - 00015377 _____ () C:\ComboFix.txt
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 14:41 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-10 14:41 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-10 14:41 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-10 14:41 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-10 14:41 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-10 14:41 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-10 14:41 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-10 14:41 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-10 14:40 - 2014-06-10 14:57 - 00000000 ____D () C:\Qoobox
2014-06-10 14:38 - 2014-06-10 14:38 - 05205915 ____R (Swearware) C:\Users\RS\Desktop\ComboFix.exe
2014-06-10 14:37 - 2014-05-28 11:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 14:37 - 2014-05-28 11:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 14:37 - 2014-05-28 11:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 14:37 - 2014-05-28 11:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 14:37 - 2014-05-28 11:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 14:37 - 2014-05-28 11:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 14:37 - 2014-05-28 11:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-10 14:37 - 2014-05-28 11:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 14:37 - 2014-05-28 11:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-10 14:37 - 2014-05-28 11:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 14:37 - 2014-05-28 11:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 14:37 - 2014-05-28 11:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 14:37 - 2014-05-28 11:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 14:37 - 2014-05-28 11:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 14:37 - 2014-05-28 11:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 14:37 - 2014-05-28 11:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 14:37 - 2014-05-28 11:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 14:37 - 2014-05-28 11:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-10 14:37 - 2014-05-28 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-10 14:37 - 2014-05-28 11:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-10 14:37 - 2014-05-28 11:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 14:37 - 2014-05-28 09:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 14:37 - 2014-05-28 09:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 14:37 - 2014-05-28 09:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 14:37 - 2014-05-28 09:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 14:37 - 2014-05-28 09:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 14:37 - 2014-05-28 09:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 14:37 - 2014-05-28 09:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-10 14:37 - 2014-05-28 09:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 14:37 - 2014-05-28 09:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 14:37 - 2014-05-28 09:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-10 14:37 - 2014-05-28 09:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 14:37 - 2014-05-28 09:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 14:37 - 2014-05-28 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 14:37 - 2014-05-28 09:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-10 14:37 - 2014-05-28 09:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-10 14:37 - 2014-05-28 09:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 14:37 - 2014-04-26 11:21 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 14:37 - 2014-04-26 09:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 14:37 - 2014-04-05 02:10 - 01422784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 14:37 - 2014-03-09 23:26 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 14:37 - 2014-03-09 23:26 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 14:37 - 2014-03-09 18:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 14:37 - 2014-03-09 18:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 02:43 - 2014-06-10 02:44 - 00022213 _____ () C:\Users\RS\Desktop\Result.txt
2014-06-10 02:41 - 2014-06-10 02:41 - 00982016 _____ (Farbar) C:\Users\RS\Desktop\MiniToolBox.exe
2014-06-10 02:30 - 2014-06-10 02:30 - 00001831 _____ () C:\Users\RS\Desktop\JavaRa.log
2014-06-10 02:29 - 2014-06-10 02:29 - 00001915 _____ () C:\JavaRa.log
2014-06-10 02:26 - 2014-06-10 02:27 - 00000000 ____D () C:\Users\RS\Desktop\RemoveJava
2014-06-10 02:25 - 2014-06-10 02:25 - 00165483 _____ () C:\Users\RS\Desktop\JavaRa-1.16-28-5-13.zip
2014-06-07 14:12 - 2014-06-07 14:12 - 00002417 _____ () C:\Users\RS\Desktop\ESET.txt
