Jump to content
CarpetDweller

Runtime Error --Visual C++ Runtime Library

Recommended Posts

 I keep getting this error and I have tried a multitude of options to clear it up.  I have uninstalled & reinstalled Malware Bytes twice, cleared all the files, Ran CC Cleaner, reinstalled, reboots, the whole 9 yards.  I came across this forum & saw another thread where it was suggested to download Farbar Recovery, which I did.  I copied the logs per the instructions but it won't let me reply back to that post so here is another one.


 


I ran the one for my system, (32 bit) so now I am at a stumbling block.  Please help!


 


Incidentally, I also have errors in accessing my docs from gmail to attach to emails and something upon startup that my PC Fax (which I forgot was even on computers anymore) has issues.  Also, I sign in using Credant Shield and it's been telling me for a month now that I am an unmanaged user.


 


Below is the pic of the error.


 


Ideas?? 


 


Here are my logs... 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014

Ran by A7AS (administrator) on AFLACA7AS on 02-07-2014 08:50:09

Running from C:\Documents and Settings\A7AS\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...an-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingc...an-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe

(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe

( ) C:\WINDOWS\system32\lxdqcoms.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe

() C:\WINDOWS\system32\mswnetchk.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Agere Systems) C:\WINDOWS\AGRSMMSG.exe

(AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe

(Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

() C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

() C:\WINDOWS\system32\MsChkPrompt.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

() C:\WINDOWS\Dll32Agent.Exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe

(Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe

(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88209 2005-04-13] (Agere Systems)

HKLM\...\Run: [synTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)

HKLM\...\Run: [WSPPurge] => C:\Program Files\Aflac\Common\WSPPurge.exe [20480 2007-12-26] (AFLAC)

HKLM\...\Run: [Aflac_Do_Not_Remove] => C:\Aflac2000\WSPInfo.exe [45056 2006-09-12] (AFLAC)

HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [888832 2008-07-25] (Analog Devices, Inc.)

HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [52896 2006-07-19] (Symantec Corporation)

HKLM\...\Run: [vptray] => C:\Program Files\Symantec AntiVirus\VPTray.exe [125168 2006-09-27] (Symantec Corporation)

HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-01-16] (Analog Devices, Inc.)

HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD8SESD\DVDCheck.exe [200848 2009-03-04] (InterVideo Inc.)

HKLM\...\Run: [CMGCredUI] => C:\WINDOWS\system32\CredUI.exe [204878 2007-05-08] (Credant Technologies, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [Afaria Client File Differencing] => C:\Program Files\AClient\Bin\XCDiffCache.exe [179712 2011-06-16] (Sybase, Inc.)

HKLM\...\Run: [Afaria Client Event Monitor] => C:\Program Files\AClient\Bin\XCMonitor.exe [819712 2010-09-02] (Sybase, Inc.)

HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-15] (Intuit Inc. All rights reserved.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2014-04-14] (RealNetworks, Inc.)

HKLM\...\Run: [lxdqmon.exe] => C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe [672424 2010-02-04] ()

HKLM\...\Run: [lxdqamon] => C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe [16040 2010-02-04] ()

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [!SysInit] => c:\windows\system32\mschkprompt.exe [28672 2008-11-07] ()

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a

Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.aflac....o/SSOLogin.aspx

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253118906560

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]

FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29]

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10]

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR StartupUrls: "hxxp://www.google.com"

CHR DefaultSearchKeyword: trovi.search

CHR DefaultSearchProvider: Trovi search

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\24.0.1312.57\pdf.dll No File

CHR Plugin: (ActiveTouch General Plugin Container) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Google Update) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll No File

CHR Plugin: (Bing Bar) - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Extension: (Angry Birds) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-01]

CHR Extension: (YouTube) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-01]

CHR Extension: (Google Search) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-01]

CHR Extension: (saVE net) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk [2014-05-05]

CHR Extension: (DiscountExttensi) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gehhgpjdfdephlpmkjddgogkadbgmjom [2014-05-13]

CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-13]

CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj [2014-05-05]

CHR Extension: (HTML Saver) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiicpdkmeclmgmlmbajefnkalcfageek [2014-05-05]

CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2012-10-01]

CHR Extension: (Gmail) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-01]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed]

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation)

R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed]

R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation)

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation)

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation)

R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.)

R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( )

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed]

R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed]

R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 ReflectService; C:\Program Files\NCH Software\Reflect\reflect.exe [1039364 2012-11-17] (NCH Software) [File not signed]

S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec)

S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation)

R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation)

R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation)

R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed]

S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.)

R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)

R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed]

S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.)

R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.)

R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation)

S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed]

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)

S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)

S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)

S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed]

R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-06-26] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-02] (Malwarebytes Corporation)

S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)

R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation)

R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation)

R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed]

R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation)

R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation)

R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)

S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)

R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation)

R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation)

R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation)

S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]

S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)

R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed]

R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell)

S3 asdids; system32\DRIVERS\asdids.sys [X]

S3 asdidsmp; system32\DRIVERS\asdids.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U1 WS2IFSL; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST

2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-26 09:47 - 2014-06-26 09:51 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk

2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013

2014-06-26 09:44 - 2014-07-02 08:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-06-26 09:44 - 2014-06-26 10:45 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll

2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll

2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll

2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll

2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll

2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk

2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk

2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

2014-06-10 12:36 - 2014-06-11 12:23 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV

2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy  RENFROES OFFICE.xlsx

2014-06-04 10:35 - 2014-06-04 10:55 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log

2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series

2014-06-02 09:14 - 2014-06-11 14:59 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY

 

==================== One Month Modified Files and Folders =======

 

2014-07-02 08:51 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp

2014-07-02 08:50 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST

2014-07-02 08:42 - 2012-11-02 07:27 - 00424488 _____ () C:\WinTab.log

2014-07-02 08:40 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox

2014-07-02 08:39 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox

2014-07-02 08:39 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster

2014-07-02 08:37 - 2014-06-26 09:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-02 08:37 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job

2014-07-02 08:37 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-02 08:37 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-02 08:37 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp

2014-07-02 08:37 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb

2014-07-02 08:31 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus

2014-07-02 08:30 - 2009-09-16 11:16 - 01662659 ____N () C:\WINDOWS\WindowsUpdate.log

2014-07-02 08:29 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-02 08:29 - 2009-09-16 07:10 - 00000159 ____N () C:\WINDOWS\wiadebug.log

2014-07-02 08:29 - 2009-09-16 07:10 - 00000048 ____N () C:\WINDOWS\wiaservc.log

2014-07-01 15:01 - 2009-09-16 11:23 - 00032552 ____N () C:\WINDOWS\SchedLgU.Txt

2014-07-01 15:01 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini

2014-07-01 15:01 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS

2014-07-01 14:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-01 14:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-07-01 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job

2014-07-01 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job

2014-07-01 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job

2014-07-01 10:50 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats

2014-07-01 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job

2014-07-01 08:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google

2014-07-01 08:37 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-06-30 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-06-30 09:24 - 2014-06-30 09:24 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-06-30 09:24 - 2014-06-30 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-06-30 09:23 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google

2014-06-29 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job

2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$

2014-06-26 16:30 - 2014-05-05 11:17 - 00000000 ____D () C:\Program Files\save nett

2014-06-26 10:45 - 2014-06-26 09:44 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$

2014-06-26 09:51 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-06-26 09:47 - 2014-06-26 09:47 - 00000766 _____ () C:\Documents and Settings\All Users\Desktop\Advanced Fix 2013.lnk

2014-06-26 09:47 - 2014-06-26 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Fix 2013

2014-06-26 09:44 - 2014-06-26 09:44 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-26 09:44 - 2014-06-26 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss

2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini

2014-06-26 09:36 - 2006-02-28 06:00 - 00000921 _____ () C:\WINDOWS\win.ini

2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-26 08:43 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

2014-06-23 08:04 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-06-19 13:16 - 2014-06-19 13:16 - 00000842 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC injury claim form.pdf.lnk

2014-06-19 13:16 - 2014-06-19 13:16 - 00000837 _____ () C:\Documents and Settings\A7AS\Desktop\Shortcut to ACC Wellness Benefit.pdf.lnk

2014-06-16 13:14 - 2014-06-16 13:14 - 00005605 _____ () C:\Documents and Settings\A7AS\My Documents\BB823B8755.csv

