Malwarebytes cannot open due to software restriction

[Holgate]

I saw this answered a while ago but it said it may be computer specific.

Where do I start?

Thanks,

Adam

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

  

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

•  

   

• Double-click to run it. When the tool opens click Yes to disclaimer.

   

   

• Press Scan button.

   

   

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

   

   

• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

   

   

 

 

Kevin....

[Holgate]

Thanks, here are the logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by User (administrator) on USER-0958A0D5DF on 18-06-2014 10:09:13
Running from C:\Documents and Settings\User\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsaft Corporation) C:\WINDOWS\system32\ocykle.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(alch) C:\Program Files\ClamWin\bin\ClamTray.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Microsaft Corporation) C:\Documents and Settings\User\Application Data\Wuixonis\ukhoob.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ClamWin] => C:\Program Files\ClamWin\bin\ClamTray.exe [86016 2011-02-16] (alch)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [befukocsejyr] => C:\Documents and Settings\All Users\befukocsejyr.exe [64000 2014-06-15] ()
HKLM\...\Run: [Regedit32] => C:\WINDOWS\system32\regedit.exe
HKLM\...\Run: [byonky] => C:\Documents and Settings\User\Application Data\Wuixonis\ukhoob.exe [293417 2013-02-15] (Microsaft Corporation)
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1482476501-2111687655-725345543-1003\...\Run: [byonky] => C:\Documents and Settings\User\Application Data\Wuixonis\ukhoob.exe [293417 2013-02-15] (Microsaft Corporation)
HKU\S-1-5-21-1482476501-2111687655-725345543-1003\...\Run: [wtwxqzg] => regsvr32.exe "C:\Documents and Settings\All Users\Application Data\wtwxqzg.dat"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\hofue.exe (Microsaft Corporation)
Startup: C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\caiz.exe (Microsaft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Default Value = {fa887e92-8f5f-4ec9-99ca-09be0e4120d6}
URLSearchHook: HKCU - FCToolbarURLSearchHook Class - {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {B2F28366-C93E-4A31-99CA-6DE1DF53585A} URL = http://search.yahoo.com/search?type=61107&fr=freecause&ei=utf-8&p={searchTerms}
BHO: AddThis Toolbar BHO - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKLM - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
Toolbar: HKCU - AddThis Toolbar - {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - C:\Program Files\AddThis Toolbar\Toolbar.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wxcs620d.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: RTP Class - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wxcs620d.default\Extensions\{06BFB7D6-7646-E081-A7FA-E4C998D562CD} [2014-05-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2013-07-26]
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

========================== Services (Whitelisted) =================

R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [404992 2009-02-09] (Microsoft Corporation) [File not signed]
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [404992 2009-02-09] (Microsoft Corporation) [File not signed]
R2 SecurityCenterServer1344186186; C:\Documents and Settings\User\Application Data\Wuixonis\ukhoob.exe [293417 2013-02-15] (Microsaft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 DM150Drv; C:\WINDOWS\System32\DRIVERS\DM150Drv.sys [20600 2010-07-30] (Pitney Bowes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105088 2006-06-28] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [58368 2006-11-27] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [19968 2006-11-27] (NVIDIA Corporation)
S1 dymerqjl; \??\C:\WINDOWS\system32\drivers\dymerqjl.sys [X]
S4 IntelIde; No ImagePath
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-18 10:08 - 2014-06-18 10:09 - 00000000 ____D () C:\FRST
2014-06-17 16:41 - 2014-06-17 16:41 - 00000624 _____ () C:\Documents and Settings\User\Desktop\Shortcut to RogueKiller.lnk
2014-06-17 16:41 - 2014-06-17 16:41 - 00000619 _____ () C:\Documents and Settings\User\Desktop\Shortcut to AdwCleaner.lnk
2014-06-17 16:41 - 2014-06-17 16:41 - 00000578 _____ () C:\Documents and Settings\User\Desktop\Shortcut to JRT.lnk
2014-06-17 14:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-17 14:58 - 2014-06-17 14:59 - 00000000 ____D () C:\AdwCleaner
2014-06-17 14:53 - 2014-06-17 14:53 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-17 14:33 - 2014-06-17 14:33 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-17 14:33 - 2014-06-17 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-06-16 10:18 - 2014-06-16 10:18 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\G001
2014-06-16 10:18 - 2014-06-16 10:18 - 00000000 ____D () C:\Documents and Settings\User\Application Data\G001
2014-06-16 10:06 - 2014-06-16 10:06 - 00047616 ___SH () C:\Documents and Settings\User\puzypvygogeh.exe
2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Wuixonis
2014-06-16 10:02 - 2014-06-15 19:55 - 00064000 _____ () C:\Documents and Settings\User\befukocsejyr.exe
2014-06-16 10:02 - 2013-02-15 20:57 - 00293417 _____ (Microsaft Corporation) C:\WINDOWS\system32\ocykle.exe
2014-06-15 20:29 - 2014-06-15 20:29 - 00008180 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:29 - 2014-06-15 20:29 - 00004134 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:29 - 2014-06-15 20:29 - 00000264 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:08 - 2014-06-15 20:08 - 00008180 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:08 - 2014-06-15 20:08 - 00004134 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:08 - 2014-06-15 20:08 - 00000264 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 19:56 - 2014-06-15 19:56 - 00242568 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\wtwxqzg.dat
2014-06-15 19:55 - 2014-06-15 19:55 - 00064000 _____ () C:\Documents and Settings\All Users\befukocsejyr.exe
2014-06-12 13:32 - 2014-06-13 11:48 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-07 10:22 - 2014-06-11 10:18 - 00028672 _____ () C:\WINDOWS\system32\oemeii.lsl
2014-06-04 10:55 - 2014-06-04 10:55 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\LogMeInIgnition
2014-05-26 10:46 - 2014-06-15 20:12 - 00031768 _____ () C:\Documents and Settings\User\My Documents\Letter - Tyson (Family Services) 2.odt