2014-06-07 11:09 - 2014-06-07 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-07 11:08 - 2014-06-07 11:09 - 02347384 _____ (ESET) C:\Users\RS\Desktop\esetsmartinstaller_enu.exe
2014-06-07 10:46 - 2014-06-07 10:46 - 00004969 _____ () C:\Users\RS\Desktop\AdwCleaner[s0].txt
2014-06-07 10:39 - 2014-06-07 10:43 - 00000000 ____D () C:\AdwCleaner
2014-06-07 10:39 - 2014-06-07 10:39 - 01333465 _____ () C:\Users\RS\Desktop\AdwCleaner.exe
2014-06-06 20:05 - 2014-06-06 20:05 - 00000882 _____ () C:\Users\RS\Desktop\Continue Zip Opener Installation.lnk
2014-06-06 20:03 - 2014-06-11 23:51 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-06 20:03 - 2014-06-06 20:03 - 00678768 _____ ( ) C:\Users\RS\Desktop\ZipSetup.exe
2014-06-06 20:00 - 2014-06-06 20:00 - 00002269 _____ () C:\Users\RS\Desktop\JRT.txt
2014-06-06 19:54 - 2014-06-06 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 19:53 - 2014-06-06 19:53 - 01016261 _____ (Thisisu) C:\Users\RS\Desktop\JRT.exe
2014-06-06 18:55 - 2014-06-06 18:55 - 00004912 _____ () C:\Users\RS\Desktop\RKreport_SCN_06062014_185322.log
2014-06-06 18:49 - 2014-06-06 18:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 18:28 - 2014-06-10 14:56 - 00000000 ____D () C:\Windows\ERDNT
2014-06-06 18:26 - 2014-06-06 18:27 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-06 18:26 - 2014-06-06 18:26 - 00000765 _____ () C:\Users\RS\Desktop\NTREGOPT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000746 _____ () C:\Users\RS\Desktop\ERUNT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-06 18:21 - 2014-06-06 18:21 - 00003010 _____ () C:\Windows\System32\Tasks\{E5A7C055-7DEF-4335-8C65-3987F0AE7987}
2014-06-06 18:19 - 2014-06-06 18:19 - 00791393 _____ (Lars Hederer ) C:\Users\RS\Desktop\erunt-setup.exe
2014-06-06 18:18 - 2014-06-06 18:18 - 00002868 _____ () C:\Users\RS\Desktop\Rkill.txt
2014-06-06 18:17 - 2014-06-06 18:17 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RS\Desktop\rkill.exe
2014-06-02 14:19 - 2014-06-12 01:09 - 00000000 ____D () C:\FRST
2014-06-02 14:17 - 2014-06-12 01:09 - 02081792 _____ (Farbar) C:\Users\RS\Desktop\FRST64.exe
2014-06-02 05:42 - 2014-06-02 05:42 - 00000182 _____ () C:\Users\RS\Desktop\New Text Document (3).txt
2014-06-01 02:43 - 2014-06-01 02:43 - 00010752 _____ () C:\Users\RS\Desktop\cell phone.xlr
2014-06-01 01:19 - 2014-06-01 02:16 - 00000338 _____ () C:\Users\RS\Desktop\New Text Document.txt
2014-05-30 06:54 - 2014-06-11 05:13 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 06:53 - 2014-06-11 05:12 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 06:53 - 2014-05-30 06:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 06:53 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 06:49 - 2014-05-30 06:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RS\Desktop\mbam-clean-2.0.2.0.exe
2014-05-30 06:39 - 2014-05-30 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 04:44 - 2014-06-10 13:35 - 00000132 _____ () C:\Users\RS\Desktop\New Text Document (2).txt
2014-05-29 00:50 - 2014-05-29 00:50 - 00000178 _____ () C:\ProgramData\SMRResults410.dat
2014-05-28 23:27 - 2014-05-28 23:27 - 03077584 ____N (Symantec Corporation) C:\Users\RS\Desktop\NPE.exe
2014-05-28 22:36 - 2014-05-28 22:36 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Norton Utilities 14
2014-05-26 22:34 - 2014-05-26 22:34 - 00000000 _____ () C:\Users\RS\Desktop\fi;e on ocean aor.txt
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 _____ () C:\Users\RS\Desktop\find hlepul kaiser fstull girl form.txt
2014-05-19 17:23 - 2014-05-19 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-19 13:39 - 2014-05-19 13:40 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-17 14:01 - 2014-05-17 14:01 - 00000184 _____ () C:\Users\RS\Desktop\manual safe mode.txt
2014-05-14 20:29 - 2014-05-14 20:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-14 12:12 - 2014-05-14 13:47 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-05-14 12:12 - 2014-05-14 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 14
2014-05-14 12:12 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2014-05-14 12:12 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2014-05-14 12:12 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2014-05-14 12:12 - 2004-08-04 07:00 - 00506368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2014-05-14 04:16 - 2014-03-25 09:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 04:16 - 2014-03-25 06:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 08:18 - 2014-06-10 02:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-13 02:08 - 2013-10-30 00:26 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-05-13 01:28 - 2014-05-13 01:38 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-13 01:28 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\Public\Downloads\Norton