2014-06-16 08:01 - 2013-11-07 08:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-06-16 07:36 - 2014-06-16 07:36 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus

2014-06-16 07:36 - 2013-02-02 15:54 - 00001781 _____ () C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk

2014-06-16 07:36 - 2012-11-02 09:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan

2014-06-12 09:36 - 2014-03-27 12:58 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\AFLAC logos

2014-06-11 14:59 - 2014-06-02 09:14 - 00258310 ____S () C:\WINDOWS\8JVFLKZC.RTY

2014-06-11 12:23 - 2014-06-10 12:36 - 00096767 _____ () C:\WINDOWS\8JVFLKZC.INV

2014-06-11 12:23 - 2008-01-21 12:57 - 00000000 ____S () C:\WINDOWS\8JVFLKZC.DDP

2014-06-10 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-06-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job

2014-06-05 13:57 - 2009-09-16 07:07 - 00634624 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-06-05 11:45 - 2014-06-05 11:45 - 00012023 _____ () C:\Documents and Settings\A7AS\My Documents\SEAHP Svcin Copy  RENFROES OFFICE.xlsx

2014-06-04 10:55 - 2014-06-04 10:35 - 00000248 _____ () C:\Documents and Settings\All Users\lxdqDiagnostics.log

2014-06-04 10:35 - 2014-06-04 10:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Lexmark Z2400 Series

2014-06-02 09:10 - 2009-09-17 12:04 - 00000000 ____D () C:\Program Files\WorksitePro

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

 

 

Some content of TEMP:

====================

C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

Runtime Error pic.bmp

Share this post


Link to post
Share on other sites
 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-07-2014
Ran by A7AS at 2014-07-02 08:51:36
Running from C:\Documents and Settings\A7AS\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Symantec AntiVirus Corporate Edition (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advanced Fix 2013 version 2.1.3.80 (HKLM\...\{0094D07C-1FFB-4450-8D10-AD7E05A318DF}_is1) (Version: 2.1.3.80 - Advanced Fix, Inc.)
Afaria Client (HKLM\...\Afaria Client) (Version: 6.60 - Sybase, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EncryptionByCredant (HKLM\...\InstallShield_{EE267D8A-CC91-4DB4-A389-89776359046D}) (Version: 1.04.0002 - AFLAC)
EncryptionByCredant (Version: 1.04.0002 - AFLAC) Hidden
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.5800 - HP)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5-B0.143 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.5-B0.143 - InterVideo Inc.) Hidden
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Juniper Networks Network Connect 6.0.0 (HKLM\...\Juniper Network Connect 6.0.0) (Version: 6.0.0.12507 - Juniper Networks)
Juniper Networks Network Connect 6.3.0 (HKLM\...\Juniper Network Connect 6.3.0) (Version: 6.3.0.13725 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (HKLM\...\Juniper Network Connect 6.5.0) (Version: 6.5.0.16789 - Juniper Networks)
Juniper Networks Network Connect 7.1.15 (HKLM\...\Juniper Network Connect 7.1.15) (Version: 7.1.15.25271 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.15.36013 - Juniper Networks, Inc.)
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
Lexmark Z2400 Series (HKLM\...\Lexmark Z2400 Series) (Version:  - Lexmark International, Inc.)
LiveUpdate 3.1 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.1.0.90 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.50727.42 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Midland LifeSolutions (Version: 18.4 - Midland National) Hidden
Midland LifeSolutions (Version: 18.5 - Midland National) Hidden
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Premium Quote (HKLM\...\Premium Quote) (Version:  - )
QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reflect Customer Database (HKLM\...\Reflect) (Version:  - NCH Software)
Rosetta Stone Version 3 (HKLM\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.7.0 - Rosetta Stone Ltd.)
save nett (HKLM\...\{7DD5E91C-3864-77EC-7635-D14910C2A03E}) (Version: 4.3.0.1667 - siavve, nnet) <==== ATTENTION
SmartApp Next Generation (HKLM\...\{CB462BC7-4D16-44E9-AA8F-F8BB3A39DF60}) (Version: 1.03.4000 - AFLAC)
SmartPremium (HKLM\...\InstallShield_{391651FA-D9B3-476E-AE37-6E0A22A27735}) (Version: 1.00.0000 - AFLAC)
SmartPremium (Version: 1.00.0000 - AFLAC) Hidden
SN.Sustainer 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}) (Version:  - Certified Publisher) <==== ATTENTION
SNG Prerequisites (HKLM\...\{F5AD8A16-56B5-4D92-AD8A-6DD7058D081B}) (Version: 1.00.1000 - AFLAC)
SNGCoreUpgrade (HKLM\...\InstallShield_{9D02381C-397E-4FDE-B127-BE6B78202CB4}) (Version: 35.11.2012 - AFLAC)
SNGCoreUpgrade (Version: 35.11.2012 - AFLAC) Hidden
Software Updater (HKLM\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7240 - Analog Devices)
Symantec AntiVirus (HKLM\...\{33CFCF98-F8D6-4549-B469-6F4295676D83}) (Version: 10.1.5000.5 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Topaz 4X5  WinTab Driver v2.16 (HKLM\...\Topaz 4X5  WinTab Driver v2.16) (Version: 2.16 - Topaz Systems, Inc.)
Topaz e-Signatures SigPlus 3.55 (HKLM\...\Topaz e-Signatures SigPlus 3.55) (Version: 3.55 - Topaz Systems, Inc.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows PowerShell 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version:  - )
WorksitePro (HKLM\...\{2C6F48C2-0A1D-478B-8AED-B5DB2ABD14FB}) (Version: 2.51.0344 - ETI Benefits)
 
==================== Restore Points  =========================
 
01-04-2014 20:44:34 System Checkpoint
03-04-2014 17:54:58 System Checkpoint
15-04-2014 14:08:02 Installed Windows XP Wdf01009.
16-04-2014 17:28:53 System Checkpoint
17-04-2014 20:29:32 System Checkpoint
18-04-2014 21:38:06 System Checkpoint
19-04-2014 23:08:05 System Checkpoint
21-04-2014 00:38:05 System Checkpoint
22-04-2014 02:03:28 System Checkpoint
23-04-2014 02:07:23 System Checkpoint
24-04-2014 03:14:04 System Checkpoint
28-04-2014 20:28:18 System Checkpoint
29-04-2014 20:29:29 System Checkpoint
30-04-2014 21:38:38 System Checkpoint
01-05-2014 23:08:56 System Checkpoint
03-05-2014 00:38:38 System Checkpoint
04-05-2014 02:08:37 System Checkpoint
05-05-2014 03:38:38 System Checkpoint
05-05-2014 16:34:52 Removed Ask Toolbar.
05-05-2014 17:21:13 Software Distribution Service 3.0
05-05-2014 19:35:50 Installed Windows Internet Explorer 8.
05-05-2014 19:39:00 Software Distribution Service 3.0
06-05-2014 16:18:55 Installed Java 7 Update 55
07-05-2014 20:30:16 System Checkpoint
08-05-2014 21:29:35 System Checkpoint
09-05-2014 22:59:47 System Checkpoint
11-05-2014 00:29:35 System Checkpoint
12-05-2014 01:59:34 System Checkpoint
13-05-2014 03:29:34 System Checkpoint
14-05-2014 04:36:39 System Checkpoint
14-05-2014 16:51:05 Removed Maxload Pro Demo
14-05-2014 16:55:34 Removed HP Officejet Pro 8600 Basic Device Software
15-05-2014 14:04:29 Installed Microsoft Office Enterprise 2007
15-05-2014 14:51:27 Printer Driver Send To Microsoft OneNote Driver Installed
15-05-2014 15:59:52 Configured Microsoft Office Enterprise 2007
16-05-2014 17:06:08 System Checkpoint
17-05-2014 18:36:00 System Checkpoint
18-05-2014 20:06:00 System Checkpoint
19-05-2014 20:16:35 System Checkpoint
20-05-2014 23:06:44 Installed Rosetta Stone Version 3
21-05-2014 23:07:32 System Checkpoint
23-05-2014 00:37:41 System Checkpoint
24-05-2014 02:07:32 System Checkpoint
25-05-2014 03:37:32 System Checkpoint
26-05-2014 05:07:32 System Checkpoint
27-05-2014 06:37:32 System Checkpoint
28-05-2014 08:07:46 System Checkpoint
29-05-2014 09:37:40 System Checkpoint
02-06-2014 20:33:45 System Checkpoint
03-06-2014 21:43:44 System Checkpoint
04-06-2014 23:13:48 System Checkpoint
06-06-2014 00:43:55 System Checkpoint
07-06-2014 02:13:43 System Checkpoint
08-06-2014 03:43:43 System Checkpoint
09-06-2014 05:13:43 System Checkpoint
10-06-2014 06:43:44 System Checkpoint
11-06-2014 08:13:49 System Checkpoint
12-06-2014 09:38:49 System Checkpoint
16-06-2014 15:39:18 System Checkpoint
17-06-2014 20:30:24 System Checkpoint
23-06-2014 13:45:30 System Checkpoint
25-06-2014 13:55:17 avast! antivirus system restore point
26-06-2014 13:46:03 Installed Windows XP winusb0200.
26-06-2014 14:14:20 avast! antivirus system restore point
27-06-2014 14:26:30 System Checkpoint
28-06-2014 15:56:28 System Checkpoint
29-06-2014 17:26:28 System Checkpoint
30-06-2014 17:36:05 System Checkpoint
 
