CarpetDweller Posted July 2, 2014 ID:848343 Share Posted July 2, 2014 I keep getting this error and I have tried a multitude of options to clear it up. I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards. I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did. I copied the logs per the instructions but it won't let me reply back to that post so here is another one. I have the logs but didn't want to post them yet. I ran the one for my system, (32 bit) so now I am at a stumbling block. Please help! Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues. Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user. Below is the pic of the error. Ideas?? Runtime Error pic.bmp Link to post Share on other sites More sharing options...
CarpetDweller Posted July 2, 2014 Author ID:848372 Share Posted July 2, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014Ran by A7AS (administrator) on AFLACA7AS on 02-07-2014 08:50:09Running from C:\Documents and Settings\A7AS\My Documents\DownloadsPlatform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe( ) C:\WINDOWS\system32\lxdqcoms.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe() C:\WINDOWS\system32\mswnetchk.exe(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Agere Systems) C:\WINDOWS\AGRSMMSG.exe(AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe(Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe(Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe(Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe() C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe() C:\WINDOWS\system32\MsChkPrompt.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Google) C:\Program Files\Google\Drive\googledrivesync.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe() C:\WINDOWS\Dll32Agent.Exe(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe(Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-04-13] (Agere Systems)HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)HKLM\...\Run: [WSPPurge] => C:\Program Files\Aflac\Common\WSPPurge.exe [20480 2007-12-26] (AFLAC)HKLM\...\Run: [Aflac_Do_Not_Remove] => C:\Aflac2000\WSPInfo.exe [45056 2006-09-12] (AFLAC)HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.)HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation)HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation)HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-16] (Analog Devices, Inc.)HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [200848 2009-03-04] (InterVideo Inc.)HKLM\...\Run: [CMGCredUI] => C:\WINDOWS\system32\CredUI.exe [204878 2007-05-08] (Credant Technologies, Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -kHKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [179712 2011-06-16] (Sybase, Inc.)HKLM\...\Run: [Afaria Client Event Monitor] => C:\Program Files\AClient\Bin\XCMonitor.exe [819712 2010-09-02] (Sybase, Inc.)HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-15] (Intuit Inc. All rights reserved.)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-04-14] (RealNetworks, Inc.)HKLM\...\Run: [lxdqmon.exe] => C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] ()HKLM\...\Run: [lxdqamon] => C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe [16040 2010-02-04] ()HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [!SysInit] => c:\windows\system32\mschkprompt.exe [28672 2008-11-07] ()Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exeHKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exeHKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -aStartup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No FileShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.aflac.com/?ReturnURL=https://my.aflac.com/portal/sso/SSOLogin.aspxSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileToolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253118906560DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No FileFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16]FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtensionFF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29]FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-onFF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10]FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14] Chrome: =======CHR HomePage: hxxp://www.google.comCHR RestoreOnStartup: "hxxp://www.google.com/"CHR StartupUrls: "hxxp://www.google.com"CHR DefaultSearchKeyword: trovi.searchCHR DefaultSearchProvider: Trovi searchCHR Plugin: (Shockwave Flash) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No FileCHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Google Update) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Extension: (Angry Birds) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-01]CHR Extension: (YouTube) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01]CHR Extension: (Google Search) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01]CHR Extension: (saVE net) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk [2014-05-05]CHR Extension: (DiscountExttensi) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gehhgpjdfdephlpmkjddgogkadbgmjom [2014-05-13]CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-13]CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj [2014-05-05]CHR Extension: (HTML Saver) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-05]CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-10-01]CHR Extension: (Gmail) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01]CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14]CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed]R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation)R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation)R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed]R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation)R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation)S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation)R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.)R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( )R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed]R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed]R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed]S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 