Runtime Error --Visual C++ Runtime Library

CarpetDweller · July 2, 2014

I keep getting this error and I have tried a multitude of options to clear it up. I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards. I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did. I copied the logs per the instructions but it won't let me reply back to that post so here is another one.

I ran the one for my system, (32 bit) so now I am at a stumbling block. Please help!

Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues. Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user.

Below is the pic of the error.

Ideas??

Here are my logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014

Ran by A7AS (administrator) on AFLACA7AS on 02-07-2014 08:50:09

Running from C:\Documents and Settings\A7AS\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...an-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...an-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe

(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe

( ) C:\WINDOWS\system32\lxdqcoms.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe

() C:\WINDOWS\system32\mswnetchk.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Agere Systems) C:\WINDOWS\AGRSMMSG.exe

(AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe

(Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

() C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

() C:\WINDOWS\system32\MsChkPrompt.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\WINDOWS\Dll32Agent.Exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe

(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-04-13] (Agere Systems)

HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)

HKLM\...\Run: [WSPPurge] => C:\Program Files\Aflac\Common\WSPPurge.exe [20480 2007-12-26] (AFLAC)

HKLM\...\Run: [Aflac_Do_Not_Remove] => C:\Aflac2000\WSPInfo.exe [45056 2006-09-12] (AFLAC)

HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.)

HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation)

HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation)

HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-16] (Analog Devices, Inc.)

HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [200848 2009-03-04] (InterVideo Inc.)

HKLM\...\Run: [CMGCredUI] => C:\WINDOWS\system32\CredUI.exe [204878 2007-05-08] (Credant Technologies, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [179712 2011-06-16] (Sybase, Inc.)

HKLM\...\Run: [Afaria Client Event Monitor] => C:\Program Files\AClient\Bin\XCMonitor.exe [819712 2010-09-02] (Sybase, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-04-14] (RealNetworks, Inc.)

HKLM\...\Run: [lxdqmon.exe] => C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] ()

HKLM\...\Run: [lxdqamon] => C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe [16040 2010-02-04] ()

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [!SysInit] => c:\windows\system32\mschkprompt.exe [28672 2008-11-07] ()

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a

Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.aflac....o/SSOLogin.aspx

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253118906560

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]

FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29]

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10]

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]

Chrome:

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR StartupUrls: "hxxp://www.google.com"

CHR DefaultSearchKeyword: trovi.search

CHR DefaultSearchProvider: Trovi search

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No File

CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (MicrosoftÂ® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Google Update) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll No File

CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Angry Birds) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-01]

CHR Extension: (YouTube) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01]

CHR Extension: (Google Search) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01]

CHR Extension: (saVE net) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk [2014-05-05]

CHR Extension: (DiscountExttensi) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gehhgpjdfdephlpmkjddgogkadbgmjom [2014-05-13]

CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-13]

CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj [2014-05-05]

CHR Extension: (HTML Saver) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-05]

CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-10-01]

CHR Extension: (Gmail) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed]

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation)

R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed]

R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation)

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation)

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation)

R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.)

R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( )

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed]

R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed]

R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 ReflectService; C:\Program Files\NCH Software\Reflect\reflect.exe [1039364 2012-11-17] (NCH Software) [File not signed]

S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec)

S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation)

R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation)

R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation)

R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed]

S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.)

R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)

R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed]

S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.)

R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.)

R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation)

S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed]

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)

S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)

S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)

S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed]

R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-26] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-02] (Malwarebytes Corporation)

S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)

R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation)

R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation)

R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed]

R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation)

R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation)

R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)

S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)

R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation)

R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation)

R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation)

S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]

S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)

R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed]

R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell)

S3 asdids; system32\DRIVERS\asdids.sys [X]

S3 asdidsmp; system32\DRIVERS\asdids.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST

2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-26 09:47 - 2014-06-26 09:51 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk

2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013

2014-06-26 09:44 - 2014-07-02 08:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-06-26 09:44 - 2014-06-26 10:45 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll

2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll

2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll

2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll

2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll

2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk

2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk

2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

2014-06-10 12:36 - 2014-06-11 12:23 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV

2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx

2014-06-04 10:35 - 2014-06-04 10:55 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log

2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series

2014-06-02 09:14 - 2014-06-11 14:59 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY

==================== One Month Modified Files and Folders =======

2014-07-02 08:51 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp

2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST

2014-07-02 08:42 - 2012-11-02 07:27 - 00424488 _____ () C:\WinTab.log

2014-07-02 08:40 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox

2014-07-02 08:39 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox

2014-07-02 08:39 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster

2014-07-02 08:37 - 2014-06-26 09:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-02 08:37 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job

2014-07-02 08:37 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-02 08:37 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp

2014-07-02 08:37 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb

2014-07-02 08:31 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus

2014-07-02 08:30 - 2009-09-16 11:16 - 01662659 ____N () C:\WINDOWS\WindowsUpdate.log

2014-07-02 08:29 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-02 08:29 - 2009-09-16 07:10 - 00000159 ____N () C:\WINDOWS\wiadebug.log

2014-07-02 08:29 - 2009-09-16 07:10 - 00000048 ____N () C:\WINDOWS\wiaservc.log

2014-07-01 15:01 - 2009-09-16 11:23 - 00032552 ____N () C:\WINDOWS\SchedLgU.Txt

2014-07-01 15:01 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini

2014-07-01 15:01 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS

2014-07-01 14:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-01 14:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-07-01 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job

2014-07-01 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job

2014-07-01 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job

2014-07-01 10:50 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats

2014-07-01 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job

2014-07-01 08:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google

2014-07-01 08:37 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-06-30 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-30 09:23 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google

2014-06-29 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job

2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$

2014-06-26 16:30 - 2014-05-05 11:17 - 00000000 ____D () C:\Program Files\save nett

2014-06-26 10:45 - 2014-06-26 09:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$

2014-06-26 09:51 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk

2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013

2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss

2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini

2014-06-26 09:36 - 2006-02-28 06:00 - 00000921 _____ () C:\WINDOWS\win.ini

2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-26 08:43 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

2014-06-23 08:04 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk

2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk

2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv

2014-06-16 08:01 - 2013-11-07 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

2014-06-16 07:36 - 2013-02-02 15:54 - 00001781 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