==================== Hosts content: ==========================
 
2006-02-28 06:00 - 2014-03-11 16:52 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerResumeInstall_A7AS.job => C:\Documents and Settings\A7AS\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\SN.Booster-S-469265631.job => c:\documents and settings\all users\application data\appready software\sn.booster\SN.Booster.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2008-01-21 12:55 - 2007-05-08 11:57 - 00159822 _____ () C:\WINDOWS\system32\CredNP.dll
2013-05-30 14:28 - 2009-08-13 07:02 - 00147968 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxdqdrpp.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2010-01-21 12:37 - 2008-11-07 14:38 - 00122880 _____ () C:\WINDOWS\system32\MsWnetChk.exe
2010-01-21 12:37 - 2006-02-22 19:22 - 00110592 _____ () C:\WINDOWS\system32\WPSScanner.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-30 14:27 - 2010-02-04 04:17 - 00672424 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe
2013-05-30 14:27 - 2010-02-04 04:17 - 00025256 _____ () C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe
2013-05-30 14:27 - 2010-02-03 05:21 - 00028672 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Common.dll
2013-05-30 14:27 - 2010-02-03 05:21 - 00036864 _____ () C:\Program Files\Lexmark Z2400 Series\App4R.Monitor.Core.dll
2013-05-30 14:27 - 2010-02-03 05:20 - 00065536 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.dll
2013-05-30 14:27 - 2009-06-26 08:17 - 00012288 _____ () C:\Program Files\Lexmark Z2400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2010-01-21 12:37 - 2008-11-07 14:38 - 00028672 _____ () C:\windows\system32\mschkprompt.exe
2010-01-21 12:37 - 2008-11-07 14:38 - 00032768 _____ () C:\windows\system32\MsSupCa.dll
2014-07-02 08:38 - 2014-07-02 08:38 - 00098816 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32api.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00110080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pywintypes27.dll
2014-07-02 08:38 - 2014-07-02 08:38 - 00364544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pythoncom27.dll
2014-07-02 08:38 - 2014-07-02 08:38 - 00045568 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_socket.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 01160704 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ssl.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00320512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32com.shell.shell.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00713216 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_hashlib.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 01175040 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._core_.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00805888 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._gdi_.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00811008 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._windows_.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 01062400 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._controls_.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00735232 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._misc_.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00128512 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_elementtree.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00127488 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pyexpat.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00557056 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\pysqlite2._sqlite.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00007168 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\hashobjs_ext.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00087552 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_ctypes.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00119808 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32file.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00108544 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32security.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00018432 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32event.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00038912 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32inet.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00070656 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._html2.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00167936 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32gui.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00011264 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32crypt.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00027136 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\_multiprocessing.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00122368 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._wizard.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00010240 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\select.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00024064 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pipe.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00686080 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\unicodedata.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00025600 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32pdh.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00525640 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\windows._lib_cacheinvalidation.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00035840 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32process.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00017408 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32profile.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00022528 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\win32ts.pyd
2014-07-02 08:38 - 2014-07-02 08:38 - 00078336 _____ () C:\Documents and Settings\A7AS\Local Settings\Temp\_MEI26122\wx._animate.pyd
2008-12-11 13:22 - 2008-12-11 13:22 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll
2008-12-11 13:20 - 2008-12-11 13:20 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2008-01-21 12:42 - 2010-01-21 12:37 - 00290816 ____N () C:\WINDOWS\Dll32Agent.Exe
2010-01-21 12:37 - 2010-01-21 12:37 - 00200704 __RSH () C:\WINDOWS\MSCAE32.dll
2010-01-21 12:37 - 2010-01-21 12:37 - 00172032 __RSH () C:\WINDOWS\system32\MSCHKSYS.DLL
2014-07-02 08:39 - 2014-07-02 08:39 - 00043008 _____ () c:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqjhqyh.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\libcef.dll
2013-11-15 18:45 - 2013-11-15 18:45 - 00269128 _____ () C:\PROGRAM FILES\INTUIT\QUICKBOOKS 2013\boost_regex-vc90-mt-p-1_33.dll
2006-02-28 06:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 06:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-06-30 09:24 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-30 09:24 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-30 09:24 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-30 09:24 - 2014-06-05 08:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupreg: EPLTarget => 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/02/2014 08:41:38 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "x; 2013":
DB error -739 ErrorMessage:'DBLib not initialized: error -739'
 
Error: (07/01/2014 08:44:23 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "x; 2013":
DB error -739 ErrorMessage:'DBLib not initialized: error -739'
 
Error: (07/01/2014 08:40:04 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (06/26/2014 08:45:38 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/25/2014 02:29:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/25/2014 01:22:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/25/2014 11:17:35 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/25/2014 10:28:07 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: AFLACA7AS)
Description: Risk: C:\WINDOWS\system32\taskmgr.exe in File: C:\Program Files\Symantec AntiVirus\Rtvscan.exe by: Tamper Protection scan.  Action: Blocked.  Action Description:
 
Error: (06/25/2014 09:58:02 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\RECENT\DESKTOP.INI> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/11/2014 01:03:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\A7AS\MY DOCUMENTS\MY PICTURES\$$$$$$$$.$$$> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (07/02/2014 08:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (07/02/2014 08:29:03 AM) (Source: SCardSvr) (EventID: 602) (User: )
Description: WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
 
Error: (07/01/2014 08:38:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (07/01/2014 08:37:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (07/01/2014 08:37:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (07/01/2014 08:36:11 AM) (Source: SCardSvr) (EventID: 602) (User: )
Description: WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
 
Error: (06/26/2014 04:53:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atapi
IntelIde
PCIIde
Pcmcia
 
Error: (06/26/2014 04:53:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (06/26/2014 04:52:12 PM) (Source: SCardSvr) (EventID: 602) (User: )
Description: WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
 
Error: (06/26/2014 00:38:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/15/2014 11:06:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6514.5001. This session lasted 434 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 87%
Total physical RAM: 1976.19 MB
Available physical RAM: 249.83 MB
Total Pagefile: 3868.28 MB
Available Pagefile: 2444.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.01 MB
 
==================== Drives ================================
 
Drive c: (OSdisk) (Fixed) (Total:134.04 GB) (Free:95.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2BD2C32A)
Partition 1: (Not Active) - (Size=15 GB) - (Type=17)
Partition 2: (Active) - (Size=134 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Share this post


Link to post
Share on other sites

OK guys, I have done per the instructions, uninstalled, cleaned, re installed, attempted to run using the Chameleon but I can't get the thing to update at all..  Even after I downloaded the most current version of MalwareBytes, I can't get it to update.  Period.  As soon as I start to scan, I get an error saying 'Runtime Error' Abnormal program termination, then it shuts down.  The issue as a whole is that I cannot get mbam to run a scan without this Runtime error in Microsoft Visual C++ Runtime library popping up, which makes the program shut down.  I posted up above the log I DID get to run once by using the Chameleon utility, however it was a fleeting thing, because I can't get it to run again since.