ReflectService; C:\Program Files\NCH Software\Reflect\reflect.exe [1039364 2012-11-17] (NCH Software) [File not signed]S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec)S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation)R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation)R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation)R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed] ==================== Drivers (Whitelisted) ==================== R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed]S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.)R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed]S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.)R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.)R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation)S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed]S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed]R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-26] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-02] (Malwarebytes Corporation)S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation)R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation)R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation)R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed]R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation)R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation)R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation)R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation)R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation)R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation)S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed]R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell)S3 asdids; system32\DRIVERS\asdids.sys [X]S3 asdidsmp; system32\DRIVERS\asdids.sys [X]S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome2014-06-26 09:47 - 2014-06-26 09:51 - 00000000 ____D () C:\Program Files\Advanced Fix 20132014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 20132014-06-26 09:44 - 2014-07-02 08:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-06-26 09:44 - 2014-06-26 10:45 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-26 09:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.14037047466252014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.14037047466252014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus2014-06-10 12:36 - 2014-06-11 12:23 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx2014-06-04 10:35 - 2014-06-04 10:55 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series2014-06-02 09:14 - 2014-06-11 14:59 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY ==================== One Month Modified Files and Folders ======= 2014-07-02 08:51 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST2014-07-02 08:42 - 2012-11-02 07:27 - 00424488 _____ () C:\WinTab.log2014-07-02 08:40 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox2014-07-02 08:39 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox2014-07-02 08:39 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster2014-07-02 08:37 - 2014-06-26 09:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-07-02 08:37 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job2014-07-02 08:37 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job2014-07-02 08:37 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-07-02 08:37 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job2014-07-02 08:37 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job2014-07-02 08:37 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp2014-07-02 08:37 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb2014-07-02 08:31 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus2014-07-02 08:30 - 2009-09-16 11:16 - 01662659 ____N () C:\WINDOWS\WindowsUpdate.log2014-07-02 08:29 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-07-02 08:29 - 2009-09-16 07:10 - 00000159 ____N () C:\WINDOWS\wiadebug.log2014-07-02 08:29 - 2009-09-16 07:10 - 00000048 ____N () C:\WINDOWS\wiaservc.log2014-07-01 15:01 - 2009-09-16 11:23 - 00032552 ____N () C:\WINDOWS\SchedLgU.Txt2014-07-01 15:01 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini2014-07-01 15:01 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS2014-07-01 14:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-07-01 14:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2014-07-01 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job2014-07-01 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job2014-07-01 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job2014-07-01 10:50 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats2014-07-01 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job2014-07-01 08:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google2014-07-01 08:37 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job2014-06-30 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome2014-06-30 09:23 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google2014-06-29 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$2014-06-26 16:30 - 2014-05-05 11:17 - 00000000 ____D () C:\Program Files\save nett2014-06-26 10:45 - 2014-06-26 09:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$2014-06-26 09:51 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 20132014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 20132014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini2014-06-26 09:36 - 2006-02-28 06:00 - 00000921 _____ () C:\WINDOWS\win.ini2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$2014-06-26 08:43 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.14037047466252014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.14037047466252014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software2014-06-23 08:04 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv2014-06-16 