2014-06-16 07:36 - 2012-11-02 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

2014-06-12 09:36 - 2014-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\AFLAC logos

2014-06-11 14:59 - 2014-06-02 09:14 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY

2014-06-11 12:23 - 2014-06-10 12:36 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV

2014-06-11 12:23 - 2008-01-21 12:57 - 00000000 ____S () C:\WINDOWS\8JVFLKZC.DDP

2014-06-10 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-06-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job

2014-06-05 13:57 - 2009-09-16 07:07 - 00634624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy RENFROES OFFICE.xlsx

2014-06-04 10:55 - 2014-06-04 10:35 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log

2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series

2014-06-02 09:10 - 2009-09-17 12:04 - 00000000 ____D () C:\Program Files\WorksitePro

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

Some content of TEMP:

====================

C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Runtime Error pic.bmp

CarpetDweller · July 2, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014

Ran by A7AS at 2014-07-02 08:51:36

Running from C:\Documents and Settings\A7AS\My Documents\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)

Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)

Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)

Afaria Client (HKLM\...\Afaria Client) (Version: 6.60 - Sybase, Inc.)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)

Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)

Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

EncryptionByCredant (HKLM\...\InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}) (Version: 1.04.0002 - AFLAC)

EncryptionByCredant (Version: 1.04.0002 - AFLAC) Hidden

Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )

Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)

EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)

Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version: - SEIKO EPSON Corporation)

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.5800 - HP)

HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)

HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)

HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)

InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.)

InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) Hidden

Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden

Juniper Networks Network Connect 6.0.0 (HKLM\...\Juniper Network Connect 6.0.0) (Version: 6.0.0.12507 - Juniper Networks)

Juniper Networks Network Connect 6.3.0 (HKLM\...\Juniper Network Connect 6.3.0) (Version: 6.3.0.13725 - Juniper Networks)

Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16789 - Juniper Networks)

Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks)

Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)

Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)

Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )

Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )

Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version: - Lexmark International, Inc.)

LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.90 - Symantec Corporation)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )

Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden

Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )

Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden

Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version: - Microsoft Corporation)

Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden

Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)

Midland LifeSolutions (Version: 18.4 - Midland National) Hidden

Midland LifeSolutions (Version: 18.5 - Midland National) Hidden

Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)

Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Premium Quote (HKLM\...\Premium Quote) (Version: - )

QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) Hidden

QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)

RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Reflect Customer Database (HKLM\...\Reflect) (Version: - NCH Software)

Rosetta Stone Version 3 (HKLM\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)

save nett (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1667 - siavve, nnet) <==== ATTENTION

SmartApp Next Generation (HKLM\...\{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}) (Version: 1.03.4000 - AFLAC)

SmartPremium (HKLM\...\InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}) (Version: 1.00.0000 - AFLAC)

SmartPremium (Version: 1.00.0000 - AFLAC) Hidden

SN.Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}) (Version: - Certified Publisher) <==== ATTENTION

SNG Prerequisites (HKLM\...\{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}) (Version: 1.00.1000 - AFLAC)

SNGCoreUpgrade (HKLM\...\InstallShield_{9D02381C-397E-4FDE-B127-BE6B78202CB4}) (Version: 35.11.2012 - AFLAC)

SNGCoreUpgrade (Version: 35.11.2012 - AFLAC) Hidden

Software Updater (HKLM\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)

SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices)

Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)

Topaz 4X5 WinTab Driver v2.16 (HKLM\...\Topaz 4X5 WinTab Driver v2.16) (Version: 2.16 - Topaz Systems, Inc.)

Topaz e-Signatures SigPlus 3.55 (HKLM\...\Topaz e-Signatures SigPlus 3.55) (Version: 3.55 - Topaz Systems, Inc.)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)

Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)

Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden

Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)

Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)

Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

Windows Media Player 11 (Version: - Microsoft Corporation) Hidden

Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)

Windows PowerShell 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)

Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

WinZip (HKLM\...\WinZip) (Version: - )

WorksitePro (HKLM\...\{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}) (Version: 2.51.0344 - ETI Benefits)

==================== Restore Points =========================

01-04-2014 20:44:34 System Checkpoint

03-04-2014 17:54:58 System Checkpoint

15-04-2014 14:08:02 Installed Windows XP Wdf01009.

16-04-2014 17:28:53 System Checkpoint

17-04-2014 20:29:32 System Checkpoint

18-04-2014 21:38:06 System Checkpoint

19-04-2014 23:08:05 System Checkpoint

21-04-2014 00:38:05 System Checkpoint

22-04-2014 02:03:28 System Checkpoint

23-04-2014 02:07:23 System Checkpoint

24-04-2014 03:14:04 System Checkpoint

28-04-2014 20:28:18 System Checkpoint

29-04-2014 20:29:29 System Checkpoint

30-04-2014 21:38:38 System Checkpoint

01-05-2014 23:08:56 System Checkpoint

03-05-2014 00:38:38 System Checkpoint

04-05-2014 02:08:37 System Checkpoint

05-05-2014 03:38:38 System Checkpoint

05-05-2014 16:34:52 Removed Ask Toolbar.

05-05-2014 17:21:13 Software Distribution Service 3.0

05-05-2014 19:35:50 Installed Windows Internet Explorer 8.