==================== One Month Modified Files and Folders =======

2014-06-18 10:09 - 2014-06-18 10:08 - 00000000 ____D () C:\FRST
2014-06-18 10:09 - 2011-04-13 21:02 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-06-18 10:02 - 2011-04-14 09:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 09:48 - 2014-05-05 15:26 - 00000079 _____ () C:\WINDOWS\system32\fugb.nzp
2014-06-18 09:45 - 2012-04-03 17:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-18 08:56 - 2013-03-13 13:55 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-18 08:45 - 2012-03-13 20:50 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-18 06:56 - 2013-11-15 15:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-06-18 04:01 - 2012-03-13 20:49 - 02052184 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 02:06 - 2011-04-13 20:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-18 02:04 - 2014-04-02 21:41 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-06-17 17:01 - 2011-04-14 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-06-17 16:41 - 2014-06-17 16:41 - 00000624 _____ () C:\Documents and Settings\User\Desktop\Shortcut to RogueKiller.lnk
2014-06-17 16:41 - 2014-06-17 16:41 - 00000619 _____ () C:\Documents and Settings\User\Desktop\Shortcut to AdwCleaner.lnk
2014-06-17 16:41 - 2014-06-17 16:41 - 00000578 _____ () C:\Documents and Settings\User\Desktop\Shortcut to JRT.lnk
2014-06-17 15:01 - 2012-03-13 20:50 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-06-17 15:01 - 2012-03-13 20:50 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-06-17 15:01 - 2011-04-13 20:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 15:00 - 2011-04-13 21:02 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-06-17 14:59 - 2014-06-17 14:58 - 00000000 ____D () C:\AdwCleaner
2014-06-17 14:53 - 2014-06-17 14:53 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-17 14:33 - 2014-06-17 14:33 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-17 14:33 - 2014-06-17 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-06-17 14:07 - 2013-07-26 11:28 - 00000000 ____D () C:\BusinessVision
2014-06-16 20:31 - 2001-08-23 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-16 19:46 - 2011-04-14 13:06 - 00000000 ____D () C:\WINDOWS\system32\Tools
2014-06-16 13:17 - 2011-04-13 16:28 - 00000245 ___SH () C:\boot.ini
2014-06-16 10:18 - 2014-06-16 10:18 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\G001
2014-06-16 10:18 - 2014-06-16 10:18 - 00000000 ____D () C:\Documents and Settings\User\Application Data\G001
2014-06-16 10:06 - 2014-06-16 10:06 - 00047616 ___SH () C:\Documents and Settings\User\puzypvygogeh.exe
2014-06-16 10:02 - 2014-06-16 10:02 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Wuixonis
2014-06-15 20:29 - 2014-06-15 20:29 - 00008180 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:29 - 2014-06-15 20:29 - 00004134 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:29 - 2014-06-15 20:29 - 00000264 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-06-15 20:29 - 2013-07-26 11:38 - 00000000 ____D () C:\PVSW
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00008180 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00004134 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\User\My Documents\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\User\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2014-06-15 20:28 - 00000264 _____ () C:\Documents and Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:28 - 2013-04-15 13:09 - 00011544 _____ () C:\Documents and Settings\User\My Documents\Wholesale Letter.odt
2014-06-15 20:28 - 2013-04-15 13:00 - 00010264 _____ () C:\Documents and Settings\User\My Documents\Winter Tire Booking.Cover Letter.odt
2014-06-15 20:28 - 2013-04-08 14:18 - 00016152 _____ () C:\Documents and Settings\User\My Documents\Winter Tire Booking.ods
2014-06-15 20:28 - 2013-03-07 08:57 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Website
2014-06-15 20:28 - 2012-06-29 11:32 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Wilson Tire & Battery
2014-06-15 20:28 - 2012-06-25 17:00 - 00009240 _____ () C:\Documents and Settings\User\My Documents\Winter Conversion Chart.ods
2014-06-15 20:28 - 2012-01-27 13:50 - 00023320 _____ () C:\Documents and Settings\User\My Documents\WHOLESALE COVER LETTER.odt
2014-06-15 20:27 - 2014-04-02 10:46 - 00052504 _____ () C:\Documents and Settings\User\My Documents\Torque Stop Sign.odt
2014-06-15 20:27 - 2013-10-08 11:26 - 00011544 _____ () C:\Documents and Settings\User\My Documents\Terpstra Quote - Oct 2013.odt
2014-06-15 20:27 - 2013-05-01 15:05 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Purolator
2014-06-15 20:27 - 2013-04-01 15:17 - 00011800 _____ () C:\Documents and Settings\User\My Documents\Retail Service Work Orders.odt
2014-06-15 20:27 - 2013-03-28 13:50 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Trican National
2014-06-15 20:27 - 2013-03-14 16:03 - 00010776 _____ () C:\Documents and Settings\User\My Documents\Untitled 3.odt
2014-06-15 20:27 - 2013-03-07 10:48 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Probec
2014-06-15 20:27 - 2013-01-23 17:19 - 00012056 _____ () C:\Documents and Settings\User\My Documents\Tube Booking 2013.ods
2014-06-15 20:27 - 2012-09-20 11:39 - 00009752 _____ () C:\Documents and Settings\User\My Documents\Tire Storage Data.ods
2014-06-15 20:27 - 2012-06-26 17:01 - 00012824 _____ () C:\Documents and Settings\User\My Documents\REZB.ods
2014-06-15 20:27 - 2012-04-20 15:27 - 00023320 _____ () C:\Documents and Settings\User\My Documents\Raham.ods