08:01 - 2013-11-07 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus2014-06-16 07:36 - 2013-02-02 15:54 - 00001781 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk2014-06-16 07:36 - 2012-11-02 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan2014-06-12 09:36 - 2014-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\AFLAC logos2014-06-11 14:59 - 2014-06-02 09:14 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY2014-06-11 12:23 - 2014-06-10 12:36 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV2014-06-11 12:23 - 2008-01-21 12:57 - 00000000 ____S () C:\WINDOWS\8JVFLKZC.DDP2014-06-10 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job2014-06-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job2014-06-05 13:57 - 2009-09-16 07:07 - 00634624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx2014-06-04 10:55 - 2014-06-04 10:35 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series2014-06-02 09:10 - 2009-09-17 12:04 - 00000000 ____D () C:\Program Files\WorksitePro Files to move or delete:====================C:\Windows\Tasks\At1.jobC:\Windows\Tasks\At2.jobC:\Windows\Tasks\At3.jobC:\Windows\Tasks\At4.job Some content of TEMP:====================C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exeC:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
CarpetDweller Posted July 2, 2014 Author ID:848374 Share Posted July 2, 2014 Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014Ran by A7AS at 2014-07-02 08:51:36Running from C:\Documents and Settings\A7AS\My Documents\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) HiddenAdobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)Afaria Client (HKLM\...\Afaria Client) (Version: 6.60 - Sybase, Inc.)Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)EncryptionByCredant (HKLM\...\InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}) (Version: 1.04.0002 - AFLAC)EncryptionByCredant (Version: 1.04.0002 - AFLAC) HiddenEpson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenHP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.5800 - HP)HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.)InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) HiddenJava 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) HiddenJuniper Networks Network Connect 6.0.0 (HKLM\...\Juniper Network Connect 6.0.0) (Version: 6.0.0.12507 - Juniper Networks)Juniper Networks Network Connect 6.3.0 (HKLM\...\Juniper Network Connect 6.3.0) (Version: 6.3.0.13725 - Juniper Networks)Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16789 - Juniper Networks)Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks)Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version: - Lexmark International, Inc.)LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.90 - Symantec Corporation)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) HiddenMicrosoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)Midland LifeSolutions (Version: 18.4 - Midland National) HiddenMidland LifeSolutions (Version: 18.5 - Midland National) HiddenMotorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)Premium Quote (HKLM\...\Premium Quote) (Version: - )QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) HiddenQuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) HiddenReflect Customer Database (HKLM\...\Reflect) (Version: - NCH Software)Rosetta Stone Version 3 (HKLM\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)save nett (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1667 - siavve, nnet) <==== ATTENTIONSmartApp Next Generation (HKLM\...\{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}) (Version: 1.03.4000 - AFLAC)SmartPremium (HKLM\...\InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}) (Version: 1.00.0000 - AFLAC)SmartPremium (Version: 1.00.0000 - AFLAC) HiddenSN.Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}) (Version: - Certified Publisher) <==== ATTENTIONSNG Prerequisites (HKLM\...\{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}) (Version: 1.00.1000 - AFLAC)SNGCoreUpgrade (HKLM\...\InstallShield_{9D02381C-397E-4FDE-B127-BE6B78202CB4}) (Version: 35.11.2012 - AFLAC)SNGCoreUpgrade (Version: 35.11.2012 - AFLAC) HiddenSoftware Updater (HKLM\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices)Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)Topaz 4X5 WinTab Driver v2.16 (HKLM\...\Topaz 4X5 WinTab Driver v2.16) (Version: 2.16 - Topaz Systems, Inc.)Topaz e-Signatures SigPlus 3.55 (HKLM\...\Topaz e-Signatures SigPlus 3.55) (Version: 3.55 - Topaz Systems, Inc.)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) HiddenWebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWindows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)Windows PowerShell 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)WinZip (HKLM\...\WinZip) (Version: - )WorksitePro (HKLM\...\{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}) (Version: 2.51.0344 - ETI Benefits) ==================== Restore Points ========================= 01-04-2014 20:44:34 System Checkpoint03-04-2014 17:54:58 System Checkpoint15-04-2014 14:08:02 Installed Windows XP Wdf01009.16-04-2014 17:28:53 System Checkpoint17-04-2014 20:29:32 System Checkpoint18-04-2014 21:38:06 System Checkpoint19-04-2014 23:08:05 System Checkpoint21-04-2014 00:38:05 System Checkpoint22-04-2014 02:03:28 System Checkpoint23-04-2014 02:07:23 System Checkpoint24-04-2014 03:14:04 System Checkpoint28-04-2014 20:28:18 System Checkpoint29-04-2014 20:29:29 System Checkpoint30-04-2014 21:38:38 System Checkpoint01-05-2014 23:08:56 System Checkpoint03-05-2014 00:38:38 System Checkpoint04-05-2014 02:08:37 System Checkpoint05-05-2014 03:38:38 System Checkpoint05-05-2014 16:34:52 Removed Ask Toolbar.05-05-2014 17:21:13 Software Distribution Service 3.005-05-2014 19:35:50 Installed Windows Internet Explorer 8.05-05-2014 19:39:00 Software Distribution Service 3.006-05-2014 16:18:55 Installed Java 7 Update 5507-05-2014 20:30:16 System Checkpoint08-05-2014 21:29:35 System Checkpoint09-05-2014 22:59:47 System Checkpoint11-05-2014 00:29:35 System Checkpoint12-05-2014 01:59:34 