05-05-2014 19:39:00 Software Distribution Service 3.0

06-05-2014 16:18:55 Installed Java 7 Update 55

07-05-2014 20:30:16 System Checkpoint

08-05-2014 21:29:35 System Checkpoint

09-05-2014 22:59:47 System Checkpoint

11-05-2014 00:29:35 System Checkpoint

12-05-2014 01:59:34 System Checkpoint

13-05-2014 03:29:34 System Checkpoint

14-05-2014 04:36:39 System Checkpoint

14-05-2014 16:51:05 Removed Maxload Pro Demo

14-05-2014 16:55:34 Removed HP Officejet Pro 8600 Basic Device Software

15-05-2014 14:04:29 Installed Microsoft Office Enterprise 2007

15-05-2014 14:51:27 Printer Driver Send To Microsoft OneNote Driver Installed

15-05-2014 15:59:52 Configured Microsoft Office Enterprise 2007

16-05-2014 17:06:08 System Checkpoint

17-05-2014 18:36:00 System Checkpoint

18-05-2014 20:06:00 System Checkpoint

19-05-2014 20:16:35 System Checkpoint

20-05-2014 23:06:44 Installed Rosetta Stone Version 3

21-05-2014 23:07:32 System Checkpoint

23-05-2014 00:37:41 System Checkpoint

24-05-2014 02:07:32 System Checkpoint

25-05-2014 03:37:32 System Checkpoint

26-05-2014 05:07:32 System Checkpoint

27-05-2014 06:37:32 System Checkpoint

28-05-2014 08:07:46 System Checkpoint

29-05-2014 09:37:40 System Checkpoint

02-06-2014 20:33:45 System Checkpoint

03-06-2014 21:43:44 System Checkpoint

04-06-2014 23:13:48 System Checkpoint

06-06-2014 00:43:55 System Checkpoint

07-06-2014 02:13:43 System Checkpoint

08-06-2014 03:43:43 System Checkpoint

09-06-2014 05:13:43 System Checkpoint

10-06-2014 06:43:44 System Checkpoint

11-06-2014 08:13:49 System Checkpoint

12-06-2014 09:38:49 System Checkpoint

16-06-2014 15:39:18 System Checkpoint

17-06-2014 20:30:24 System Checkpoint

23-06-2014 13:45:30 System Checkpoint

25-06-2014 13:55:17 avast! antivirus system restore point

26-06-2014 13:46:03 Installed Windows XP winusb0200.

26-06-2014 14:14:20 avast! antivirus system restore point

27-06-2014 14:26:30 System Checkpoint

28-06-2014 15:56:28 System Checkpoint

29-06-2014 17:26:28 System Checkpoint

30-06-2014 17:36:05 System Checkpoint

==================== Hosts content: ==========================

2006-02-28 06:00 - 2014-03-11 16:52 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe

Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe

Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_A7AS.job => C:\Documents and Settings\A7AS\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe

Task: C:\WINDOWS\Tasks\SN.Booster-S-469265631.job => c:\documents and settings\all users\application data\appready software\sn.booster\SN.Booster.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2008-01-21 12:55 - 2007-05-08 11:57 - 00159822 _____ () C:\WINDOWS\system32\CredNP.dll

2013-05-30 14:28 - 2009-08-13 07:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdqdrpp.dll

2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll

2010-01-21 12:37 - 2008-11-07 14:38 - 00122880 _____ () C:\WINDOWS\system32\MsWnetChk.exe

2010-01-21 12:37 - 2006-02-22 19:22 - 00110592 _____ () C:\WINDOWS\system32\WPSScanner.dll

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2013-05-30 14:27 - 2010-02-04 04:17 - 00672424 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

2013-05-30 14:27 - 2010-02-04 04:17 - 00025256 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe

2013-05-30 14:27 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Common.dll

2013-05-30 14:27 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Core.dll

2013-05-30 14:27 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.dll

2013-05-30 14:27 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

2010-01-21 12:37 - 2008-11-07 14:38 - 00028672 _____ () C:\windows\system32\mschkprompt.exe

2010-01-21 12:37 - 2008-11-07 14:38 - 00032768 _____ () C:\windows\system32\MsSupCa.dll

2014-07-02 08:38 - 2014-07-02 08:38 - 00098816 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32api.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00110080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pywintypes27.dll

2014-07-02 08:38 - 2014-07-02 08:38 - 00364544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pythoncom27.dll

2014-07-02 08:38 - 2014-07-02 08:38 - 00045568 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_socket.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 01160704 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ssl.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00320512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32com.shell.shell.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00713216 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_hashlib.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 01175040 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._core_.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00805888 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._gdi_.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00811008 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._windows_.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 01062400 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._controls_.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00735232 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._misc_.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00128512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_elementtree.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00127488 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pyexpat.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00557056 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pysqlite2._sqlite.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00007168 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\hashobjs_ext.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00087552 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ctypes.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00119808 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32file.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00108544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32security.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00018432 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32event.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00038912 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32inet.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00070656 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._html2.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00167936 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32gui.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00011264 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32crypt.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00027136 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_multiprocessing.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00122368 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._wizard.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00010240 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\select.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00024064 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pipe.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00686080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\unicodedata.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00025600 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pdh.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00525640 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\windows._lib_cacheinvalidation.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00035840 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32process.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00017408 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32profile.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00022528 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32ts.pyd

2014-07-02 08:38 - 2014-07-02 08:38 - 00078336 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._animate.pyd

2008-12-11 13:22 - 2008-12-11 13:22 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll

2008-12-11 13:20 - 2008-12-11 13:20 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2008-01-21 12:42 - 2010-01-21 12:37 - 00290816 ____N () C:\WINDOWS\Dll32Agent.Exe

2010-01-21 12:37 - 2010-01-21 12:37 - 00200704 __RSH () C:\WINDOWS\MSCAE32.dll

2010-01-21 12:37 - 2010-01-21 12:37 - 00172032 __RSH () C:\WINDOWS\system32\MSCHKSYS.DLL

2014-07-02 08:39 - 2014-07-02 08:39 - 00043008 _____ () c:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll

2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\libcef.dll

2013-11-15 18:45 - 2013-11-15 18:45 - 00269128 _____ () C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2013\boost_regex-vc90-mt-p-1_33.dll

2006-02-28 06:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2006-02-28 06:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2014-06-30 09:24 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-30 09:24 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-30 09:24 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

2014-06-30 09:24 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: EPLTarget =>

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/02/2014 08:41:38 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "x; 2013":

DB error -739 ErrorMessage:'DBLib not initialized: error -739'

Error: (07/01/2014 08:44:23 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "x; 2013":

DB error -739 ErrorMessage:'DBLib not initialized: error -739'

Error: (07/01/2014 08:40:04 AM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/26/2014 08:45:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (06/25/2014 02:29:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (06/25/2014 01:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (06/25/2014 11:17:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (06/25/2014 10:28:07 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: AFLACA7AS)

Description: Risk: C:\WINDOWS\system32\taskmgr.exe in File: C:\Program Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan. Action: Blocked. Action Description:

Error: (06/25/2014 09:58:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (06/11/2014 01:03:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\MY DOCUMENTS\MY PICTURES\$$$$$$$$.$$$> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (07/02/2014 08:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error:

%%1058

Error: (07/02/2014 08:29:03 AM) (Source: SCardSvr) (EventID: 602) (User: )

Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.

Error: (07/01/2014 08:38:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (07/01/2014 08:37:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (07/01/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error:

%%1058

Error: (07/01/2014 08:36:11 AM) (Source: SCardSvr) (EventID: 602) (User: )

Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.