2014-06-15 20:27 - 2012-04-13 13:21 - 00009752 _____ () C:\Documents and Settings\User\My Documents\Statement Cover.odt
2014-06-15 20:27 - 2012-03-14 17:37 - 00010520 _____ () C:\Documents and Settings\User\My Documents\Rez Letter.odt
2014-06-15 20:27 - 2011-04-14 09:23 - 00015640 _____ () C:\Documents and Settings\User\My Documents\Release Letter.odt
2014-06-15 20:27 - 2011-04-14 09:23 - 00010776 _____ () C:\Documents and Settings\User\My Documents\Trican Order.ods
2014-06-15 20:26 - 2013-04-23 09:21 - 00000000 ____D () C:\Documents and Settings\User\My Documents\NATIONAL ACCOUNT PROCEDURES
2014-06-15 20:26 - 2013-03-27 08:58 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Postings
2014-06-15 20:26 - 2013-03-21 13:33 - 00000000 ____D () C:\Documents and Settings\User\My Documents\NATIONAL ACCOUNTS
2014-06-15 20:26 - 2013-03-21 13:30 - 00012568 _____ () C:\Documents and Settings\User\My Documents\NATIONAL ACCOUNTS.ods
2014-06-15 20:26 - 2013-03-19 13:14 - 00012056 _____ () C:\Documents and Settings\User\My Documents\OTS FEE CHART.odt
2014-06-15 20:26 - 2013-03-13 11:22 - 00000000 ____D () C:\Documents and Settings\User\My Documents\OTS
2014-06-15 20:26 - 2012-05-15 14:39 - 00012056 _____ () C:\Documents and Settings\User\My Documents\OTR IND TRUCK BIAS TUBES.ods
2014-06-15 20:13 - 2011-12-09 17:36 - 00009496 _____ () C:\Documents and Settings\User\My Documents\MSDS BLANK.odt
2014-06-15 20:13 - 2011-04-14 09:23 - 00069912 _____ () C:\Documents and Settings\User\My Documents\Michelin Invoice.odt
2014-06-15 20:12 - 2014-05-26 10:46 - 00031768 _____ () C:\Documents and Settings\User\My Documents\Letter - Tyson (Family Services) 2.odt
2014-06-15 20:12 - 2013-09-23 13:24 - 00018456 _____ () C:\Documents and Settings\User\My Documents\Holgate Tire Financials II.ods
2014-06-15 20:12 - 2013-09-23 13:10 - 00019480 _____ () C:\Documents and Settings\User\My Documents\Holgate Tire Financials I.ods
2014-06-15 20:12 - 2013-09-23 11:07 - 00031512 _____ () C:\Documents and Settings\User\My Documents\Letter - Tyson (Family Services).odt
2014-06-15 20:12 - 2013-08-29 17:25 - 00013336 _____ () C:\Documents and Settings\User\My Documents\Holiday Policy.odt
2014-06-15 20:12 - 2013-03-13 15:18 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Medigas
2014-06-15 20:12 - 2013-03-13 11:22 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Logo's
2014-06-15 20:12 - 2013-03-07 16:16 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Macpek
2014-06-15 20:12 - 2013-02-06 12:26 - 00049432 _____ () C:\Documents and Settings\User\My Documents\Holgate Tire Firestone Tubes Feb 2013-2.ods
2014-06-15 20:12 - 2012-07-27 12:55 - 00207640 _____ () C:\Documents and Settings\User\My Documents\Hydro One Fleet Survey Dec 2009.xls
2014-06-15 20:12 - 2012-06-07 09:38 - 00025880 _____ () C:\Documents and Settings\User\My Documents\Holgate Mazda-1.ods
2014-06-15 20:12 - 2011-10-04 11:11 - 00013336 _____ () C:\Documents and Settings\User\My Documents\Jack Inspection List.odt
2014-06-15 20:12 - 2011-04-14 09:23 - 00070424 _____ () C:\Documents and Settings\User\My Documents\Kiwanis Coupon.odt
2014-06-15 20:12 - 2011-04-14 09:23 - 00034072 _____ () C:\Documents and Settings\User\My Documents\Loyalist Coupon.odt
2014-06-15 20:12 - 2011-04-14 09:23 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Holgate Files
2014-06-15 20:10 - 2013-10-04 12:08 - 00032024 _____ () C:\Documents and Settings\User\My Documents\Customer Satisfaction Survey.odt
2014-06-15 20:10 - 2013-04-15 16:23 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Crestline
2014-06-15 20:10 - 2013-03-27 10:23 - 00450072 _____ () C:\Documents and Settings\User\My Documents\CLASSIC CARS.odt
2014-06-15 20:10 - 2013-03-25 14:22 - 00042776 _____ () C:\Documents and Settings\User\My Documents\Ford Winter Booking 2013 2014.odt
2014-06-15 20:10 - 2013-03-13 11:24 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Certificates
2014-06-15 20:10 - 2013-03-12 14:19 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Credit References
2014-06-15 20:10 - 2013-03-08 13:26 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Canada Supply
2014-06-15 20:10 - 2013-03-04 12:22 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Canpar
2014-06-15 20:10 - 2013-03-04 11:57 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Canpar Invoices
2014-06-15 20:10 - 2012-08-09 11:23 - 00012312 _____ () C:\Documents and Settings\User\My Documents\CANPAR YARD CHECK.ods
2014-06-15 20:10 - 2012-05-17 12:43 - 00009496 _____ () C:\Documents and Settings\User\My Documents\Early Payment Discount.ods
2014-06-15 20:10 - 2012-05-15 15:45 - 00012824 _____ () C:\Documents and Settings\User\My Documents\FARM TUBES.ods
2014-06-15 20:10 - 2012-05-15 12:08 - 00012824 _____ () C:\Documents and Settings\User\My Documents\garden ind trailer tubes.ods
2014-06-15 20:10 - 2012-03-23 10:55 - 00048920 _____ () C:\Documents and Settings\User\My Documents\BSTN WINTER TIRE ORDER FORM 2012.ods
2014-06-15 20:10 - 2012-02-09 12:15 - 00009240 _____ () C:\Documents and Settings\User\My Documents\First Aid Kit.ods
2014-06-15 20:10 - 2012-01-26 15:53 - 00009240 _____ () C:\Documents and Settings\User\My Documents\HERC WINTER RETURNS.ods
2014-06-15 20:10 - 2011-12-15 17:30 - 00002584 _____ () C:\Documents and Settings\User\My Documents\Hercules Tire Catalogue DEC 11.eml
2014-06-15 20:10 - 2011-12-01 10:09 - 00014872 _____ () C:\Documents and Settings\User\My Documents\Calls.odt
2014-06-15 20:10 - 2011-10-25 16:57 - 00010776 _____ () C:\Documents and Settings\User\My Documents\Canpar Service Work Order.odt
2014-06-15 20:10 - 2011-10-14 13:44 - 00011544 _____ () C:\Documents and Settings\User\My Documents\FLEET WORK ORDERS.odt