==================== One Month Modified Files and Folders =======

2014-06-12 01:09 - 2014-06-12 01:09 - 00014483 _____ () C:\Users\RS\Desktop\FRST.txt
2014-06-12 01:09 - 2014-06-12 01:09 - 00000000 ____D () C:\Users\RS\Desktop\FRST-OlderVersion
2014-06-12 01:09 - 2014-06-02 14:19 - 00000000 ____D () C:\FRST
2014-06-12 01:09 - 2014-06-02 14:17 - 02081792 _____ (Farbar) C:\Users\RS\Desktop\FRST64.exe
2014-06-12 01:09 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS\AppData\Local\Temp
2014-06-12 01:08 - 2010-10-04 19:18 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 01:08 - 2010-08-04 18:40 - 00006836 _____ () C:\Users\RS\AppData\Local\d3d9caps.dat
2014-06-12 01:08 - 2010-07-31 22:43 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-12 01:08 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS\AppData\Local\SoftThinks
2014-06-12 01:08 - 2009-07-09 23:49 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-12 01:08 - 2009-07-09 23:49 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-12 01:08 - 2009-07-09 23:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-12 01:08 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 01:08 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 01:08 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 01:06 - 2009-07-09 18:56 - 01488488 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 01:06 - 2006-11-02 08:42 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 01:02 - 2013-01-01 16:57 - 00000000 ____D () C:\Users\RS\Desktop\Linked up
2014-06-12 01:00 - 2014-06-12 01:00 - 00854378 _____ () C:\Users\RS\Desktop\SecurityCheck.exe
2014-06-12 00:55 - 2010-10-04 19:18 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-12 00:31 - 2013-12-17 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-11 23:51 - 2014-06-06 20:03 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-11 17:11 - 2014-05-02 15:39 - 00035328 _____ () C:\Users\RS\Desktop\Wind.xlr
2014-06-11 17:11 - 2010-08-10 01:04 - 00032982 _____ () C:\Users\RS\AppData\Roaming\wklnhst.dat
2014-06-11 05:30 - 2014-06-11 05:28 - 00002772 _____ () C:\Users\RS\Desktop\FSS.txt
2014-06-11 05:26 - 2014-06-11 05:26 - 00415744 _____ (Farbar) C:\Users\RS\Desktop\FSS.exe
2014-06-11 05:25 - 2014-06-11 05:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-11 05:13 - 2014-05-30 06:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 05:12 - 2014-06-11 05:12 - 00000000 ____D () C:\Users\RS\Desktop\mbar rootkit
2014-06-11 05:12 - 2014-05-30 06:53 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-11 05:11 - 2014-06-11 05:11 - 00000000 ____D () C:\Users\RS\mbar rootkit
2014-06-11 05:11 - 2010-07-31 22:40 - 00000000 ____D () C:\Users\RS
2014-06-11 05:09 - 2014-06-11 05:09 - 14349744 _____ (Malwarebytes Corp.) C:\Users\RS\Desktop\mbar-1.07.0.1012.exe
2014-06-11 03:05 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:03 - 2006-11-02 05:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 01:23 - 2012-01-31 00:19 - 00003662 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FCAFDDBE-FA9B-41F8-9DFA-D2A2942C51EF}
2014-06-10 18:57 - 2008-01-20 20:26 - 00732456 _____ () C:\Windows\PFRO.log
2014-06-10 14:57 - 2014-06-10 14:57 - 00015377 _____ () C:\ComboFix.txt
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-10 14:57 - 2014-06-10 14:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-10 14:57 - 2014-06-10 14:40 - 00000000 ____D () C:\Qoobox
2014-06-10 14:57 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
2014-06-10 14:56 - 2014-06-06 18:28 - 00000000 ____D () C:\Windows\ERDNT
2014-06-10 14:56 - 2010-07-31 22:40 - 00000000 ___RD () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 14:56 - 2009-07-09 23:38 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 14:56 - 2009-07-09 23:38 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 14:56 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-10 14:55 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-10 14:38 - 2014-06-10 14:38 - 05205915 ____R (Swearware) C:\Users\RS\Desktop\ComboFix.exe
2014-06-10 14:34 - 2010-11-24 05:33 - 00027746 _____ () C:\Users\RS\Documents\NEWSOFT
2014-06-10 14:33 - 2010-08-02 14:18 - 00000000 ____D () C:\Temp
2014-06-10 13:35 - 2014-05-29 04:44 - 00000132 _____ () C:\Users\RS\Desktop\New Text Document (2).txt
2014-06-10 02:44 - 2014-06-10 02:43 - 00022213 _____ () C:\Users\RS\Desktop\Result.txt
2014-06-10 02:41 - 2014-06-10 02:41 - 00982016 _____ (Farbar) C:\Users\RS\Desktop\MiniToolBox.exe
2014-06-10 02:30 - 2014-06-10 02:30 - 00001831 _____ () C:\Users\RS\Desktop\JavaRa.log
2014-06-10 02:29 - 2014-06-10 02:29 - 00001915 _____ () C:\JavaRa.log
2014-06-10 02:27 - 2014-06-10 02:26 - 00000000 ____D () C:\Users\RS\Desktop\RemoveJava