Error: (06/26/2014 04:53:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

atapi

IntelIde

PCIIde

Pcmcia

Error: (06/26/2014 04:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Parallel port driver service failed to start due to the following error:

%%1058

Error: (06/26/2014 04:52:12 PM) (Source: SCardSvr) (EventID: 602) (User: )

Description: WDM Reader driver initialization cannot open reader device: The system cannot find the path specified.

Error: (06/26/2014 00:38:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Description with the following error:

%%5

Microsoft Office Sessions:

=========================

Error: (05/15/2014 11:06:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 434 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 87%

Total physical RAM: 1976.19 MB

Available physical RAM: 249.83 MB

Total Pagefile: 3868.28 MB

Available Pagefile: 2444.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1938.01 MB

==================== Drives ================================

Drive c: (OSdisk) (Fixed) (Total:134.04 GB) (Free:95.61 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2BD2C32A)

Partition 1: (Not Active) - (Size=15 GB) - (Type=17)

Partition 2: (Active) - (Size=134 GB) - (Type=07 NTFS)

==================== End Of Log ============================

CarpetDweller · July 17, 2014

Does anyone have any ideas on how to fix this??

AdvancedSetup · July 17, 2014

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.

Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
[*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
[*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thank you

CarpetDweller · July 21, 2014

OK guys, I have done per the instructions, uninstalled, cleaned, re installed, attempted to run using the Chameleon but I can't get the thing to update at all.. Even after I downloaded the most current version of MalwareBytes, I can't get it to update. Period. As soon as I start to scan, I get an error saying 'Runtime Error' Abnormal program termination, then it shuts down. The issue as a whole is that I cannot get mbam to run a scan without this Runtime error in Microsoft Visual C++ Runtime library popping up, which makes the program shut down. I posted up above the log I DID get to run once by using the Chameleon utility, however it was a fleeting thing, because I can't get it to run again since.

This is what happens

Runtime Error pic.bmp

CarpetDweller · July 21, 2014

Sorry for the multiple post, I couldn't get the images to load to attach them here. Please see above messages

CheckResults.txt

Rkill.txt

CheckResults.txt

AdvancedSetup · July 22, 2014

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

CarpetDweller · July 22, 2014

STEP 04 JUNKWARE REMOVAL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Microsoft Windows XP x86

Ran by A7AS on Tue 07/22/2014 at 8:25:12.76

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"

Successfully deleted: [Folder] "C:\Documents and Settings\A7AS\Local Settings\Application Data\torch"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 07/22/2014 at 8:31:16.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

STEP 05 ADW log(s)

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/22/2014

Scan Time: 9:53:53 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.03.04.09

Rootkit Database: v2014.02.20.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: A7AS

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 294987

Time Elapsed: 14 min, 59 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 7/22/2014

Scan Time: 9:53:53 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.03.04.09

Rootkit Database: v2014.02.20.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: A7AS

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 294987

Time Elapsed: 14 min, 59 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

# AdwCleaner v3.216 - Report created 22/07/2014 at 09:19:33

# Updated 17/07/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : A7AS - AFLACA7AS

# Running from : C:\Documents and Settings\A7AS\My Documents\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx

Folder Found : C:\DOCUME~1\A7AS\LOCALS~1\Temp\Norpalla

Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\A7AS\Application Data\NCH Software

Folder Found : C:\Documents and Settings\A7AS\Application Data\VOPackage

Folder Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\A7AS\Start Menu\Programs\VOPackage

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\All Users\Application Data\AppReady Software

Folder Found : C:\Documents and Settings\All Users\Application Data\MMiNimumPrICe

Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software

Folder Found : C:\Documents and Settings\All Users\Application Data\save nett

Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch

Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser

Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk

Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj

Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch

Folder Found : C:\Program Files\NCH Software

Folder Found : C:\Program Files\save nett

Folder Found : C:\Program Files\SupTab

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18b20944-f54e-4509-88fa-f0ad137bf8de}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18b20944-f54e-4509-88fa-f0ad137bf8de}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\RegisteredApplicationsEx

Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7DD5E91C-3864-77EC-7635-D14910C2A03E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Key Found : HKLM\Software\SupDp

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}

-\\ Google Chrome v36.0.1985.125

[ File : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found [startup_urls] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6

Found [Homepage] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6

Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh

Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [10700 octets] - [22/07/2014 09:19:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10761 octets] ##########

Step 06 Malware Bytes log(s)

Check & install logs

mbam-check result log version: 2.1.1.1001

========================================

User Account type: Administrator

OS: Windows XP Service Pack 3 Service Pack 3 32 bit Operating System

Current Version and Build: 5.1.2600.0 OS Product Info: Professional

Malwarebytes Anti-Malware: 2.0.2.1012

Installed On: 2014/07/21

Malware Database: 2014.03.04.09

Rootkit Database: 2014.02.20.01

Remediation Database: 2013.10.16.01

IP Database: 0000.00.00.00

Domain Database: 0000.00.00.00

License: Premium

Malware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl

Chameleon: 4 (The service is running.)

Log Created: 2014/07/21 09:21:34

Compatibility Flag Settings:

=================================

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked

MBAM Startup Entries:

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Malwarebytes Anti-Malware Service and Driver Status:

=======================================================

--------------Driver File Info:--------------

C:\WINDOWS\system32\drivers\mbam.sys

File Size: 23256 BYTES FileVersion: 0.1.13.0 MD5: [8683c1b450f4b3872839308d836e0f92]

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

File Size: 110296 BYTES FileVersion: 0.1.7.0 MD5: [12e71da845d76665b56753ad149e32b3]

C:\WINDOWS\system32\drivers\mbamchameleon.sys

File Size: 53208 BYTES FileVersion: 1.0.4.0 MD5: [dc7e770cd68e91fb65b2d841741f43f6]

--------------MBAMProtector:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMService:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMScheduler:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

--------------MBAMChameleon:--------------

Type: 2

State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

--------------MBAMWebAccessControl:--------------

Type: N/A

State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl

WIN32_EXIT_CODE: N/A

SERVICE_EXIT_CODE: N/A

CHECKPOINT: N/A

WAIT_HINT: N/A

Required Dependencies:

======================

--------------fltmgr:--------------

Type: 2

State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

Type REG_DWORD 2

Start REG_DWORD 0

ErrorControl REG_DWORD 1

Tag REG_DWORD 1

ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys

DisplayName REG_SZ FltMgr

Group REG_SZ FSFilter Infrastructure

Description REG_SZ File System Filter Manager Driver

AttachWhenLoaded REG_DWORD 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security

Security REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0 REG_SZ Root\LEGACY_FLTMGR\0000

Count REG_DWORD 1

NextInstance REG_DWORD 1

C:\WINDOWS\system32\drivers\fltmgr.sys

File Size: 129792 BYTES FileVersion: 5.1.2600.5512 MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0]

C:\WINDOWS\system32\comctl32.ocx

File Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]

C:\WINDOWS\system32\mscomctl.ocx

File Size: 1077336 BYTES FileVersion: 6.1.95.45 MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d]

C:\WINDOWS\system32\olepro32.dll

File Size: 84992 BYTES FileVersion: 5.1.2600.5512 MD5: [5652f6ce1d9e9d8068b9d29bc21b5409]

MBAM Registry Settings and License Info:

========================================

--------------Settings:--------------

Advanced:

AutomaticQuarantine: true

AutostartProtection: true

LimitedMode: false

StartSilentMode: false

StartupDelay: 0

ApplicationState:

First-Run-After-Installation: false

General:

DaysUntilNotifyExpiration: 5

Language: en

RightClickAccess: false

SilentErrors: false

Logging:

ExportLog: true

Notification:

ProtectionTray:

DisplayMilliseconds: 7000

ScanHistory:

Duration_Driver: 0

Duration_Filesystem: 96000

Duration_Heuristics: 8000

Duration_Loading: 0

Duration_MasterBootRecord: 0

Duration_Memory: 40000

Duration_PreScan: 44000

Duration_Registry: 3000

Duration_Sector: 0

Duration_Startup: 7000

ItemCount_Driver: 0

ItemCount_Filesystem: 6890

ItemCount_Heuristics: 108509

ItemCount_Loading: 0

ItemCount_MasterBootRecord: 0

ItemCount_Memory: 2797

ItemCount_PreScan: 0

ItemCount_Registry: 38948

ItemCount_Sector: 0

ItemCount_Startup: 447

LastScanDateEpoch: 1405951249890

LastScanType: 1 (Threat Scan)

Update:

NotifyInstallReady: true

NotifyOutdatedDatabase: 1

ProxyPassword:

ProxyPort: 0

ProxyServer:

ProxyUsername:

UseProxy: false

UseProxyAuthentication: false

--------------Account:--------------

Account Status: Premium

Expiration Time: 2034/07/21 08:57:22

Activation Time: 2014/07/21 08:57:22

Trial Used: false

--------------Access Policies:--------------

Scheduler Queue:

================

tasks:

7f456038-b6d3-4c4b-8ff7-1184420fa35c:

parameters:

NotifyWhenUpdateCompletes: true

TaskType: 3

triggers:

03ffad18-f739-4220-83bd-c501d58074fd:

dateinterval: 0:0:0

lastscheduled: Mon, 21 Jul 2014 09:15:29.046875 -0500

lasttriggered:

nextscheduled: Mon, 21 Jul 2014 10:15:29.046875 -0500

recovery: 00:00:00

start: Mon, 21 Jul 2014 09:04:00.046875 -0500

timeinterval: 01:00:00

type: 3

uuid: 03ffad18-f739-4220-83bd-c501d58074fd

type: update

uuid: 7f456038-b6d3-4c4b-8ff7-1184420fa35c

bb012531-e7a9-4ec6-a45d-3911c0901eef:

parameters:

CheckForUpdatesBeforeScanStart: true

ScanConfig:

ExitWhenNoMalwareDetected: false

ExportLog: true

FileSystemOption: true

RebootSystemWhenMalwareDetected: false

RemoveMalwareAutomaticallyWhenScanEnds: false

ScanArchives: true

ScanExtra: true

ScanHeuristic: true

ScanMemoryObjects: true

ScanPUM: 2

ScanPUP: 2

ScanRegistry: true

ScanRootkits: false

ScanStartup: true

ScanTargets:

ScanType: 1 (Threat Scan)

Silent: true

TerminateExplorerWhenMalwareIsRemoved: false

StartTaskFromSystemAccount: false

TaskType: 0

triggers:

f370c5f3-abd2-4d83-8415-4321e358bf46:

dateinterval: 1:0:0

lastscheduled:

lasttriggered:

nextscheduled: Tue, 22 Jul 2014 03:11:51 -0500

recovery: 23:00:00

start: Tue, 22 Jul 2014 02:57:04 -0500

timeinterval: 00:00:00

type: 4

uuid: f370c5f3-abd2-4d83-8415-4321e358bf46

type: scan

uuid: bb012531-e7a9-4ec6-a45d-3911c0901eef

Pending File Rename Operations:

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

MBAMProtector Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector

MBAMService Registry Values:

============================

MBAMScheduler Registry Values:

==============================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

--------------TERMService:--------------

Type: 32

State: 4 (The service is running.) (State is stopped)

WIN32_EXIT_CODE: 0

SERVICE_EXIT_CODE: 0

CHECKPOINT: 0

WAIT_HINT: 0

TermService Start is set to: 3 (Manual Startup)

Proxy Status: No proxy is Set

LAN Settings:

=============

only 'Automatically detect settings' is selected

SystemPartition:

================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

Balloon Tips Status:

====================

Enabled

Time Format Settings:

=====================

Should be:

h:mm:ss tt

AM

PM

:

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

Language and Regional Settings:

===============================

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:

====================================================

All Users Startup Folder Exists.

Current User's startup Folder Exists.