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00008180 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00004134 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2014-06-15 20:09 - 00000264 _____ () C:\Documents and Settings\User\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:09 - 2013-10-17 14:31 - 00011288 _____ () C:\Documents and Settings\User\My Documents\2013 Herc Winter Booking.ods
2014-06-15 20:09 - 2013-09-06 10:59 - 00017688 _____ () C:\Documents and Settings\User\My Documents\2013 WINTER BOOKING.ods
2014-06-15 20:09 - 2013-06-11 11:18 - 00032024 _____ () C:\Documents and Settings\User\My Documents\Birthday Coupon.odt
2014-06-15 20:09 - 2013-03-13 11:26 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Bridgestone Firestone
2014-06-15 20:09 - 2013-01-23 10:55 - 02457112 _____ () C:\Documents and Settings\User\My Documents\2013 spring plt 38+5-1.ods
2014-06-15 20:09 - 2013-01-10 11:40 - 00016920 _____ () C:\Documents and Settings\User\My Documents\2013 TOYO ANALYSIS.ods
2014-06-15 20:09 - 2012-12-14 15:41 - 00010520 _____ () C:\Documents and Settings\User\My Documents\2013 FASTSTART PROGRAM.ods
2014-06-15 20:09 - 2012-10-10 15:06 - 00013592 _____ () C:\Documents and Settings\User\My Documents\2012 Herc Winter Tire Booking.ods
2014-06-15 20:09 - 2012-07-04 08:56 - 00038680 _____ () C:\Documents and Settings\User\Desktop\HOLGATE.xls
2014-06-15 20:09 - 2012-02-09 10:33 - 00009240 _____ () C:\Documents and Settings\User\My Documents\BLANK ORDER FORM.ods
2014-06-15 20:09 - 2012-01-06 10:59 - 00010264 _____ () C:\Documents and Settings\User\My Documents\BLANK.odt
2014-06-15 20:09 - 2011-12-30 17:56 - 00010264 _____ () C:\Documents and Settings\User\My Documents\BLANK CALL SHEET.odt
2014-06-15 20:09 - 2011-10-14 13:35 - 00011288 _____ () C:\Documents and Settings\User\My Documents\BIONICHE WORK ORDER.odt
2014-06-15 20:09 - 2011-06-21 17:24 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\Google
2014-06-15 20:09 - 2011-05-26 13:59 - 00000000 ____D () C:\Documents and Settings\User\My Documents\Bioniche
2014-06-15 20:09 - 2011-05-04 16:59 - 00000000 ____D () C:\Documents and Settings\User\Application Data\OpenOffice.org
2014-06-15 20:09 - 2011-05-03 17:41 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Thunderbird
2014-06-15 20:08 - 2014-06-15 20:08 - 00008180 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:08 - 2014-06-15 20:08 - 00004134 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:08 - 2014-06-15 20:08 - 00000264 _____ () C:\Documents and Settings\NetworkService\DECRYPT_INSTRUCTION.URL
2014-06-15 20:08 - 2011-05-03 17:41 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Mozilla
2014-06-15 20:08 - 2011-05-03 17:40 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Adobe
2014-06-15 20:08 - 2011-04-14 09:41 - 00000000 ____D () C:\Documents and Settings\User\Application Data\Malwarebytes
2014-06-15 20:08 - 2011-04-13 20:48 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LogMeInRemoteUser\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00008180 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.HTML
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00004134 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.TXT
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LogMeInRemoteUser\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\LocalService\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Local Settings\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\Default User\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\All Users\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-06-15 20:03 - 00000264 _____ () C:\Documents and Settings\All Users\Application Data\DECRYPT_INSTRUCTION.URL
2014-06-15 20:03 - 2014-03-05 12:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Pitney Bowes
2014-06-15 20:03 - 2011-04-13 20:50 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-06-15 20:02 - 2011-04-14 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-15 20:02 - 2011-04-14 09:41 - 00000000 ____D () C:\Documents and Settings\All Users\.clamwin
2014-06-15 19:56 - 2014-06-15 19:56 - 00242568 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\wtwxqzg.dat
2014-06-15 19:55 - 2014-06-16 10:02 - 00064000 _____ () C:\Documents and Settings\User\befukocsejyr.exe
2014-06-15 19:55 - 2014-06-15 19:55 - 00064000 _____ () C:\Documents and Settings\All Users\befukocsejyr.exe
2014-06-13 11:48 - 2014-06-12 13:32 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-06-12 13:24 - 2011-05-04 09:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951978$
2014-06-11 10:26 - 2011-04-14 09:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-11 10:18 - 2014-06-07 10:22 - 00028672 _____ () C:\WINDOWS\system32\oemeii.lsl
2014-06-11 10:18 - 2014-05-05 15:15 - 00000067 _____ () C:\WINDOWS\system32\kmcv.tto
2014-06-11 10:15 - 2012-04-03 17:07 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-11 10:15 - 2011-07-08 18:08 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-07 11:13 - 2014-03-03 12:19 - 00000000 ____D () C:\Program Files\LogMeIn
2014-06-07 11:12 - 2014-03-03 12:20 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-06-07 11:12 - 2014-03-03 12:20 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-06-07 11:12 - 2014-03-03 12:19 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-06-05 23:21 - 2014-03-10 22:15 - 00000178 ___SH () C:\Documents and Settings\LogMeInRemoteUser\ntuser.ini
2014-06-04 10:55 - 2014-06-04 10:55 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Application Data\LogMeInIgnition