2014-06-10 02:25 - 2014-06-10 02:25 - 00165483 _____ () C:\Users\RS\Desktop\JavaRa-1.16-28-5-13.zip
2014-06-10 02:23 - 2014-05-13 08:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-07 14:20 - 2013-05-08 08:27 - 00000000 ____D () C:\Users\RS\Desktop\office
2014-06-07 14:12 - 2014-06-07 14:12 - 00002417 _____ () C:\Users\RS\Desktop\ESET.txt
2014-06-07 11:09 - 2014-06-07 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-07 11:09 - 2014-06-07 11:08 - 02347384 _____ (ESET) C:\Users\RS\Desktop\esetsmartinstaller_enu.exe
2014-06-07 10:46 - 2014-06-07 10:46 - 00004969 _____ () C:\Users\RS\Desktop\AdwCleaner[s0].txt
2014-06-07 10:43 - 2014-06-07 10:39 - 00000000 ____D () C:\AdwCleaner
2014-06-07 10:39 - 2014-06-07 10:39 - 01333465 _____ () C:\Users\RS\Desktop\AdwCleaner.exe
2014-06-07 01:00 - 2010-11-18 21:05 - 00000000 ____D () C:\Users\RS\AppData\Local\Paint.NET
2014-06-06 20:05 - 2014-06-06 20:05 - 00000882 _____ () C:\Users\RS\Desktop\Continue Zip Opener Installation.lnk
2014-06-06 20:03 - 2014-06-06 20:03 - 00678768 _____ ( ) C:\Users\RS\Desktop\ZipSetup.exe
2014-06-06 20:00 - 2014-06-06 20:00 - 00002269 _____ () C:\Users\RS\Desktop\JRT.txt
2014-06-06 19:54 - 2014-06-06 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-06 19:53 - 2014-06-06 19:53 - 01016261 _____ (Thisisu) C:\Users\RS\Desktop\JRT.exe
2014-06-06 18:55 - 2014-06-06 18:55 - 00004912 _____ () C:\Users\RS\Desktop\RKreport_SCN_06062014_185322.log
2014-06-06 18:49 - 2014-06-06 18:49 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-06 18:30 - 2013-02-28 01:14 - 00001202 _____ () C:\Users\RS\Desktop\match game.txt
2014-06-06 18:27 - 2014-06-06 18:26 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-06 18:26 - 2014-06-06 18:26 - 00000765 _____ () C:\Users\RS\Desktop\NTREGOPT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000746 _____ () C:\Users\RS\Desktop\ERUNT.lnk
2014-06-06 18:26 - 2014-06-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-06 18:21 - 2014-06-06 18:21 - 00003010 _____ () C:\Windows\System32\Tasks\{E5A7C055-7DEF-4335-8C65-3987F0AE7987}
2014-06-06 18:19 - 2014-06-06 18:19 - 00791393 _____ (Lars Hederer ) C:\Users\RS\Desktop\erunt-setup.exe
2014-06-06 18:18 - 2014-06-06 18:18 - 00002868 _____ () C:\Users\RS\Desktop\Rkill.txt
2014-06-06 18:17 - 2014-06-06 18:17 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\RS\Desktop\rkill.exe
2014-06-02 05:42 - 2014-06-02 05:42 - 00000182 _____ () C:\Users\RS\Desktop\New Text Document (3).txt
2014-06-01 02:43 - 2014-06-01 02:43 - 00010752 _____ () C:\Users\RS\Desktop\cell phone.xlr
2014-06-01 02:16 - 2014-06-01 01:19 - 00000338 _____ () C:\Users\RS\Desktop\New Text Document.txt
2014-05-30 06:53 - 2014-05-30 06:53 - 00000943 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 06:53 - 2014-05-30 06:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 06:49 - 2014-05-30 06:49 - 00315392 _____ (Malwarebytes Corporation) C:\Users\RS\Desktop\mbam-clean-2.0.2.0.exe
2014-05-30 06:39 - 2014-05-30 06:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\RS\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-30 03:09 - 2011-05-10 19:24 - 00000000 ____D () C:\Users\RS\Documents\all stuff as of 5-10-11
2014-05-29 00:50 - 2014-05-29 00:50 - 00000178 _____ () C:\ProgramData\SMRResults410.dat
2014-05-29 00:42 - 2013-09-01 11:22 - 00000000 ____D () C:\Users\RS\AppData\Local\NPE
2014-05-29 00:29 - 2014-05-02 07:58 - 00000000 ____D () C:\NPE
2014-05-28 23:28 - 2009-07-09 23:30 - 00000000 ____D () C:\ProgramData\Norton
2014-05-28 23:27 - 2014-05-28 23:27 - 03077584 ____N (Symantec Corporation) C:\Users\RS\Desktop\NPE.exe
2014-05-28 22:37 - 2011-02-03 20:17 - 00003072 _____ () C:\Windows\SysWOW64\Cache.db
2014-05-28 22:36 - 2014-05-28 22:36 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Norton Utilities 14
2014-05-28 11:53 - 2014-06-10 14:37 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 11:37 - 2014-06-10 14:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 11:35 - 2014-06-10 14:37 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 11:31 - 2014-06-10 14:37 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 11:31 - 2014-06-10 14:37 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 11:30 - 2014-06-10 14:37 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 11:30 - 2014-06-10 14:37 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 11:29 - 2014-06-10 14:37 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 11:29 - 2014-06-10 14:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 11:29 - 2014-06-10 14:37 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 11:29 - 2014-06-10 14:37 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 11:29 - 2014-06-10 