Context Menu Entries:

=====================

List of MBAM Related Directories:

=================================

C:\Program Files\Malwarebytes Anti-Malware\

7z.dll File Size: 920888 BYTES FileVersion: 9.20.0.0 MD5: [9f522b2708cab181c0f137abbcd1de2e]

changes.txt File Size: 2261 BYTES FileVersion: N/A MD5: [af70267bdf9a37a96f1a79a5c3720ae6]

license.rtf File Size: 39478 BYTES FileVersion: N/A MD5: [8627b31943a534aad30d154c2b2c1aaf]

master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]

mbam.dll File Size: 579896 BYTES FileVersion: 1.0.7.0 MD5: [d32c2a98859cb22d57a665f15f351e7d]

mbam.exe File Size: 6970168 BYTES FileVersion: 1.0.0.532 MD5: [4fbc630768570e6ac35c3de8f6ec79f5]

mbamcore.dll File Size: 1680696 BYTES FileVersion: 1.0.11.0 MD5: [f722fa26739eafcbd8d5f3829b632cd7]

mbamdor.exe File Size: 54072 BYTES FileVersion: 1.0.1.0 MD5: [4da2f2da54a92850f56c0db712058188]

mbamext.dll File Size: 157496 BYTES FileVersion: 3.0.4.0 MD5: [1be09650974c36d9b2a890eea0c338c3]

mbampt.exe File Size: 39736 BYTES FileVersion: 1.0.0.0 MD5: [9acd7583584c93ee542c273df8e91dc1]

mbamscheduler.exe File Size: 1809720 BYTES FileVersion: 3.0.2.0 MD5: [d84aea3f3329d622dfc1297dddf6163b]

mbamservice.exe File Size: 860472 BYTES FileVersion: 3.0.2.0 MD5: [4f45ed469906494f9bf754e476390dbd]

mbamsrv.dll File Size: 4437816 BYTES FileVersion: 1.1.0.0 MD5: [9b48e38c35f08fa831b387a0b27c40aa]

msvcp100.dll File Size: 421688 BYTES FileVersion: 10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]

msvcr100.dll File Size: 774456 BYTES FileVersion: 10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]

QtCore4.dll File Size: 2732856 BYTES FileVersion: 4.8.4.0 MD5: [30490eed6a1e20e8259c0b9c58f488fe]

QtGui4.dll File Size: 8575288 BYTES FileVersion: 4.8.4.0 MD5: [15e21aa7d0c0c994cd565eeb96d13c20]

QtNetwork4.dll File Size: 909112 BYTES FileVersion: 4.8.4.0 MD5: [d7588d42e29080c32a003bee465160d8]

unins000.dat File Size: 23127 BYTES FileVersion: N/A MD5: [d16e74752c7e81d7ca9de90bc9dd96ea]

unins000.exe File Size: 718037 BYTES FileVersion: 51.52.0.0 MD5: [d2796ecf50731e696f0c065d24c0827a]

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon

C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows

chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b]

firefox.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

firefox.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

iexplore.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea]

mbam-chameleon.com File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.pif File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-chameleon.scr File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

mbam-killer.exe File Size: 1181496 BYTES FileVersion: N/A MD5: [c6927fd8f7e9105b64db5d5a08b53731]

rundll32.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

svchost.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

windows.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

winlogon.exe File Size: 750392 BYTES FileVersion: 3.0.4.0 MD5: [09882e8edd1144e6ef1af6d1f98305ee]

C:\Program Files\Malwarebytes Anti-Malware\\imageformats

qgif4.dll File Size: 32568 BYTES FileVersion: 4.8.4.0 MD5: [e59f533c26c8375cd120b4791482217e]

C:\Program Files\Malwarebytes Anti-Malware\\Languages

lang_bg.qm File Size: 144048 BYTES FileVersion: N/A MD5: [9ccb79999432d56b9843a3e2b2c90325]

lang_bs.qm File Size: 145523 BYTES FileVersion: N/A MD5: [6ab7a6274d4f9f7553c944f5c66201ba]

lang_ca.qm File Size: 132254 BYTES FileVersion: N/A MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]

lang_cs.qm File Size: 141243 BYTES FileVersion: N/A MD5: [6b8acee7f461fa69b83d2c45c3725427]

lang_da.qm File Size: 130101 BYTES FileVersion: N/A MD5: [8539796784746218b229419e99ab308d]

lang_de.qm File Size: 149462 BYTES FileVersion: N/A MD5: [fcd3bc376ad219396e8c7d3c87cd8864]

lang_el.qm File Size: 149912 BYTES FileVersion: N/A MD5: [74f13f95f63fe96c08e571598df052d6]

lang_en.qm File Size: 115961 BYTES FileVersion: N/A MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]

lang_es.qm File Size: 130487 BYTES FileVersion: N/A MD5: [33e1c6d40b841cc2e783ec8d8102e66f]

lang_et.qm File Size: 138126 BYTES FileVersion: N/A MD5: [aa215b5f37a72a69854c9163ac543b51]

lang_fi.qm File Size: 144256 BYTES FileVersion: N/A MD5: [18912c339939c3a6629004ec900f4fe4]

lang_fr.qm File Size: 149253 BYTES FileVersion: N/A MD5: [ec2bf2f431c4273f151b8c8a7b84c387]

lang_he.qm File Size: 116101 BYTES FileVersion: N/A MD5: [9e692744e77051c6ce14df32f9b71920]

lang_hr.qm File Size: 139841 BYTES FileVersion: N/A MD5: [3e3737fe86eb595c5f6817eebf731aa7]

lang_hu.qm File Size: 145621 BYTES FileVersion: N/A MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]

lang_id.qm File Size: 143102 BYTES FileVersion: N/A MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]

lang_it.qm File Size: 146851 BYTES FileVersion: N/A MD5: [7e7aea7d0b433d7e912ed9f0887684a7]

lang_ja.qm File Size: 121282 BYTES FileVersion: N/A MD5: [19ac79b7a5e05d665e417c2dd75afc94]

lang_ko.qm File Size: 118033 BYTES FileVersion: N/A MD5: [de213178c14490bf452ea45278d3442d]

lang_nl.qm File Size: 146325 BYTES FileVersion: N/A MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]

lang_no.qm File Size: 142918 BYTES FileVersion: N/A MD5: [4388c08217618af2e24173af6f5d3f97]

lang_pl.qm File Size: 145434 BYTES FileVersion: N/A MD5: [699700c889447d1f9b607c04f07fff67]

lang_pt_BR.qm File Size: 131739 BYTES FileVersion: N/A MD5: [a3430222223d59da8ec6ea1edae5ee2f]

lang_pt_PT.qm File Size: 149128 BYTES FileVersion: N/A MD5: [afdf1907af4c95f9af510d5fc1bb9067]

lang_ro.qm File Size: 121166 BYTES FileVersion: N/A MD5: [1672a2b3a9807a1497fe43824c0026c0]

lang_ru.qm File Size: 122186 BYTES FileVersion: N/A MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]

lang_sk.qm File Size: 119827 BYTES FileVersion: N/A MD5: [8b200d162e8028843e41aa1a927cfd84]

lang_sl.qm File Size: 143191 BYTES FileVersion: N/A MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]

lang_sr.qm File Size: 143261 BYTES FileVersion: N/A MD5: [377d15c0da0249f4a7a58978b6307d81]

lang_sv.qm File Size: 142525 BYTES FileVersion: N/A MD5: [2587ead21967296fefdd0ee0684fe8b4]

lang_tr.qm File Size: 142194 BYTES FileVersion: N/A MD5: [880fcbe97ec6f13ec094f7371b5b295f]

lang_vi.qm File Size: 126874 BYTES FileVersion: N/A MD5: [c61281786b5bfec68afc742a19f6abd9]

lang_zh_tr.qm File Size: 110870 BYTES FileVersion: N/A MD5: [f223d83580b1ee35edea13293cb2c80d]