ZeroAccess:
C:\RECYCLER\S-1-5-21-1482476501-2111687655-725345543-1003\$c97078493e91df6d23d81018052034cc

Files to move or delete:
====================
C:\Documents and Settings\All Users\befukocsejyr.exe
C:\Documents and Settings\LocalService\5101606.dll
C:\Documents and Settings\LocalService\8737063.dll
C:\Documents and Settings\NetworkService\acrobat.exe
C:\Documents and Settings\NetworkService\acrobatreader.exe
C:\Documents and Settings\NetworkService\acrobatreader758443.exe
C:\Documents and Settings\NetworkService\alg.exe
C:\Documents and Settings\NetworkService\alg321907.exe
C:\Documents and Settings\NetworkService\alg673220.exe
C:\Documents and Settings\NetworkService\alg742776.exe
C:\Documents and Settings\NetworkService\alg969659.exe
C:\Documents and Settings\NetworkService\chrome333406.exe
C:\Documents and Settings\NetworkService\chrome663354.exe
C:\Documents and Settings\NetworkService\csrss803698.exe
C:\Documents and Settings\NetworkService\ctfmon13590.exe
C:\Documents and Settings\NetworkService\ctfmon583733.exe
C:\Documents and Settings\NetworkService\ctfmon798187.exe
C:\Documents and Settings\NetworkService\firefox750525.exe
C:\Documents and Settings\NetworkService\flashplayer.exe
C:\Documents and Settings\NetworkService\googleupdate362825.exe
C:\Documents and Settings\NetworkService\icq.exe
C:\Documents and Settings\NetworkService\icq491316.exe
C:\Documents and Settings\NetworkService\icq834793.exe
C:\Documents and Settings\NetworkService\java110558.exe
C:\Documents and Settings\NetworkService\java309295.exe
C:\Documents and Settings\NetworkService\java436387.exe
C:\Documents and Settings\NetworkService\jqs730556.exe
C:\Documents and Settings\NetworkService\jucheck.exe
C:\Documents and Settings\NetworkService\jucheck310612.exe
C:\Documents and Settings\NetworkService\jucheck692612.exe
C:\Documents and Settings\NetworkService\mstsc538202.exe
C:\Documents and Settings\NetworkService\mstsc573023.exe
C:\Documents and Settings\NetworkService\notepad.exe
C:\Documents and Settings\NetworkService\opera.exe
C:\Documents and Settings\NetworkService\opera227098.exe
C:\Documents and Settings\NetworkService\opera405910.exe
C:\Documents and Settings\NetworkService\opera741856.exe
C:\Documents and Settings\NetworkService\skype.exe
C:\Documents and Settings\NetworkService\spoolsv659595.exe
C:\Documents and Settings\NetworkService\teamviewer.exe
C:\Documents and Settings\NetworkService\teamviewer146143.exe
C:\Documents and Settings\NetworkService\teamviewer184873.exe
C:\Documents and Settings\NetworkService\teamviewer522576.exe
C:\Documents and Settings\NetworkService\teamviewer845689.exe
C:\Documents and Settings\NetworkService\teamviewer9455.exe
C:\Documents and Settings\NetworkService\windowsupdate100842.exe
C:\Documents and Settings\NetworkService\winlogon36219.exe
C:\Documents and Settings\NetworkService\winlogon437268.exe
C:\Documents and Settings\NetworkService\winlogon875014.exe
C:\Documents and Settings\User\befukocsejyr.exe
C:\Documents and Settings\User\puzypvygogeh.exe

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-1418b4e9.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-7e75d6c7.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a64dac3d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f005b694.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ffcf77d8.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 01:56] - [2009-02-09 08:10] - 0404992 ____A (Microsoft Corporation) ecd6144933785e4b917c4ef9d96908ba

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by User at 2014-06-18 10:10:25
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