System Checkpoint13-05-2014 03:29:34 System Checkpoint14-05-2014 04:36:39 System Checkpoint14-05-2014 16:51:05 Removed Maxload Pro Demo14-05-2014 16:55:34 Removed HP Officejet Pro 8600 Basic Device Software15-05-2014 14:04:29 Installed Microsoft Office Enterprise 200715-05-2014 14:51:27 Printer Driver Send To Microsoft OneNote Driver Installed15-05-2014 15:59:52 Configured Microsoft Office Enterprise 200716-05-2014 17:06:08 System Checkpoint17-05-2014 18:36:00 System Checkpoint18-05-2014 20:06:00 System Checkpoint19-05-2014 20:16:35 System Checkpoint20-05-2014 23:06:44 Installed Rosetta Stone Version 321-05-2014 23:07:32 System Checkpoint23-05-2014 00:37:41 System Checkpoint24-05-2014 02:07:32 System Checkpoint25-05-2014 03:37:32 System Checkpoint26-05-2014 05:07:32 System Checkpoint27-05-2014 06:37:32 System Checkpoint28-05-2014 08:07:46 System Checkpoint29-05-2014 09:37:40 System Checkpoint02-06-2014 20:33:45 System Checkpoint03-06-2014 21:43:44 System Checkpoint04-06-2014 23:13:48 System Checkpoint06-06-2014 00:43:55 System Checkpoint07-06-2014 02:13:43 System Checkpoint08-06-2014 03:43:43 System Checkpoint09-06-2014 05:13:43 System Checkpoint10-06-2014 06:43:44 System Checkpoint11-06-2014 08:13:49 System Checkpoint12-06-2014 09:38:49 System Checkpoint16-06-2014 15:39:18 System Checkpoint17-06-2014 20:30:24 System Checkpoint23-06-2014 13:45:30 System Checkpoint25-06-2014 13:55:17 avast! antivirus system restore point26-06-2014 13:46:03 Installed Windows XP winusb0200.26-06-2014 14:14:20 avast! antivirus system restore point27-06-2014 14:26:30 System Checkpoint28-06-2014 15:56:28 System Checkpoint29-06-2014 17:26:28 System Checkpoint30-06-2014 17:36:05 System Checkpoint ==================== Hosts content: ========================== 2006-02-28 06:00 - 2014-03-11 16:52 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exeTask: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\ReclaimerResumeInstall_A7AS.job => C:\Documents and Settings\A7AS\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exeTask: C:\WINDOWS\Tasks\SN.Booster-S-469265631.job => c:\documents and settings\all users\application data\appready software\sn.booster\SN.Booster.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2008-01-21 12:55 - 2007-05-08 11:57 - 00159822 _____ () C:\WINDOWS\system32\CredNP.dll2013-05-30 14:28 - 2009-08-13 07:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdqdrpp.dll2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll2010-01-21 12:37 - 2008-11-07 14:38 - 00122880 _____ () C:\WINDOWS\system32\MsWnetChk.exe2010-01-21 12:37 - 2006-02-22 19:22 - 00110592 _____ () C:\WINDOWS\system32\WPSScanner.dll2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2013-05-30 14:27 - 2010-02-04 04:17 - 00672424 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe2013-05-30 14:27 - 2010-02-04 04:17 - 00025256 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe2013-05-30 14:27 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Common.dll2013-05-30 14:27 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Core.dll2013-05-30 14:27 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.dll2013-05-30 14:27 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll2010-01-21 12:37 - 2008-11-07 14:38 - 00028672 _____ () C:\windows\system32\mschkprompt.exe2010-01-21 12:37 - 2008-11-07 14:38 - 00032768 _____ () C:\windows\system32\MsSupCa.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00098816 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32api.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00110080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pywintypes27.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00364544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pythoncom27.dll2014-07-02 08:38 - 2014-07-02 08:38 - 00045568 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_socket.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01160704 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ssl.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00320512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32com.shell.shell.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00713216 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_hashlib.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01175040 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._core_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00805888 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._gdi_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00811008 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._windows_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 01062400 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._controls_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00735232 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._misc_.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00128512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_elementtree.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00127488 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pyexpat.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00557056 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pysqlite2._sqlite.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00007168 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\hashobjs_ext.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00087552 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ctypes.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00119808 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32file.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00108544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32security.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00018432 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32event.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00038912 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32inet.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00070656 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._html2.