 

This is what happens

Share this post


Link to post
Share on other sites

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Share this post


Link to post
Share on other sites

STEP 04  JUNKWARE REMOVAL

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by A7AS on Tue 07/22/2014 at  8:25:12.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\A7AS\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/22/2014 at  8:31:16.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
STEP 05 ADW log(s)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2014
Scan Time: 9:53:53 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: A7AS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294987
Time Elapsed: 14 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2014
Scan Time: 9:53:53 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: A7AS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294987
Time Elapsed: 14 min, 59 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
# AdwCleaner v3.216 - Report created 22/07/2014 at 09:19:33
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : A7AS - AFLACA7AS
# Running from : C:\Documents and Settings\A7AS\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Folder Found : C:\DOCUME~1\A7AS\LOCALS~1\Temp\Norpalla
Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\1000\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\A7AS\Application Data\NCH Software
Folder Found : C:\Documents and Settings\A7AS\Application Data\VOPackage
Folder Found : C:\Documents and Settings\A7AS\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\A7AS\Start Menu\Programs\VOPackage
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\All Users\Application Data\AppReady Software
Folder Found : C:\Documents and Settings\All Users\Application Data\MMiNimumPrICe
Folder Found : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found : C:\Documents and Settings\All Users\Application Data\save nett
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\ASPNET\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\FFAdmin\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\Guest\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\torch
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Chromatic Browser
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djiifepnjfbngpaealckfiecfjflcejk
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niegbpppafijmgfnldekbljmfnlhmjdj
Folder Found : C:\Documents and Settings\SUPPORT_388945a0\Local Settings\Application Data\torch
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\save nett
Folder Found : C:\Program Files\SupTab
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18b20944-f54e-4509-88fa-f0ad137bf8de}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18b20944-f54e-4509-88fa-f0ad137bf8de}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\Software\SupDp
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.v9.com/web/?type=ds&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6&q={searchTerms}
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [startup_urls] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6
Found [Homepage] : hxxp://www.v9.com/?type=hp&ts=1405616173&from=epom&uid=WDCXWD1600BEVT-60ZCT1_WD-WX40AA91630016300&i=psd&t=345d001c6
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
 
*************************
 
AdwCleaner[R0].txt - [10700 octets] - [22/07/2014 09:19:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10761 octets] ##########
 
 
Step 06 Malware Bytes log(s)
 
Check & install logs
 
mbam-check result log version:     2.1.1.1001
========================================
 
User Account type:                 Administrator
OS:                                Windows XP Service Pack 3 Service Pack 3 32 bit Operating System
Current Version and Build:         5.1.2600.0 OS Product Info: Professional
 
 
Malwarebytes Anti-Malware:         2.0.2.1012
Installed On:                      2014/07/21
Malware Database:                  2014.03.04.09
Rootkit Database:                  2014.02.20.01
Remediation Database:              2013.10.16.01
IP Database:                       0000.00.00.00
Domain Database:                   0000.00.00.00
License:                           Premium
Malware Protection:                0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
Malicious Website Protection:      0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl
Chameleon:                         4 (The service is running.)
Log Created:                       2014/07/21 09:21:34
Compatibility Flag Settings:
=================================
 
 
 
 
 
Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
 
MBAM Startup Entries: 
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 
Malwarebytes Anti-Malware Service and Driver Status:
=======================================================
 
--------------Driver File Info:--------------
C:\WINDOWS\system32\drivers\mbam.sys
File Size:     23256 BYTES FileVersion: 0.1.13.0 MD5: [8683c1b450f4b3872839308d836e0f92]
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
File Size:    110296 BYTES FileVersion: 0.1.7.0 MD5: [12e71da845d76665b56753ad149e32b3]
C:\WINDOWS\system32\drivers\mbamchameleon.sys
File Size:     53208 BYTES FileVersion: 1.0.4.0 MD5: [dc7e770cd68e91fb65b2d841741f43f6]
 
--------------MBAMProtector:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMService:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMScheduler:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
--------------MBAMChameleon:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
--------------MBAMWebAccessControl:--------------
Type:                   N/A
State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl
WIN32_EXIT_CODE:        N/A
SERVICE_EXIT_CODE:      N/A
CHECKPOINT:             N/A
WAIT_HINT:              N/A
 
 
Required Dependencies:
======================
 
--------------fltmgr:--------------
Type:                   2
State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
Type                          REG_DWORD 2
Start                         REG_DWORD 0
ErrorControl                  REG_DWORD 1
Tag                           REG_DWORD 1
ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
DisplayName                   REG_SZ FltMgr
Group                         REG_SZ FSFilter Infrastructure
Description                   REG_SZ File System Filter Manager Driver
AttachWhenLoaded              REG_DWORD 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Security
Security                      REG_BINARY Binary Data
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0                             REG_SZ Root\LEGACY_FLTMGR\0000
Count                         REG_DWORD 1
NextInstance                  REG_DWORD 1
 
 
C:\WINDOWS\system32\drivers\fltmgr.sys
File Size: 129792    BYTES FileVersion: 5.1.2600.5512 MD5: [b2cf4b0786f8212cb92ed2b50c6db6b0]
C:\WINDOWS\system32\comctl32.ocx
File Size: 608448    BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51]
C:\WINDOWS\system32\mscomctl.ocx
File Size: 1077336   BYTES FileVersion: 6.1.95.45 MD5: [f7bbb7d79adb9e3adc13f3b3c33d3d4d]
C:\WINDOWS\system32\olepro32.dll
File Size: 84992     BYTES FileVersion: 5.1.2600.5512 MD5: [5652f6ce1d9e9d8068b9d29bc21b5409]
 
 
MBAM Registry Settings and License Info:
========================================
--------------Settings:--------------
Advanced: 
    AutomaticQuarantine:                                       true 
    AutostartProtection:                                       true 
    LimitedMode:                                               false 
    StartSilentMode:                                           false 
    StartupDelay:                                              0 
ApplicationState: 
    First-Run-After-Installation:                              false 
General: 
    DaysUntilNotifyExpiration:                                 5 
    Language:                                                  en 
    RightClickAccess:                                          false 
    SilentErrors:                                              false 
Logging: 
    ExportLog:                                                 true 
Notification: 
ProtectionTray: 
    DisplayMilliseconds:                                       7000 
ScanHistory: 
    Duration_Driver:                                           0 
    Duration_Filesystem:                                       96000 
    Duration_Heuristics:                                       8000 
    Duration_Loading:                                          0 
    Duration_MasterBootRecord:                                 0 
    Duration_Memory:                                           40000 
    Duration_PreScan:                                          44000 
    Duration_Registry:                                         3000 
    Duration_Sector:                                           0 
    Duration_Startup:                                          7000 
    ItemCount_Driver:                                          0 
    ItemCount_Filesystem:                                      6890 
    ItemCount_Heuristics:                                      108509 
    ItemCount_Loading:                                         0 
    ItemCount_MasterBootRecord:                                0 
    ItemCount_Memory:                                          2797 
    ItemCount_PreScan:                                         0 
    ItemCount_Registry:                                        38948 
    ItemCount_Sector:                                          0 
    ItemCount_Startup:                                         447 
    LastScanDateEpoch:                                         1405951249890 
    LastScanType:                                              1 (Threat Scan)
Update: 
    NotifyInstallReady:                                        true 
    NotifyOutdatedDatabase:                                    1 
    ProxyPassword:                                              
    ProxyPort:                                                 0 
    ProxyServer:                                                
    ProxyUsername:                                              
    UseProxy:                                                  false 
    UseProxyAuthentication:                                    false 
--------------Account:--------------
  Account Status:                                              Premium 
  Expiration Time:                                             2034/07/21 08:57:22 
  Activation Time:                                             2014/07/21 08:57:22 
  Trial Used:                                                  false 
--------------Access Policies:--------------
 