AddThis Toolbar (HKLM\...\AddThis Toolbar) (Version: 1.514 - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-795CW (HKLM\...\{0A02D347-5E53-48A5-BC49-1469393103FA}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
ClamWin Free Antivirus 0.97 (HKLM\...\ClamWin Free Antivirus_is1) (Version:  - alch)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LogMeIn (HKLM\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 5.0 (x86 en-US) (HKLM\...\Mozilla Firefox 5.0 (x86 en-US)) (Version: 5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PC Meter Connect (HKLM\...\{D39BAE47-1B85-41F6-9348-44E965009B56}) (Version: 05.00.0056.0000 - Pitney Bowes)
Pervasive.SQL 9.60 Workgroup for Windows (HKLM\...\{D8C0330E-C815-4C6F-9BFD-0FD570155790}) (Version: 9.60.016.000 - Pervasive Software Inc. )
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.02.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5443 - Realtek Semiconductor Corp.)
Sage BusinessVision Report Designer (Version: 1.00.0000 - BusinessVision Inc.) Hidden
Sage BusinessVision Small Business Edition (remove only) (HKLM\...\{F41E5436-9C37-45AF-909F-B379679FE8ED}) (Version: 7.2 - Sage Software)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TPMS Desktop (HKCU\...\a4d9d3c6b1d35f3d) (Version: 2.0.0.1 - Bartec)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Pitney Bowes (DM150Drv) USB  (07/04/2010 2.0.1.5) (HKLM\...\BD561D5D94E7AFC181BE8A098D2EC2B90BD07068) (Version: 07/04/2010 2.0.1.5 - Pitney Bowes)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

27-04-2014 14:47:44 Software Distribution Service 3.0
28-04-2014 05:34:08 Software Distribution Service 3.0
28-04-2014 14:48:26 Software Distribution Service 3.0
29-04-2014 05:35:27 Software Distribution Service 3.0
30-04-2014 05:35:23 Software Distribution Service 3.0
30-04-2014 14:48:07 Software Distribution Service 3.0
01-05-2014 05:54:59 Software Distribution Service 3.0
01-05-2014 15:05:33 Software Distribution Service 3.0
02-05-2014 05:54:31 Software Distribution Service 3.0
02-05-2014 15:06:01 Software Distribution Service 3.0
03-05-2014 05:53:47 Software Distribution Service 3.0
03-05-2014 07:00:16 Software Distribution Service 3.0
03-05-2014 15:05:31 Software Distribution Service 3.0
04-05-2014 05:53:37 Software Distribution Service 3.0
04-05-2014 15:05:41 Software Distribution Service 3.0
05-05-2014 05:53:34 Software Distribution Service 3.0
06-05-2014 05:47:02 Software Distribution Service 3.0
07-05-2014 06:24:41 System Checkpoint
07-05-2014 06:25:21 Software Distribution Service 3.0
07-05-2014 07:12:27 Software Distribution Service 3.0
07-05-2014 11:15:13 Software Distribution Service 3.0
07-05-2014 20:37:09 Software Distribution Service 3.0
09-05-2014 18:10:16 System Checkpoint
12-05-2014 17:08:37 System Checkpoint
13-05-2014 18:01:35 System Checkpoint
14-05-2014 18:35:19 System Checkpoint
15-05-2014 07:00:14 Software Distribution Service 3.0
16-05-2014 07:53:32 System Checkpoint
17-05-2014 08:26:13 System Checkpoint
18-05-2014 09:26:12 System Checkpoint
19-05-2014 10:26:12 System Checkpoint
20-05-2014 11:26:12 System Checkpoint
21-05-2014 12:20:55 System Checkpoint
22-05-2014 13:20:55 System Checkpoint
23-05-2014 14:20:55 System Checkpoint
24-05-2014 15:20:53 System Checkpoint
25-05-2014 16:20:53 System Checkpoint
26-05-2014 17:16:45 System Checkpoint
27-05-2014 17:21:52 System Checkpoint
28-05-2014 17:42:24 System Checkpoint
29-05-2014 19:04:23 System Checkpoint
30-05-2014 19:25:18 System Checkpoint
31-05-2014 20:20:35 System Checkpoint
01-06-2014 21:20:35 System Checkpoint
02-06-2014 22:20:35 System Checkpoint
03-06-2014 22:21:40 System Checkpoint
04-06-2014 23:15:37 System Checkpoint
05-06-2014 15:13:07 Printer Driver LogMeIn Printer Driver Installed
06-06-2014 16:40:25 System Checkpoint
07-06-2014 15:13:33 Printer Driver LogMeIn Printer Driver Installed
08-06-2014 15:15:38 System Checkpoint
09-06-2014 17:46:26 System Checkpoint
10-06-2014 18:46:36 System Checkpoint
11-06-2014 20:30:14 System Checkpoint
12-06-2014 20:31:09 System Checkpoint
13-06-2014 21:19:43 System Checkpoint
14-06-2014 21:28:58 System Checkpoint
15-06-2014 22:28:59 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 08:00 - 2011-05-04 19:18 - 00433904 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2011-04-14 09:41 - 2008-04-19 17:35 - 00081920 _____ () C:\Program Files\ClamWin\bin\ExpShell.dll
2006-10-31 02:35 - 2006-10-31 02:35 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2013-07-26 11:45 - 2009-01-09 17:10 - 00139264 ____N () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-07-26 11:45 - 2002-11-26 13:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll
2011-04-14 09:41 - 2005-02-08 17:23 - 00979005 _____ () C:\Program Files\ClamWin\bin\python23.dll
2011-04-14 09:41 - 2004-11-20 03:27 - 00069632 _____ () C:\Program Files\ClamWin\lib\win32api.pyd
2011-04-14 09:41 - 2004-10-11 20:21 - 00094208 _____ () C:\Program Files\ClamWin\lib\pywintypes23.dll
2011-04-14 09:41 - 2004-05-25 21:18 - 00057401 _____ () C:\Program Files\ClamWin\lib\_sre.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00086016 _____ () C:\Program Files\ClamWin\lib\win32gui.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32event.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00036864 _____ () C:\Program Files\ClamWin\lib\win32process.pyd
2011-04-14 09:41 - 2004-05-25 21:18 - 00049212 _____ () C:\Program Files\ClamWin\lib\_socket.pyd
2011-04-14 09:41 - 2004-05-25 21:18 - 00495616 _____ () C:\Program Files\ClamWin\lib\_ssl.pyd
2011-04-14 09:41 - 2004-05-25 21:20 - 00036864 _____ () C:\Program Files\ClamWin\lib\_winreg.pyd
2011-04-14 09:41 - 2004-10-11 20:22 - 00315392 _____ () C:\Program Files\ClamWin\lib\pythoncom23.dll
2011-04-14 09:41 - 2004-11-20 03:27 - 00106496 _____ () C:\Program Files\ClamWin\lib\shell.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00065536 _____ () C:\Program Files\ClamWin\lib\win32security.pyd
2011-04-14 09:41 - 2004-01-15 14:45 - 00061440 _____ () C:\Program Files\ClamWin\lib\_ctypes.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00077824 _____ () C:\Program Files\ClamWin\lib\win32file.pyd
2011-04-14 09:41 - 2004-11-20 03:27 - 00024576 _____ () C:\Program Files\ClamWin\lib\win32pipe.pyd
2011-04-14 09:41 - 2003-10-01 13:40 - 02240512 _____ () C:\Program Files\ClamWin\lib\wxc.pyd
2011-04-14 09:41 - 2003-10-01 11:43 - 03239936 _____ () C:\Program Files\ClamWin\lib\wxmsw24h.dll
2011-04-14 09:41 - 2003-08-10 09:14 - 00061440 _____ () C:\Program Files\ClamWin\lib\mxDateTime.pyd
2011-04-14 09:41 - 2004-05-25 21:17 - 00622651 _____ () C:\Program Files\ClamWin\lib\_bsddb.pyd
2011-04-14 09:41 - 2004-05-25 21:19 - 00045117 _____ () C:\Program Files\ClamWin\lib\datetime.pyd
2011-04-14 09:43 - 2011-06-16 00:17 - 01850328 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pervasive.SQL Workgroup Engine.lnk => C:\WINDOWS\pss\Pervasive.SQL Workgroup Engine.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\WINDOWS\pss\OpenOffice.org 3.3.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PC Meter Connect => C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe minimize
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SkyTel => SkyTel.EXE