14:37 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 11:29 - 2014-06-10 14:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 11:28 - 2014-06-10 14:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 11:28 - 2014-06-10 14:37 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 11:28 - 2014-06-10 14:37 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 11:28 - 2014-06-10 14:37 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 11:28 - 2014-06-10 14:37 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 11:28 - 2014-06-10 14:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 11:28 - 2014-06-10 14:37 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 11:27 - 2014-06-10 14:37 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 09:48 - 2014-06-10 14:37 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 09:39 - 2014-06-10 14:37 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 09:38 - 2014-06-10 14:37 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 09:33 - 2014-06-10 14:37 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 09:32 - 2014-06-10 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 09:32 - 2014-06-10 14:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 09:31 - 2014-06-10 14:37 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 09:31 - 2014-06-10 14:37 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 09:30 - 2014-06-10 14:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 09:30 - 2014-06-10 14:37 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 09:29 - 2014-06-10 14:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 09:29 - 2014-06-10 14:37 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 09:29 - 2014-06-10 14:37 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 09:29 - 2014-06-10 14:37 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 09:29 - 2014-06-10 14:37 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 09:28 - 2014-06-10 14:37 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-27 05:03 - 2010-11-03 19:28 - 00006144 _____ () C:\Users\RS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-26 22:34 - 2014-05-26 22:34 - 00000000 _____ () C:\Users\RS\Desktop\fi;e on ocean aor.txt
2014-05-23 16:24 - 2014-05-23 16:24 - 00000000 _____ () C:\Users\RS\Desktop\find hlepul kaiser fstull girl form.txt
2014-05-19 17:23 - 2014-05-19 17:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-05-19 17:17 - 2013-12-25 11:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-19 17:17 - 2013-12-25 11:40 - 00002632 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-19 17:17 - 2013-06-07 11:37 - 00003284 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-19 17:17 - 2013-06-07 11:36 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-05-19 13:41 - 2013-10-25 08:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-19 13:40 - 2014-05-19 13:39 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-17 14:01 - 2014-05-17 14:01 - 00000184 _____ () C:\Users\RS\Desktop\manual safe mode.txt
2014-05-16 17:33 - 2011-03-19 12:01 - 00000000 ____D () C:\Program Files\DivX
2014-05-16 17:33 - 2011-03-19 11:58 - 00000000 ____D () C:\ProgramData\DivX
2014-05-16 17:33 - 2011-03-19 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-16 08:41 - 2011-06-18 11:20 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-14 20:30 - 2014-05-14 20:29 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-05-14 20:29 - 2014-05-14 20:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-05-14 13:47 - 2014-05-14 12:12 - 00000000 ____D () C:\Program Files (x86)\Norton Utilities 14
2014-05-14 12:12 - 2014-05-14 12:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 14
2014-05-14 04:31 - 2013-12-17 23:02 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 04:31 - 2012-10-23 12:17 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 04:31 - 2012-06-15 12:15 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 13:32 - 2012-04-25 11:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-13 01:38 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-05-13 01:36 - 2013-12-25 11:37 - 00000831 _____ () C:\Users\RS\Desktop\Norton Installation Files.lnk
2014-05-13 01:35 - 2013-06-07 11:25 - 00000000 ____D () C:\Users\RS\AppData\Local\LogMeIn Rescue Applet
2014-05-13 01:35 - 2006-11-02 08:21 - 00320568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-13 01:32 - 2013-06-07 11:37 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-13 01:32 - 2013-06-07 11:37 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-13 01:31 - 2013-06-07 11:36 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-13 01:28 - 2014-05-13 01:28 - 00000000 ____D () C:\Users\Public\Downloads\Norton