Scheduler Queue:
================
 
tasks: 
    7f456038-b6d3-4c4b-8ff7-1184420fa35c:                       
      parameters:                                               
        NotifyWhenUpdateCompletes:                             true 
        TaskType:                                              3 
      triggers:                                                 
        03ffad18-f739-4220-83bd-c501d58074fd:                   
          dateinterval:                                        0:0:0 
          lastscheduled:                                       Mon, 21 Jul 2014 09:15:29.046875 -0500 
          lasttriggered:                                        
          nextscheduled:                                       Mon, 21 Jul 2014 10:15:29.046875 -0500 
          recovery:                                            00:00:00 
          start:                                               Mon, 21 Jul 2014 09:04:00.046875 -0500 
          timeinterval:                                        01:00:00 
          type:                                                3 
          uuid:                                                03ffad18-f739-4220-83bd-c501d58074fd 
      type:                                                    update 
      uuid:                                                    7f456038-b6d3-4c4b-8ff7-1184420fa35c 
    bb012531-e7a9-4ec6-a45d-3911c0901eef:                       
      parameters:                                               
        CheckForUpdatesBeforeScanStart:                        true 
        ScanConfig:                                             
          ExitWhenNoMalwareDetected:                           false 
          ExportLog:                                           true 
          FileSystemOption:                                    true 
          RebootSystemWhenMalwareDetected:                     false 
          RemoveMalwareAutomaticallyWhenScanEnds:              false 
          ScanArchives:                                        true 
          ScanExtra:                                           true 
          ScanHeuristic:                                       true 
          ScanMemoryObjects:                                   true 
          ScanPUM:                                             2 
          ScanPUP:                                             2 
          ScanRegistry:                                        true 
          ScanRootkits:                                        false 
          ScanStartup:                                         true 
          ScanTargets:                                          
          ScanType:                                            1 (Threat Scan)
          Silent:                                              true 
          TerminateExplorerWhenMalwareIsRemoved:               false 
        StartTaskFromSystemAccount:                            false 
        TaskType:                                              0 
      triggers:                                                 
        f370c5f3-abd2-4d83-8415-4321e358bf46:                   
          dateinterval:                                        1:0:0 
          lastscheduled:                                        
          lasttriggered:                                        
          nextscheduled:                                       Tue, 22 Jul 2014 03:11:51 -0500 
          recovery:                                            23:00:00 
          start:                                               Tue, 22 Jul 2014 02:57:04 -0500 
          timeinterval:                                        00:00:00 
          type:                                                4 
          uuid:                                                f370c5f3-abd2-4d83-8415-4321e358bf46 
      type:                                                    scan 
      uuid:                                                    bb012531-e7a9-4ec6-a45d-3911c0901eef 
 
Pending File Rename Operations: 
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.
 
MBAMProtector Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector
 
MBAMService Registry Values:
============================
 
 
 
MBAMScheduler Registry Values:
==============================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMScheduler
 
Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================
 
--------------TERMService:--------------
Type:                   32
State:                  4 (The service is running.) (State is stopped)
WIN32_EXIT_CODE:        0
SERVICE_EXIT_CODE:      0
CHECKPOINT:             0
WAIT_HINT:              0
 
 
TermService Start is set to: 3 (Manual Startup)
 
Proxy Status: No proxy is Set
 
LAN Settings:
=============
 
only 'Automatically detect settings' is selected
 
SystemPartition:
================
 
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume2
 
Balloon Tips Status:
====================
 
Enabled
 
Time Format Settings:
=====================
 
Should be:
h:mm:ss tt
AM 
PM 
:
 
Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :
 
Language and Regional Settings:
===============================
 
ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)
 
Startup Folders for Error_Expanding_Variables Check:
====================================================
 
All Users Startup Folder Exists.
Current User's startup Folder Exists.
 
 
Context Menu Entries:
=====================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
List of MBAM Related Directories:
=================================
 
C:\Program Files\Malwarebytes Anti-Malware\
7z.dll                                   File Size: 920888    BYTES FileVersion:  9.20.0.0       MD5: [9f522b2708cab181c0f137abbcd1de2e]
changes.txt                             File Size: 2261      BYTES FileVersion:  N/A            MD5: [af70267bdf9a37a96f1a79a5c3720ae6]
license.rtf                             File Size: 39478     BYTES FileVersion:  N/A            MD5: [8627b31943a534aad30d154c2b2c1aaf]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam.dll                                 File Size: 579896    BYTES FileVersion:  1.0.7.0        MD5: [d32c2a98859cb22d57a665f15f351e7d]
mbam.exe                                 File Size: 6970168   BYTES FileVersion:  1.0.0.532      MD5: [4fbc630768570e6ac35c3de8f6ec79f5]
mbamcore.dll                             File Size: 1680696   BYTES FileVersion:  1.0.11.0       MD5: [f722fa26739eafcbd8d5f3829b632cd7]
mbamdor.exe                             File Size: 54072     BYTES FileVersion:  1.0.1.0        MD5: [4da2f2da54a92850f56c0db712058188]
mbamext.dll                             File Size: 157496    BYTES FileVersion:  3.0.4.0        MD5: [1be09650974c36d9b2a890eea0c338c3]
mbampt.exe                               File Size: 39736     BYTES FileVersion:  1.0.0.0        MD5: [9acd7583584c93ee542c273df8e91dc1]
mbamscheduler.exe                       File Size: 1809720   BYTES FileVersion:  3.0.2.0        MD5: [d84aea3f3329d622dfc1297dddf6163b]
mbamservice.exe                         File Size: 860472    BYTES FileVersion:  3.0.2.0        MD5: [4f45ed469906494f9bf754e476390dbd]
mbamsrv.dll                             File Size: 4437816   BYTES FileVersion:  1.1.0.0        MD5: [9b48e38c35f08fa831b387a0b27c40aa]
msvcp100.dll                             File Size: 421688    BYTES FileVersion:  10.0.40219.325 MD5: [e4b829081e639e42985853bae754a53d]
msvcr100.dll                             File Size: 774456    BYTES FileVersion:  10.0.40219.325 MD5: [80fcedbe920e9cbe30d9d3665bd6efed]
QtCore4.dll                             File Size: 2732856   BYTES FileVersion:  4.8.4.0        MD5: [30490eed6a1e20e8259c0b9c58f488fe]
QtGui4.dll                               File Size: 8575288   BYTES FileVersion:  4.8.4.0        MD5: [15e21aa7d0c0c994cd565eeb96d13c20]
QtNetwork4.dll                           File Size: 909112    BYTES FileVersion:  4.8.4.0        MD5: [d7588d42e29080c32a003bee465160d8]
unins000.dat                             File Size: 23127     BYTES FileVersion:  N/A            MD5: [d16e74752c7e81d7ca9de90bc9dd96ea]
unins000.exe                             File Size: 718037    BYTES FileVersion:  51.52.0.0      MD5: [d2796ecf50731e696f0c065d24c0827a]
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon
 
C:\Program Files\Malwarebytes Anti-Malware\\Chameleon\Windows
chameleon.chm                           File Size: 235882    BYTES FileVersion:  N/A            MD5: [c4190b71f037714aa77aba294434ba5b]
firefox.com                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.pif                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
firefox.scr                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
iexplore.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
master.conf                             File Size: 1258      BYTES FileVersion:  N/A            MD5: [9702ca5e82d3756c6d8af34a2ababaea]
mbam-chameleon.com                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.exe                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.pif                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-chameleon.scr                       File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
mbam-killer.exe                         File Size: 1181496   BYTES FileVersion:  N/A            MD5: [c6927fd8f7e9105b64db5d5a08b53731]
rundll32.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
svchost.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
windows.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
winlogon.exe                             File Size: 750392    BYTES FileVersion:  3.0.4.0        MD5: [09882e8edd1144e6ef1af6d1f98305ee]
 
C:\Program Files\Malwarebytes Anti-Malware\\imageformats
qgif4.dll                               File Size: 32568     BYTES FileVersion:  4.8.4.0        MD5: [e59f533c26c8375cd120b4791482217e]
 