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/18/2014 02:06:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/17/2014 02:07:00 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/16/2014 02:53:06 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/15/2014 02:06:38 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/14/2014 02:50:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/13/2014 11:47:56 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: CTLCN BrtCTLCN: [2014/06/13 11:47:56.953]: [00003904]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683)             : -------- Button ID Not Found.

Error: (06/13/2014 02:42:31 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/12/2014 03:28:41 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/11/2014 02:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.9.22, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/11/2014 02:55:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

System errors:
=============
Error: (06/17/2014 09:26:43 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D8A03D97-DC3F-468E-ABAF-C5AE96CA78F4}.
The backup browser is stopping.

Error: (06/17/2014 04:27:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (06/17/2014 04:27:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).

Error: (06/17/2014 04:27:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (06/17/2014 04:26:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).

Error: (06/17/2014 04:26:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (06/17/2014 04:26:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).

Error: (06/17/2014 03:05:44 PM) (Source: DCOM) (EventID: 10010) (User: USER-0958A0D5DF)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (06/17/2014 03:05:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005).

Error: (06/17/2014 03:05:08 PM) (Source: DCOM) (EventID: 10010) (User: USER-0958A0D5DF)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================
Error: (06/18/2014 02:06:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/17/2014 02:07:00 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/16/2014 02:53:06 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/15/2014 02:06:38 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/14/2014 02:50:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/13/2014 11:47:56 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: CTLCNBrtCTLCN: [2014/06/13 11:47:56.953]: [00003904]: brccMCtl.exe: ControlCenter3Dlg.cpp (0683)             : -------- Button ID Not Found.

Error: (06/13/2014 02:42:31 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/12/2014 03:28:41 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

Error: (06/11/2014 02:34:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AcroRd32.exe10.1.9.22hungapp0.0.0.000000000

Error: (06/11/2014 02:55:39 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry0x80070005mpupdateengineam fe11.1.4590.0mpsigstub.exe4.5.216.0microsoft security essentialsNILNILNIL

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1918.3 MB
Available physical RAM: 766.44 MB
Total Pagefile: 3109.95 MB
Available Pagefile: 2067.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:42.68 GB) (Free:23.64 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive m: () (Network) (Total:114.4 GB) (Free:95.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 0000D8FA)
Partition 1: (Active) - (Size=43 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=32 GB) - (Type=05)

==================== End Of Log ============================

[kevinf80]

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

rpcss.dll

 

Click Search button and post the log (Search.txt) it makes to your reply.

[Holgate]

Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by User at 2014-06-18 14:38:47
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 01:56][2009-02-09 08:10] 0404992 ____A (Microsoft Corporation) ecd6144933785e4b917c4ef9d96908ba

C:\WINDOWS\system32\dllcache\rpcss.dll
[2011-05-04 03:03][2009-02-09 08:10] 0404992 ___AC (Microsoft Corporation) 4c600de9c7472836abc272e28b0a5437

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2011-04-14 09:56][2008-04-14 05:42] 0399360 ____N (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509  [File is signed]

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2011-05-04 09:11][2008-04-14 05:42] 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509  [File is signed]

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2011-04-14 09:53][2004-08-04 01:56] 0395776 ____C (Microsoft Corporation) 5c83a4408604f737717ab96371201680  [File is signed]

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2011-05-04 03:03][2009-02-09 06:56] 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2  [File is signed]

=== End Of Search ===

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Let me see those logs, also give an update on any remaining issues/concerns...