Files to move or delete:
====================
C:\Users\RS\AppData\Roaming\desktop.ini
C:\ProgramData\SMRResults410.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 01:14

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01
Ran by RS at 2014-06-12 01:11:13
Running from C:\Users\RS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0213.2137 - )
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version:  - )
Canon MX310 series User Registration (HKLM-x32\...\Canon MX310 series User Registration) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0213.2138.38808 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help English (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help French (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help German (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0213.2137.38808 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
ccc-utility64 (Version: 2009.0213.2138.38808 - ATI) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0027 - Dell, Inc.)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.2.0.0 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
EMCGadgets64 (Version: 1.1.501 - Sonic) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Greener Web (HKLM\...\Greener Web) (Version: 2014.06.07.005323 - Greener Web) <==== ATTENTION
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Norton Utilities (HKLM-x32\...\Norton Utilities_is1) (Version: 14.5 - Symantec Corporation)
Paint.NET v3.5.6 (HKLM\...\{639673E9-D53F-44F4-A046-485C8A6ADA16}) (Version: 3.56.0 - dotPDN LLC)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier (HKLM-x32\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Creator Premier (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Premier 10 (x32 Version: 10.2.606 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler (x32 Version: 3.2 - Roxio) Hidden
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Sid Meier's Gettysburg! (HKLM-x32\...\Sid Meier's Gettysburg!) (Version:  - )
Sid Meier's Gettysburg! 2000/XP Compatibility Update (HKLM-x32\...\InstallShield_{E3FEF250-E968-4B4E-ACEB-5DAFAFF0EC30}) (Version: 1.00.0000 - FIRAXIS Games, Inc.)
Sid Meier's Gettysburg! 2000/XP Compatibility Update (x32 Version: 1.00.0000 - FIRAXIS Games, Inc.) Hidden
Skins (x32 Version: 2009.0213.2138.38808 - ATI) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}) (Version: 1.0 - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
WinRAR 4.00 beta 6 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.00.6 - win.rar GmbH)