C:\Program Files\Malwarebytes Anti-Malware\\Languages
lang_bg.qm                               File Size: 144048    BYTES FileVersion:  N/A            MD5: [9ccb79999432d56b9843a3e2b2c90325]
lang_bs.qm                               File Size: 145523    BYTES FileVersion:  N/A            MD5: [6ab7a6274d4f9f7553c944f5c66201ba]
lang_ca.qm                               File Size: 132254    BYTES FileVersion:  N/A            MD5: [68a83ec63b6e7bc5dbdd412bcc49c6ce]
lang_cs.qm                               File Size: 141243    BYTES FileVersion:  N/A            MD5: [6b8acee7f461fa69b83d2c45c3725427]
lang_da.qm                               File Size: 130101    BYTES FileVersion:  N/A            MD5: [8539796784746218b229419e99ab308d]
lang_de.qm                               File Size: 149462    BYTES FileVersion:  N/A            MD5: [fcd3bc376ad219396e8c7d3c87cd8864]
lang_el.qm                               File Size: 149912    BYTES FileVersion:  N/A            MD5: [74f13f95f63fe96c08e571598df052d6]
lang_en.qm                               File Size: 115961    BYTES FileVersion:  N/A            MD5: [8c9da1c0ce06b89f8d323bf948bfba4e]
lang_es.qm                               File Size: 130487    BYTES FileVersion:  N/A            MD5: [33e1c6d40b841cc2e783ec8d8102e66f]
lang_et.qm                               File Size: 138126    BYTES FileVersion:  N/A            MD5: [aa215b5f37a72a69854c9163ac543b51]
lang_fi.qm                               File Size: 144256    BYTES FileVersion:  N/A            MD5: [18912c339939c3a6629004ec900f4fe4]
lang_fr.qm                               File Size: 149253    BYTES FileVersion:  N/A            MD5: [ec2bf2f431c4273f151b8c8a7b84c387]
lang_he.qm                               File Size: 116101    BYTES FileVersion:  N/A            MD5: [9e692744e77051c6ce14df32f9b71920]
lang_hr.qm                               File Size: 139841    BYTES FileVersion:  N/A            MD5: [3e3737fe86eb595c5f6817eebf731aa7]
lang_hu.qm                               File Size: 145621    BYTES FileVersion:  N/A            MD5: [52d3d7fcf8c8db071ef0573a1357c2fd]
lang_id.qm                               File Size: 143102    BYTES FileVersion:  N/A            MD5: [80473d2c73d2f54f2b23c9316f2d0ceb]
lang_it.qm                               File Size: 146851    BYTES FileVersion:  N/A            MD5: [7e7aea7d0b433d7e912ed9f0887684a7]
lang_ja.qm                               File Size: 121282    BYTES FileVersion:  N/A            MD5: [19ac79b7a5e05d665e417c2dd75afc94]
lang_ko.qm                               File Size: 118033    BYTES FileVersion:  N/A            MD5: [de213178c14490bf452ea45278d3442d]
lang_nl.qm                               File Size: 146325    BYTES FileVersion:  N/A            MD5: [5aec6f6bdc5e6c28744e6ef374709eeb]
lang_no.qm                               File Size: 142918    BYTES FileVersion:  N/A            MD5: [4388c08217618af2e24173af6f5d3f97]
lang_pl.qm                               File Size: 145434    BYTES FileVersion:  N/A            MD5: [699700c889447d1f9b607c04f07fff67]
lang_pt_BR.qm                           File Size: 131739    BYTES FileVersion:  N/A            MD5: [a3430222223d59da8ec6ea1edae5ee2f]
lang_pt_PT.qm                           File Size: 149128    BYTES FileVersion:  N/A            MD5: [afdf1907af4c95f9af510d5fc1bb9067]
lang_ro.qm                               File Size: 121166    BYTES FileVersion:  N/A            MD5: [1672a2b3a9807a1497fe43824c0026c0]
lang_ru.qm                               File Size: 122186    BYTES FileVersion:  N/A            MD5: [d4dd1eea2b0f52aba2fca4d159c387f7]
lang_sk.qm                               File Size: 119827    BYTES FileVersion:  N/A            MD5: [8b200d162e8028843e41aa1a927cfd84]
lang_sl.qm                               File Size: 143191    BYTES FileVersion:  N/A            MD5: [1760a6aa6990b2f0c4c71ec04b25ac9c]
lang_sr.qm                               File Size: 143261    BYTES FileVersion:  N/A            MD5: [377d15c0da0249f4a7a58978b6307d81]
lang_sv.qm                               File Size: 142525    BYTES FileVersion:  N/A            MD5: [2587ead21967296fefdd0ee0684fe8b4]
lang_tr.qm                               File Size: 142194    BYTES FileVersion:  N/A            MD5: [880fcbe97ec6f13ec094f7371b5b295f]
lang_vi.qm                               File Size: 126874    BYTES FileVersion:  N/A            MD5: [c61281786b5bfec68afc742a19f6abd9]
lang_zh_tr.qm                           File Size: 110870    BYTES FileVersion:  N/A            MD5: [f223d83580b1ee35edea13293cb2c80d]
 
C:\Program Files\Malwarebytes Anti-Malware\\Plugins
fixdamage.exe                           File Size: 821560    BYTES FileVersion:  1.1.0.1010     MD5: [3a4dcd021d9f3a5305a22e5e309da305]
 
C:\Documents and Settings\A7AS\Application Data\Malwarebytes\Malwarebytes Anti-Malware
 
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware
actions.ref                             File Size: 314       BYTES FileVersion:  N/A            MD5: [b26a36c0696e299fdfebe180c09c2737]
exclusions.dat                           File Size: 0         BYTES FileVersion:  N/A            MD5: [d41d8cd98f00b204e9800998ecf8427e]
rules.ref                               File Size: 7349775   BYTES FileVersion:  N/A            MD5: [a4c6832946d2ce099c41d812792259c0]
S-1-5-18-0-ntuser.dat                   S-1-5-18-0-ntuser.dat.LOG               S-1-5-19-0-ntuser.dat                   S-1-5-19-0-ntuser.dat.LOG               S-1-5-20-0-ntuser.dat                   S-1-5-20-0-ntuser.dat.LOG               S-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1003-0-ntuser.dat.LOGS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.datS-1-5-21-1757981266-1482476501-839522115-1006-0-ntuser.dat.LOGswissarmy.ref                           File Size: 21081     BYTES FileVersion:  N/A            MD5: [a6d56a73c602e64853aa689bf3400769]
 
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration
build.conf                               File Size: 4547      BYTES FileVersion:  N/A            MD5: [b8f8a1582e4cccdef21f165d399dbf77]
database.conf                           File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
gatekeeper.conf                         File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
license.conf                             File Size: 554       BYTES FileVersion:  N/A            MD5: [2c8437d61fe2a091bdd67fc766d8d160]
manifest.conf                           File Size: 1573      BYTES FileVersion:  N/A            MD5: [5783f572b2f913ca675e1454d95b56ca]
marketing.conf                           File Size: 1434      BYTES FileVersion:  N/A            MD5: [19533c40d9c9778b2ab423dbcf063d80]
net.conf                                 File Size: 6164      BYTES FileVersion:  N/A            MD5: [816964edf0726d4a50f4a681c61c9bab]
notifications.conf                       File Size: 4         BYTES FileVersion:  N/A            MD5: [2261e7eca4cd0615a97263c0ad5045c2]
scheduler.conf                           File Size: 2087      BYTES FileVersion:  N/A            MD5: [5054500ebea9fdd6646d00ca277ea0ee]
settings.conf                           File Size: 1916      BYTES FileVersion:  N/A            MD5: [d03de6998445a97029152f725be836ea]
statistics.conf                         File Size: 385       BYTES FileVersion:  N/A            MD5: [320f58128c13ad409d55c8ff2b116004]
 
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs
 
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Web Exclusions:
================
Quarantined Items:
===================
===============================================================
END OF FILE
 
 
 