C:\Program Files\Malwarebytes Anti-Malware\\Plugins

fixdamage.exe File Size: 821560 BYTES FileVersion: 1.1.0.1010 MD5: [3a4dcd021d9f3a5305a22e5e309da305]

C:\Documents and Settings\A7AS\Application Data\Malwarebytes\Malwarebytes Anti-Malware

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware

actions.ref File Size: 314 BYTES FileVersion: N/A MD5: [b26a36c0696e299fdfebe180c09c2737]

exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e]

rules.ref File Size: 7349775 BYTES FileVersion: N/A MD5: [a4c6832946d2ce099c41d812792259c0]

S-1-5-18-0-ntuser.dat S-1-5-18-0-ntuser.dat.LOG S-1-5-19-0-ntuser.dat S-1-5-19-0-ntuser.dat.LOG S-1-5-20-0-ntuser.dat S-1-5-20-0-ntuser.dat.LOG S-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.dat.LOGS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.dat.LOGswissarmy.ref File Size: 21081 BYTES FileVersion: N/A MD5: [a6d56a73c602e64853aa689bf3400769]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration

build.conf File Size: 4547 BYTES FileVersion: N/A MD5: [b8f8a1582e4cccdef21f165d399dbf77]

database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

license.conf File Size: 554 BYTES FileVersion: N/A MD5: [2c8437d61fe2a091bdd67fc766d8d160]

manifest.conf File Size: 1573 BYTES FileVersion: N/A MD5: [5783f572b2f913ca675e1454d95b56ca]

marketing.conf File Size: 1434 BYTES FileVersion: N/A MD5: [19533c40d9c9778b2ab423dbcf063d80]

net.conf File Size: 6164 BYTES FileVersion: N/A MD5: [816964edf0726d4a50f4a681c61c9bab]

notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2]

scheduler.conf File Size: 2087 BYTES FileVersion: N/A MD5: [5054500ebea9fdd6646d00ca277ea0ee]

settings.conf File Size: 1916 BYTES FileVersion: N/A MD5: [d03de6998445a97029152f725be836ea]

statistics.conf File Size: 385 BYTES FileVersion: N/A MD5: [320f58128c13ad409d55c8ff2b116004]

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine

Malware Exclusions:

===================

Web Exclusions:

================

Quarantined Items:

===================

===============================================================

END OF FILE

Acrobat.com Adobe Systems Incorporated 9/16/2009 1.7.186

Adobe AIR Adobe Systems Inc. 9/16/2009 1.5.2.8870

Adobe Flash Player 14 ActiveX Adobe Systems Incorporated 7/16/2014 14.0.0.145

Adobe Flash Player 14 Plugin Adobe Systems Incorporated 7/16/2014 14.0.0.145

Adobe Reader XI (11.0.07) Adobe Systems Incorporated 5/13/2014 139.00 MB 11.0.07

Afaria Client Sybase, Inc. 4/15/2013 6.60

Agere Systems HDA Modem LSI Corporation 6/4/2014

Apple Application Support Apple Inc. 8/10/2013 66.43 MB 2.3.4

Apple Software Update Apple Inc. 8/10/2013 2.38 MB 2.1.3.127

CCleaner Piriform 5/14/2014 4.13

Compatibility Pack for the 2007 Office system Microsoft Corporation 10/29/2012 76.12 MB 12.0.6514.5001

Crystal Reports Basic Runtime for Visual Studio 2008 Business Objects 4/15/2013 36.29 MB 10.5.1.0

Dropbox Dropbox, Inc. 5/28/2014 2.8.2

EncryptionByCredant AFLAC 1/21/2008 1.04.0002

Epson Connect

Epson Connect Printer Setup SEIKO EPSON CORPORATION 3/12/2014 8.34 MB 1.2.0

EPSON Connect version 1.0 Epson America Inc. 10/1/2013 1.0

Epson Customer Participation SEIKO EPSON CORPORATION 1/8/2013 2.49 MB 1.0.0.0

Epson E-Web Print SEIKO EPSON CORPORATION 2/10/2014 9.23 MB 1.19.0000

Epson Event Manager Seiko Epson Corporation 10/1/2013 42.47 MB 3.01.0003

Epson FAX Utility SEIKO EPSON CORPORATION 10/1/2013 1.30.00

Epson PC-FAX Driver 6/3/2014

EPSON Printer Finder SEIKO EPSON CORPORATION 10/28/2013 1.80 MB 1.0.0

EPSON Scan Seiko Epson Corporation 1/8/2013

EPSON WF-2530 Series Printer Uninstall SEIKO EPSON Corporation 6/3/2014

EpsonNet Print SEIKO EPSON CORPORATION 10/1/2013 2.5.00

Google Chrome Google Inc. 7/16/2014 36.0.1985.125

Google Drive Google, Inc. 6/16/2014 33.48 MB 1.16.6866.4367

HP FWUpdateEDO2 Hewlett-Packard 4/1/2014 1.53 MB 1.2.0.0

HP Integrated Module with Bluetooth wireless technology HP 9/22/2009 19.89 MB 5.5.0.5800

HP Officejet Pro 8600 Help Hewlett Packard 1/29/2013 22.56 MB 140.0.2.2

HP Officejet Pro 8600 Product Improvement Study Hewlett-Packard Co. 1/29/2013 5.98 MB 25.0.619.0