==================== Restore Points  =========================

20-05-2014 22:35:30 Scheduled Checkpoint
21-05-2014 10:57:43 Scheduled Checkpoint
22-05-2014 15:36:48 Scheduled Checkpoint
23-05-2014 04:53:47 Scheduled Checkpoint
24-05-2014 00:49:19 Scheduled Checkpoint
25-05-2014 05:45:29 Scheduled Checkpoint
25-05-2014 22:48:45 Scheduled Checkpoint
26-05-2014 13:28:14 Scheduled Checkpoint
27-05-2014 23:21:33 Scheduled Checkpoint
28-05-2014 11:52:00 Scheduled Checkpoint
29-05-2014 07:40:14 Norton_Power_Eraser_20140529004014467
29-05-2014 23:30:07 Scheduled Checkpoint
30-05-2014 16:03:39 Scheduled Checkpoint
31-05-2014 04:49:38 Scheduled Checkpoint
31-05-2014 21:50:13 Scheduled Checkpoint
01-06-2014 22:41:15 Scheduled Checkpoint
02-06-2014 12:10:40 Scheduled Checkpoint
03-06-2014 01:56:10 Scheduled Checkpoint
03-06-2014 22:35:09 Scheduled Checkpoint
06-06-2014 00:44:59 Scheduled Checkpoint
07-06-2014 00:42:30 Scheduled Checkpoint
07-06-2014 23:11:43 Scheduled Checkpoint
08-06-2014 20:09:27 Scheduled Checkpoint
09-06-2014 15:27:07 Scheduled Checkpoint
10-06-2014 07:41:18 Scheduled Checkpoint
10-06-2014 09:18:58 Removed Java 7 Update 55
10-06-2014 09:21:38 Removed Java 6 Update 13 (64-bit)
10-06-2014 09:22:31 Removed Java 6 Update 31
10-06-2014 09:23:46 Removed JavaFX 2.1.1
11-06-2014 04:15:28 Scheduled Checkpoint
11-06-2014 10:00:12 Windows Update
12-06-2014 01:52:07 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:34 - 2014-06-10 14:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {047B5C21-24EA-43B3-9861-F7B6BF2684D3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1917137902-2755131890-4101174463-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {07184902-7DB2-4339-ACCB-38CF8972FA2A} - System32\Tasks\alarm 2 => C:\Users\RS\Desktop\Linked up\music\hang ten\09 Hang Ten In East Berlin.mp3 [2012-08-12] ()
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {186D925E-B3D7-4B61-85F9-57D3F937D02B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1C282E67-0C83-4A41-B75B-16EBAA0E4BFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-04] (Google Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4B0F468C-B0C4-4377-AE76-84D0069BCEA7} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1917137902-2755131890-4101174463-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4B3968E7-792D-4B3B-BAF1-C55BED66C665} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {55505E22-6B3B-44BA-A371-74FF96451BF1} - \Digital Sites No Task File <==== ATTENTION
Task: {56B09ECA-DAF8-4501-B34F-3455F803EFB7} - \Advanced System Protector No Task File <==== ATTENTION
Task: {58861CE6-C1AE-4EFE-A885-07A2EF232046} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {58B5B1B8-3453-499B-A184-30ABED01018E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7E3A0BC3-8B30-4528-971F-065428223E23} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {84C0BFA6-8152-40E3-BA67-17D5918CD439} - System32\Tasks\Alarm => C:\Users\RS\Desktop\Linked up\music\hang ten\09 Hang Ten In East Berlin.mp3 [2012-08-12] ()
Task: {A40CF4D0-EA8A-40F9-A58C-F0CA87C45E0D} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {A6059538-5776-4A91-AB02-1260D21BDC9D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - RS => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {D4C3C13E-D84A-4120-BB9F-5E751FA4FA2E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DF8AAB10-DCE9-4D2E-9B05-1E4015219EEC} - \RegClean Pro No Task File <==== ATTENTION
Task: {E082D859-AFEF-42B4-B8CE-280555557989} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {E7336EDF-3DA9-43CE-A4FF-F433B0E8A854} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-04] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F2667DDF-1BE3-4D40-B2A4-433FCC14E0A1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-07-10 02:41 - 2009-03-30 04:24 - 00120320 _____ () C:\Windows\system32\atitmm64.dll
2014-06-06 17:53 - 2014-06-06 17:53 - 00317728 _____ () C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe
2010-08-08 04:23 - 2006-09-20 08:35 - 00020480 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
2010-08-08 04:23 - 2006-10-30 16:59 - 00024576 _____ () C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
2009-04-09 13:29 - 2009-04-09 13:29 - 01762032 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-07-09 23:28 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-07-09 23:18 - 2009-07-09 23:18 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-25 07:19 - 2008-11-25 07:19 - 01193472 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2008-11-18 09:00 - 2008-11-18 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-09 23:15 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2009-07-09 23:15 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-08-26 05:29 - 2009-08-26 05:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00263920 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00132336 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-04-09 13:29 - 2009-04-09 13:29 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
AlternateDataStreams: C:\ProgramData\TEMP:D287FACF