Acrobat.com Adobe Systems Incorporated 9/16/2009 1.7.186
Adobe AIR Adobe Systems Inc. 9/16/2009 1.5.2.8870
Adobe Flash Player 14 ActiveX Adobe Systems Incorporated 7/16/2014 14.0.0.145
Adobe Flash Player 14 Plugin Adobe Systems Incorporated 7/16/2014 14.0.0.145
Adobe Reader XI (11.0.07) Adobe Systems Incorporated 5/13/2014 139.00 MB 11.0.07
Afaria Client Sybase, Inc. 4/15/2013 6.60
Agere Systems HDA Modem LSI Corporation 6/4/2014
Apple Application Support Apple Inc. 8/10/2013 66.43 MB 2.3.4
Apple Software Update Apple Inc. 8/10/2013 2.38 MB 2.1.3.127
CCleaner Piriform 5/14/2014 4.13
Compatibility Pack for the 2007 Office system Microsoft Corporation 10/29/2012 76.12 MB 12.0.6514.5001
Crystal Reports Basic Runtime for Visual Studio 2008 Business Objects 4/15/2013 36.29 MB 10.5.1.0
Dropbox Dropbox, Inc. 5/28/2014 2.8.2
EncryptionByCredant AFLAC 1/21/2008 1.04.0002
Epson Connect
Epson Connect Printer Setup SEIKO EPSON CORPORATION 3/12/2014 8.34 MB 1.2.0
EPSON Connect version 1.0 Epson America Inc. 10/1/2013 1.0
Epson Customer Participation SEIKO EPSON CORPORATION 1/8/2013 2.49 MB 1.0.0.0
Epson E-Web Print SEIKO EPSON CORPORATION 2/10/2014 9.23 MB 1.19.0000
Epson Event Manager Seiko Epson Corporation 10/1/2013 42.47 MB 3.01.0003
Epson FAX Utility SEIKO EPSON CORPORATION 10/1/2013 1.30.00
Epson PC-FAX Driver 6/3/2014
EPSON Printer Finder SEIKO EPSON CORPORATION 10/28/2013 1.80 MB 1.0.0
EPSON Scan Seiko Epson Corporation 1/8/2013
EPSON WF-2530 Series Printer Uninstall SEIKO EPSON Corporation 6/3/2014
EpsonNet Print SEIKO EPSON CORPORATION 10/1/2013 2.5.00
Google Chrome Google Inc. 7/16/2014 36.0.1985.125
Google Drive Google, Inc. 6/16/2014 33.48 MB 1.16.6866.4367
HP FWUpdateEDO2 Hewlett-Packard 4/1/2014 1.53 MB 1.2.0.0
HP Integrated Module with Bluetooth wireless technology HP 9/22/2009 19.89 MB 5.5.0.5800
HP Officejet Pro 8600 Help Hewlett Packard 1/29/2013 22.56 MB 140.0.2.2
HP Officejet Pro 8600 Product Improvement Study Hewlett-Packard Co. 1/29/2013 5.98 MB 25.0.619.0
HP Update Hewlett-Packard 10/24/2013 3.98 MB 5.005.000.002
I.R.I.S. OCR HP 1/29/2013 68.96 MB 12.3.4.0
Intel® Graphics Media Accelerator Driver Intel Corporation 7/9/2014
InterVideo WinDVD 8 InterVideo Inc. 10/23/2009 8.5-B0.143
Java 7 Update 60 Oracle 6/25/2014 120.00 MB 7.0.600
Juniper Networks Network Connect 6.0.0 Juniper Networks 10/1/2012 6.0.0.12507
Juniper Networks Network Connect 6.3.0 Juniper Networks 10/10/2012 6.3.0.13725
Juniper Networks Network Connect 6.5.0 Juniper Networks 10/10/2012 6.5.0.16789
Juniper Networks Network Connect 7.1.15 Juniper Networks 9/4/2013 7.1.15.25271
Juniper Networks Setup Client Activex Control Juniper Networks 6/4/2014 2.1.1.1
Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 7/2/2014 7.1.15.36013
Lexmark Toolbar 5/30/2013 4.0.53.0
Lexmark Tools for Office 5/30/2013 1.24.0.0
Lexmark Z2400 Series Lexmark International, Inc. 5/30/2013
LiveUpdate 3.1 (Symantec Corporation) Symantec Corporation 10/1/2012 3.1.0.90
Malwarebytes Anti-Malware version 2.0.2.1012 Malwarebytes Corporation 7/17/2014 2.0.2.1012
McAfee Security Scan Plus McAfee, Inc. 6/16/2014 3.8.150.1
Microsoft .NET Framework 1.1 10/10/2012
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 10/11/2012 301.00 MB 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 10/11/2012 264.00 MB 3.2.30729
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10/11/2012
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 5/19/2013 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 5/19/2013 4.0.30319
Microsoft Access database engine 2010 (English) Microsoft Corporation 4/15/2013 110.00 MB 14.0.4763.1000
Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Corporation 6/4/2014
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 9/16/2009 1
Microsoft Office 2003 Primary Interop Assemblies Microsoft Corporation 5/19/2013 7.38 MB 11.0.6553.0
Microsoft Office Enterprise 2007 Microsoft Corporation 5/15/2014 12.0.4518.1014
Microsoft Report Viewer Redistributable 2005 Microsoft Corporation 9/17/2009
Microsoft Silverlight Microsoft Corporation 3/11/2014 60.39 MB 5.1.20913.0
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 9/16/2009
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 3/15/2013 5.28 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10/28/2013 9.65 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 6/25/2014 9.64 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 4/15/2013 10.19 MB 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Corporation 5/19/2013
Microsoft WinUsb 2.0 Microsoft Corporation 6/26/2014
Motorola Device Manager Motorola Mobility 3/10/2014 2.4.5
Motorola Mobile Drivers Installation 6.3.0 Motorola Mobility LLC 3/10/2014 4.42 MB 6.3.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 1/21/2010 2.67 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 1/21/2010 2.77 MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 1/30/2013 2.87 MB 4.30.2100.0
Premium Quote 10/1/2012
QuickBooks Pro 2013 Intuit Inc. 1/6/2014 23.0.4001.2305
RealPlayer RealNetworks 4/14/2014 16.0.3
Reflect Customer Database NCH Software 11/17/2012
Rosetta Stone Version 3 Rosetta Stone Ltd. 5/20/2014 138.00 MB 3.3.7.0
save nett siavve, nnet 5/5/2013 4.3.0.1667
Security Update for Windows Search 4 - KB963093 Microsoft Corporation 9/16/2009
SmartApp Next Generation AFLAC 9/17/2009 2,946.00 MB 1.03.4000
SmartPremium AFLAC 9/17/2009 1.00.0000
SN.Sustainer 1.80 Certified Publisher 5/5/2013
SNG Prerequisites AFLAC 9/18/2009 87.70 MB 1.00.1000
SNGCoreUpgrade AFLAC 4/15/2013 35.11.2012
Software Updater SEIKO EPSON CORPORATION 3/12/2014 8.21 MB 4.2.6
SoundMAX Analog Devices 9/22/2009 5.10.01.7240
Symantec AntiVirus Symantec Corporation 9/17/2009 182.00 MB 10.1.5000.5
Synaptics Pointing Device Driver Synaptics 10/12/2012 10.0.13.2
Topaz 4X5  WinTab Driver v2.16 Topaz Systems, Inc. 6/4/2014 2.16
Topaz e-Signatures SigPlus 3.55 Topaz Systems, Inc. 6/4/2014 3.55
Update for Windows XP (KB943729) Microsoft Corporation 9/16/2009
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 9/16/2009
Windows Internet Explorer 8 Microsoft Corporation 5/5/2014 20090308.140743
Windows Live ID Sign-in Assistant Microsoft Corporation 10/29/2012 4.69 MB 6.500.3165.0
Windows Media Format 11 runtime 10/12/2012
Windows Media Player 11 10/12/2012
Windows Search 4.0 Microsoft Corporation 9/16/2009 04.00.6001.503
Windows XP Service Pack 3 Microsoft Corporation 9/16/2009 20080414.031525
WinZip 10/12/2012
WorksitePro ETI Benefits 9/17/2009 50.77 MB 2.51.0344
 
 
 

Share this post


Link to post
Share on other sites

Step 07  ESET  log

 


C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\reflect.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\refsetup_v1.13.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\NCH Software\Reflect\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir Win32/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir Win64/Thinknice.A potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir Win32/ELEX.AR potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir Win32/Thinknice.D potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir Win64/Thinknice.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir Win32/Thinknice.C potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir Win64/Thinknice.C potentially unwanted application

C:\Documents and Settings\A7AS\Application Data\9468\a7165.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Application Data\9876\a7228.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\suntemp.ex_ Win32/DownloadAdmin.G potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3F.tmp.exe a variant of Win32/ELEX.AQ potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT40.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5A.tmp.exe a variant of Win32/Amonetize.BI potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\Adobe Acrobat 7.0 Pro.exe a variant of Win32/4Shared.U potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\cbsidlm-cbsi188-Trojan_Remover_Update-SEO-10038982.exe a variant of Win32/CNETInstaller.B potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (1).exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer (2).exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\java_installer.exe a variant of Win32/SquareNet.A potentially unwanted application

C:\Documents and Settings\A7AS\My Documents\Downloads\prismpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application

 


 

 

 

Step 08 FARBAR log

 


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014

Ran by A7AS (administrator) on AFLACA7AS on 22-07-2014 12:05:11

Running from C:\Documents and Settings\A7AS\My Documents\Downloads

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Credant Technologies, Inc.) C:\WINDOWS\system32\Credant.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DefWatch.exe

(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe

(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Lexmark International, Inc.) C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdqserv.exe

( ) C:\WINDOWS\system32\lxdqcoms.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(CyberAngel Security Solutions) C:\WINDOWS\system32\Mschksvc.exe

() C:\WINDOWS\system32\mswnetchk.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\Rtvscan.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Skyhook Wireless) C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Agere Systems) C:\WINDOWS\AGRSMMSG.exe

(AFLAC) C:\Program Files\AFLAC\Common\WSPPurge.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe

(Symantec Corporation) C:\PROGRA~1\SYMANT~1\VPTray.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Credant Technologies, Inc.) C:\WINDOWS\system32\CredUI.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Sybase, Inc.) C:\Program Files\AClient\Bin\XCDiffCache.exe