HP Update Hewlett-Packard 10/24/2013 3.98 MB 5.005.000.002

I.R.I.S. OCR HP 1/29/2013 68.96 MB 12.3.4.0

Intel® Graphics Media Accelerator Driver Intel Corporation 7/9/2014

InterVideo WinDVD 8 InterVideo Inc. 10/23/2009 8.5-B0.143

Java 7 Update 60 Oracle 6/25/2014 120.00 MB 7.0.600

Juniper Networks Network Connect 6.0.0 Juniper Networks 10/1/2012 6.0.0.12507

Juniper Networks Network Connect 6.3.0 Juniper Networks 10/10/2012 6.3.0.13725

Juniper Networks Network Connect 6.5.0 Juniper Networks 10/10/2012 6.5.0.16789

Juniper Networks Network Connect 7.1.15 Juniper Networks 9/4/2013 7.1.15.25271

Juniper Networks Setup Client Activex Control Juniper Networks 6/4/2014 2.1.1.1

Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 7/2/2014 7.1.15.36013

Lexmark Toolbar 5/30/2013 4.0.53.0

Lexmark Tools for Office 5/30/2013 1.24.0.0

Lexmark Z2400 Series Lexmark International, Inc. 5/30/2013

LiveUpdate 3.1 (Symantec Corporation) Symantec Corporation 10/1/2012 3.1.0.90

Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 7/17/2014 2.0.2.1012

McAfee Security Scan Plus McAfee, Inc. 6/16/2014 3.8.150.1

Microsoft .NET Framework 1.1 10/10/2012

Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10/11/2012 301.00 MB 2.2.30729

Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 10/11/2012 264.00 MB 3.2.30729

Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10/11/2012

Microsoft .NET Framework 4 Client Profile Microsoft Corporation 5/19/2013 4.0.30319

Microsoft .NET Framework 4 Extended Microsoft Corporation 5/19/2013 4.0.30319

Microsoft Access database engine 2010 (English) Microsoft Corporation 4/15/2013 110.00 MB 14.0.4763.1000

Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation 6/4/2014

Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 9/16/2009 1

Microsoft Office 2003 Primary Interop Assemblies Microsoft Corporation 5/19/2013 7.38 MB 11.0.6553.0

Microsoft Office Enterprise 2007 Microsoft Corporation 5/15/2014 12.0.4518.1014

Microsoft Report Viewer Redistributable 2005 Microsoft Corporation 9/17/2009

Microsoft Silverlight Microsoft Corporation 3/11/2014 60.39 MB 5.1.20913.0

Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 9/16/2009

Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/15/2013 5.28 MB 8.0.61001

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10/28/2013 9.65 MB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/25/2014 9.64 MB 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 4/15/2013 10.19 MB 9.0.30729.4148

Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Corporation 5/19/2013

Microsoft WinUsb 2.0 Microsoft Corporation 6/26/2014

Motorola Device Manager Motorola Mobility 3/10/2014 2.4.5

Motorola Mobile Drivers Installation 6.3.0 Motorola Mobility LLC 3/10/2014 4.42 MB 6.3.0

MSXML 4.0 SP2 (KB954430) Microsoft Corporation 1/21/2010 2.67 MB 4.20.9870.0

MSXML 4.0 SP2 (KB973688) Microsoft Corporation 1/21/2010 2.77 MB 4.20.9876.0

MSXML 4.0 SP3 Parser Microsoft Corporation 1/30/2013 2.87 MB 4.30.2100.0

Premium Quote 10/1/2012

QuickBooks Pro 2013 Intuit Inc. 1/6/2014 23.0.4001.2305

RealPlayer RealNetworks 4/14/2014 16.0.3

Reflect Customer Database NCH Software 11/17/2012

Rosetta Stone Version 3 Rosetta Stone Ltd. 5/20/2014 138.00 MB 3.3.7.0

save nett siavve, nnet 5/5/2013 4.3.0.1667

Security Update for Windows Search 4 - KB963093 Microsoft Corporation 9/16/2009

SmartApp Next Generation AFLAC 9/17/2009 2,946.00 MB 1.03.4000

SmartPremium AFLAC 9/17/2009 1.00.0000

SN.Sustainer 1.80 Certified Publisher 5/5/2013

SNG Prerequisites AFLAC 9/18/2009 87.70 MB 1.00.1000

SNGCoreUpgrade AFLAC 4/15/2013 35.11.2012

Software Updater SEIKO EPSON CORPORATION 3/12/2014 8.21 MB 4.2.6

SoundMAX Analog Devices 9/22/2009 5.10.01.7240

Symantec AntiVirus Symantec Corporation 9/17/2009 182.00 MB 10.1.5000.5

Synaptics Pointing Device Driver Synaptics 10/12/2012 10.0.13.2

Topaz 4X5 WinTab Driver v2.16 Topaz Systems, Inc. 6/4/2014 2.16

Topaz e-Signatures SigPlus 3.55 Topaz Systems, Inc. 6/4/2014 3.55

Update for Windows XP (KB943729) Microsoft Corporation 9/16/2009

Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 9/16/2009

Windows Internet Explorer 8 Microsoft Corporation 5/5/2014 20090308.140743

Windows Live ID Sign-in Assistant Microsoft Corporation 10/29/2012 4.69 MB 6.500.3165.0

Windows Media Format 11 runtime 10/12/2012

Windows Media Player 11 10/12/2012

Windows Search 4.0 Microsoft Corporation 9/16/2009 04.00.6001.503

Windows XP Service Pack 3 Microsoft Corporation 9/16/2009 20080414.031525

WinZip 10/12/2012

WorksitePro ETI Benefits 9/17/2009 50.77 MB 2.51.0344

CarpetDweller · July 22, 2014

Step 07 ESET log

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\reflect.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\refsetup_v1.13.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir Win32/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir Win64/Thinknice.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir Win32/ELEX.AR potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir Win32/Thinknice.D potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir Win64/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir Win32/Thinknice.C potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir Win64/Thinknice.C potentially unwanted application

C:\Documents and Settings\A7AS\Application Data\9468\a7165.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Application Data\9876\a7228.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\suntemp.ex_ Win32/DownloadAdmin.G potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3F.tmp.exe a variant of Win32/ELEX.AQ potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT40.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5A.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\Adobe Acrobat 7.0 Pro.exe a variant of Win32/4Shared.U potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\cbsidlm-cbsi188-Trojan_Remover_Update-SEO-10038982.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (1).exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (2).exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer.exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

Step 08 FARBAR log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014

Ran by A7AS (administrator) on AFLACA7AS on 22-07-2014 12:05:11

Running from C:\Documents and Settings\A7AS\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/