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00167936 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32gui.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00011264 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32crypt.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00027136 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_multiprocessing.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00122368 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._wizard.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00010240 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\select.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00024064 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pipe.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00686080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\unicodedata.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00025600 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pdh.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00525640 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\windows._lib_cacheinvalidation.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00035840 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32process.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00017408 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32profile.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00022528 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32ts.pyd2014-07-02 08:38 - 2014-07-02 08:38 - 00078336 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._animate.pyd2008-12-11 13:22 - 2008-12-11 13:22 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll2008-12-11 13:20 - 2008-12-11 13:20 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll2008-01-21 12:42 - 2010-01-21 12:37 - 00290816 ____N () C:\WINDOWS\Dll32Agent.Exe2010-01-21 12:37 - 2010-01-21 12:37 - 00200704 __RSH () C:\WINDOWS\MSCAE32.dll2010-01-21 12:37 - 2010-01-21 12:37 - 00172032 __RSH () C:\WINDOWS\system32\MSCHKSYS.DLL2014-07-02 08:39 - 2014-07-02 08:39 - 00043008 _____ () c:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\libcef.dll2013-11-15 18:45 - 2013-11-15 18:45 - 00269128 _____ () C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2013\boost_regex-vc90-mt-p-1_33.dll2006-02-28 06:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2006-02-28 06:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2014-06-30 09:24 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll2014-06-30 09:24 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll2014-06-30 09:24 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll2014-06-30 09:24 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupreg: EPLTarget => ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (07/02/2014 08:41:38 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "x; 2013":DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:44:23 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "x; 2013":DB error -739 ErrorMessage:'DBLib not initialized: error -739' Error: (07/01/2014 08:40:04 AM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/26/2014 08:45:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 02:29:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 01:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 11:17:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/25/2014 10:28:07 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: AFLACA7AS)Description: Risk: C:\WINDOWS\system32\taskmgr.exe in File: C:\Program Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked. Action Description: Error: (06/25/2014 09:58:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (06/11/2014 01:03:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\MY DOCUMENTS\MY PICTURES\$$$$$$$$.$$$> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (07/02/2014 08:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/02/2014 08:29:03 AM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (07/01/2014 08:38:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (07/01/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (07/01/2014 08:36:11 AM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 04:53:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: atapiIntelIdePCIIdePcmcia Error: (06/26/2014 04:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Parallel port driver service failed to start due to the following error: %%1058 Error: (06/26/2014 04:52:12 PM) (Source: SCardSvr) (EventID: 602) (User: )Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified. Error: (06/26/2014 00:38:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for Description with the following error: %%5 Microsoft Office Sessions:=========================Error: (05/15/2014 11:06:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 434 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 87%Total physical RAM: 1976.19 MBAvailable physical RAM: 249.83 MBTotal Pagefile: 3868.28 MBAvailable Pagefile: 2444.66 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1938.01 MB ==================== Drives ================================ Drive c: (OSdisk) (Fixed) (Total:134.04 GB) (Free:95.61 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2BD2C32A)Partition 1: (Not Active) - (Size=15 GB) - (Type=17)Partition 2: (Active) - (Size=134 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
John L. Galt Posted July 2, 2014 ID:848386 Share Posted July 2, 2014 Hi,CarpetDweller, and In scanning your logs, it looks like there may be some sort of infection on your system. I would suggest that you read the topic https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/ and pick a method to have your system examined and follow the appropriate link inside. HTH Link to post Share on other sites More sharing options...
CarpetDweller Posted July 2, 2014 Author ID:848419 Share Posted July 2, 2014 Thank you John. I posted it in the wrong forum it appears. I resubmitted it and the logs under the Malware removal forum you suggested. Thanks again Link to post Share on other sites More sharing options...
Recommended Posts