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 01:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 00:59:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 04:47:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 04:02:31 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/11/2014 11:00:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 10:25:09 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/11/2014 03:24:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 06:58:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 01:05:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: RS-PC)
Description: Product: Microsoft Fix it 50688 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (06/10/2014 00:57:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: RS-PC)
Description: Product: Microsoft Fix it 50688 -- This Microsoft Fix it does not apply to your operating system or application version.


System errors:
=============
Error: (06/12/2014 01:09:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (06/12/2014 01:09:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3

Error: (06/12/2014 01:09:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dock Login Service%%2

Error: (06/12/2014 00:59:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (06/12/2014 00:59:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SessionLauncher%%3

Error: (06/12/2014 00:59:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dock Login Service%%2

Error: (06/11/2014 10:12:05 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/11/2014 10:02:02 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/11/2014 09:52:02 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.

Error: (06/11/2014 09:42:00 PM) (Source: netbt) (EventID: 4321) (User: )
Description: The name "MARK-PC        :0" could not be registered on the interface with IP address 192.168.0.3.
The computer with the IP address 192.168.0.5 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (06/12/2014 01:09:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 00:59:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 04:47:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 04:02:31 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/11/2014 11:00:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/11/2014 10:25:09 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/11/2014 03:24:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 06:58:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2014 01:05:16 PM) (Source: MsiInstaller) (EventID: 10005) (User: RS-PC)
Description: Product: Microsoft Fix it 50688 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)

Error: (06/10/2014 00:57:36 PM) (Source: MsiInstaller) (EventID: 10005) (User: RS-PC)
Description: Product: Microsoft Fix it 50688 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-06-12 01:11:07.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:07.359
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:07.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:07.021
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:06.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:06.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:06.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:06.265
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:06.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-12 01:11:05.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6134.07 MB
Available physical RAM: 4422.5 MB
Total Pagefile: 12379.68 MB
Available Pagefile: 10586.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.57 GB) (Free:524.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: C8000000)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=684 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Results of screen317's Security Check version 0.99.84  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

  • Root Admin

It's getting late for me so I'll check back on you again sometime tomorrow but please go ahead and run the following and post back the new log when ready.

 


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.