 

Kevin

 

fixlist.txt

[Holgate]

Farbar Recovery Scan Tool (x86) Version:16-06-2014
Ran by User at 2014-06-18 14:38:47
Running from C:\Documents and Settings\User\My Documents\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 01:56][2009-02-09 08:10] 0404992 ____A (Microsoft Corporation) ecd6144933785e4b917c4ef9d96908ba

C:\WINDOWS\system32\dllcache\rpcss.dll
[2011-05-04 03:03][2009-02-09 08:10] 0404992 ___AC (Microsoft Corporation) 4c600de9c7472836abc272e28b0a5437

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2011-04-14 09:56][2008-04-14 05:42] 0399360 ____N (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509  [File is signed]

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2011-05-04 09:11][2008-04-14 05:42] 0399360 ____C (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509  [File is signed]

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2011-04-14 09:53][2004-08-04 01:56] 0395776 ____C (Microsoft Corporation) 5c83a4408604f737717ab96371201680  [File is signed]

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2011-05-04 03:03][2009-02-09 06:56] 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2  [File is signed]

=== End Of Search ===

 

I'm running the Scan now. I'll post log when it's done.

 

Thanks,

Adam

[kevinf80]

Ok, thanks for the update...

[Holgate]

Here is the log. Everything seems fine so far.

 

Thanks a million,

Adam

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-0958A0D5DF [administrator]

6/18/2014 4:08:28 PM
mbam-log-2014-06-18 (16-08-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280541
Time elapsed: 1 hour(s), 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\Helper.dll (PUP.Optional.FreeCauseTB.A) -> Delete on reboot.

Registry Keys Detected: 3
HKCU\Software\FCTB000061107 (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Freecause\Toolbars (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1344186186 (Trojan.Agent.SCS) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wtwxqzg (Trojan.Ransom.Gend) -> Data: regsvr32.exe "C:\Documents and Settings\All Users\Application Data\wtwxqzg.dat" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Documents and Settings\User\Application Data\FCTB000061107 (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\ticker (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\override (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03 (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.

Files Detected: 226
C:\Documents and Settings\All Users\Application Data\wtwxqzg.dat (Trojan.Ransom.Gend) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\caching_banner.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\Helper.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\msgbox_bubble.tmpl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\SearchComponent.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\aboutTabs.7.js (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\aboutTabs.8.js (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\arrow.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\audio.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\banner_container.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\bookmarksplugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\bookmark_off.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\bookmark_on.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\bubble_permissions.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\build (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\chevron.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\component.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\default.xml (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\efolder.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\email.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\email2.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\email3.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\emailchecker_plugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\facebook.feature (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\fbrss.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\ff.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\FixToolbar1163.bat (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\folder.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\icons.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\iefavelem.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\localization.xml (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\location.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\magglass.ico (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\manage_bookmarks.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\marquee.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\marquee_permissions.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\messaging.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\minus.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\msgboxplugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\msgbox_openmsg.tmpl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\offline.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\patch.bat (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\plus.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\podcast.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\podcast.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\radio.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\RadioPlugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\resize.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\rssfeed.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\RSSReader_plugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\search.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\settings (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\star_on.gif (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\ticker.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\Toolbar.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\ToolbarUpdate.exe (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\TroubleShooter.exe (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\Uninst.exe (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\update_progress.html (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\version.txt (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\version.xsl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\weatherplugin.dll (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\weather_bubble.tmpl (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\amazon.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\ebay.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\email.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\email2.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\wikipedia.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\yahoo.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\down.gif (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\hr.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\mark.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\mark_do.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\mark_na.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\navbg.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\refresh.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\refresh_do.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\refresh_na.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\trash.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\trash_do.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\trash_na.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\unmark.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\unmark_do.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\unmark_na.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\msgbox\up.gif (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\ticker\left.gif (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\ticker\right.gif (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\27.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\0.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\1.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\10.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\11.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\12.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\13.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\14.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\15.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\16.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\17.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\18.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\19.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\2.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\20.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\21.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\22.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\23.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\24.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\25.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\26.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\28.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\29.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\3.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\30.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\31.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\32.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\33.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\34.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\35.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\36.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\37.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\38.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\39.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\4.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\40.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\41.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\42.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\43.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\44.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\45.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\46.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\47.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\5.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\6.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\7.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\8.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\9.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\hr.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\na.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\27.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\0.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\1.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\10.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\11.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\12.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\13.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\14.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\15.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\16.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\17.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\18.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\19.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\2.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\20.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\21.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\22.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\23.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\24.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\25.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\26.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\28.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\29.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\3.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\30.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\31.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\32.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\33.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\34.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\35.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\36.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\37.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\38.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\39.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\4.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\40.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\41.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\42.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\43.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\44.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\45.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\46.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\47.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\5.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\6.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\7.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\8.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\9.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\na.png (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\images\weather\png\Thumbs.db (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_stop_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_dropdwn_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_dropdwn_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_dropdwn_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_max_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_max_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_max_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_min_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_min_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_min_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_pause_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_pause_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_pause_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_playcntrl_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_playcntrl_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_play_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_play_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_play_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_stop_down.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_stop_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_volcntrl_over.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\btn_volcntrl_up.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer1.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer2.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer3.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer4.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer5.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\Equalizer6.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\playcntrl_bg.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\radio.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\radio_mask.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\radio_minimalized.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\radio_minimalized_mask.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\station.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\volslide_bg.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\volslide_track.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\vol_01.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\vol_02.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\FCTB000061107\Toolbar\skins\radio\gray03\vol_03.bmp (PUP.Optional.FreeCauseTB.A) -> Quarantined and deleted successfully.

(end)

[kevinf80]

I need to see the log from running FRST FIX named fixlog.txt The log will be in this folder C:\FRST\Logs

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• 
  

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 

• 
  

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 

• 
  

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Kevin....

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!