(Symantec Corporation) C:\Program Files\Symantec AntiVirus\DoScan.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files\Lexmark Z2400 Series\lxdqmsdmon.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe

() C:\WINDOWS\system32\MsChkPrompt.exe

(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

() C:\WINDOWS\Dll32Agent.Exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE

(Dropbox, Inc.) C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe

(Intuit Inc. All rights reserved.) C:\Documents and Settings\A7AS\Local Settings\Application Data\Intuit\SyncManager\Current\IntuitSyncManager.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Intuit, Inc.) C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Farbar) C:\Documents and Settings\A7AS\My Documents\Downloads\FRST (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {9c0213ab-6a3c-11e2-a4de-0026c600b60a} - F:\IronKey.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {e98527bc-8967-11dd-8553-806d6172696f} - D:\SWSETUP\APPINSTL\setup.exe

HKU\S-1-5-21-1757981266-1482476501-839522115-1006\...\MountPoints2: {f75b546e-6780-11e2-a4db-0026c600b60a} - E:\MotorolaDeviceManagerSetup.exe -a

Startup: C:\Documents and Settings\A7AS\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\A7AS\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7069B605936FCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {4F1623FC-35C9-416E-9517-1F42B885A52E} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {4F1623FC-35C9-416E-9517-1F42B885A52E} URL = https://www.google.com/search?q={searchTerms}

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()

BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab


DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-16]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-14]

FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2013-01-29]

FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on

FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2014-02-10]

FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Google Drive) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]

CHR Extension: (RealDownloader) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-17]

CHR Extension: (Google Wallet) - C:\Documents and Settings\A7AS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\Documents and Settings\All Users\Application Data\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2013-08-14]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\A7AS\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-03-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

========================== Services (Whitelisted) =================

 

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems) [File not signed]

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [192160 2006-07-19] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [169632 2006-07-19] (Symantec Corporation)

R2 CMGShield; C:\WINDOWS\system32\Credant.exe [1040463 2007-05-08] (Credant Technologies, Inc.) [File not signed]

R2 DefWatch; C:\Program Files\Symantec AntiVirus\DefWatch.exe [31472 2006-09-27] (Symantec Corporation)

R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671848 2013-05-20] (Juniper Networks)

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-06-25] (Oracle Corporation)

S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-08-25] (Symantec Corporation)

R2 lxdqCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe [94208 2009-04-28] (Lexmark International, Inc.)

R2 lxdq_device; C:\WINDOWS\system32\lxdqcoms.exe [589824 2007-11-28] ( )

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

R2 MsChkSvc; C:\WINDOWS\system32\MsChkSvc.exe [32768 2008-11-07] (CyberAngel Security Solutions) [File not signed]

R2 MsWnetChk; C:\WINDOWS\system32\MsWnetChk.exe [122880 2008-11-07] () [File not signed]

R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-15] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

S3 SavRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [116464 2006-09-27] (symantec)

S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214720 2006-08-07] (Symantec Corporation)

R2 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848 2006-04-11] (Symantec Corporation)

R2 Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1813232 2006-09-27] (Symantec Corporation)

R2 WPSScannerSvc; C:\Program Files\Skyhook Wireless\Wi-Fi Service\WPSScannerSvc.exe [126976 2010-01-21] (Skyhook Wireless) [File not signed]

S3 ReflectService; "C:\Program Files\NCH Software\Reflect\reflect.exe" -service [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 AgereSoftModem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [1204128 2008-10-29] (Agere Systems) [File not signed]

S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-25] (Brother Industries Ltd.)

R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991656 2009-01-14] (Broadcom Corporation.)

R0 CredCEF; C:\WINDOWS\System32\Drivers\CredCEF.sys [214095 2007-05-08] (Credant Technologies, Inc.) [File not signed]

S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5220 2003-05-01] (Cisco Systems, Inc.)

R3 DNE; C:\WINDOWS\System32\DRIVERS\dne2000.sys [138916 2002-08-26] (Deterministic Networks, Inc.)

R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2013-05-20] (Juniper Networks)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-09-17] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-06-17] (Symantec Corporation)

S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments) [File not signed]

S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2010-02-01] (HP)

S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2010-02-01] (HP)

S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2010-02-01] (HP)

S3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [41216 2008-08-19] (Infineon Technologies AG) [File not signed]

R3 Iviaspi; C:\WINDOWS\System32\drivers\Iviaspi.sys [10368 2005-09-20] (InterVideo, Inc.) [File not signed]

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-07-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-22] (Malwarebytes Corporation)

S3 motandroidusb; C:\WINDOWS\System32\Drivers\motoandroid.sys [26240 2013-03-26] (Motorola)

R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVENG.SYS [93272 2013-06-17] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20130706.003\NAVEX15.SYS [1611992 2013-06-17] (Symantec Corporation)

R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630336 2009-09-14] (Intel Corporation)

R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)

R1 SafDskNT; C:\WINDOWS\system32\Drivers\SafDskNT.sys [77824 2010-01-21] (PC Dynamics, Inc.) [File not signed]

R1 SAVRT; C:\Program Files\Symantec AntiVirus\savrt.sys [337592 2006-09-06] (Symantec Corporation)

R1 SAVRTPEL; C:\Program Files\Symantec AntiVirus\Savrtpel.sys [54968 2006-09-06] (Symantec Corporation)

R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)

S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)

R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [389776 2006-04-11] (Symantec Corporation)

R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [109744 2006-09-18] (Symantec Corporation)

R3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [24768 2006-08-07] (Symantec Corporation)

R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [195776 2006-08-07] (Symantec Corporation)

S3 tifm21; C:\WINDOWS\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) [File not signed]

U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [35152 2014-07-03] ()

S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2210048 2007-07-25] (Intel® Corporation)

R3 Wpsnuio; C:\WINDOWS\System32\DRIVERS\wpsnuio.sys [12416 2010-01-21] (Skyhook Wireless) [File not signed]

R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-09-14] (Marvell)

R1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt; C:\WINDOWS\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys [55224 2014-07-12] (StdLib)

S3 asdids; system32\DRIVERS\asdids.sys [X]

S3 asdidsmp; system32\DRIVERS\asdids.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U1 WS2IFSL; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-22 10:24 - 2014-07-22 10:24 - 00000000 ____D () C:\Program Files\ESET

2014-07-22 09:35 - 2014-07-22 09:35 - 00010842 _____ () C:\Documents and Settings\A7AS\Desktop\AdwCleaner[R0].txt

2014-07-22 09:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll

2014-07-22 09:19 - 2014-07-22 09:42 - 00000000 ____D () C:\AdwCleaner

2014-07-22 08:31 - 2014-07-22 09:18 - 00002249 _____ () C:\Documents and Settings\A7AS\Desktop\JRT.txt

2014-07-22 08:25 - 2014-07-22 08:25 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-21 09:48 - 2014-07-22 11:09 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\MBAM

2014-07-21 09:41 - 2014-07-21 09:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini072114-01.dmp

2014-07-21 09:01 - 2014-07-22 09:52 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-21 08:55 - 2014-07-21 09:01 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-21 08:55 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-21 08:19 - 2014-07-21 08:19 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Program Files\ERUNT

2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-07-17 13:01 - 2014-07-12 17:18 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys

2014-07-17 11:57 - 2014-07-17 11:57 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9876

2014-07-17 11:55 - 2014-07-17 11:55 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9468

2014-07-16 13:43 - 2014-07-16 13:49 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-07-09 12:22 - 2014-07-09 12:22 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 _____ () C:\Documents and Settings\A7AS\Desktop\New Text Document (3).txt

2014-07-03 11:22 - 2014-07-03 11:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-03 11:22 - 2014-07-03 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-07-02 10:49 - 2014-07-02 10:49 - 00065844 _____ () C:\Documents and Settings\A7AS\My Documents\Benefit Code Chart 3-2014-xls.xlsx

2014-07-02 08:50 - 2014-07-22 12:06 - 00000000 ____D () C:\FRST

2014-06-26 09:47 - 2014-07-17 08:20 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:31 - 2014-06-25 09:30 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:31 - 2014-06-25 09:30 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:31 - 2014-06-25 09:30 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:54 - 2014-06-26 09:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2012-06-15 16:39 - 00169744 _____ () C:\WINDOWS\system32\ztvunrar36.dll

2014-06-25 08:38 - 2012-06-15 16:35 - 00185616 _____ () C:\WINDOWS\system32\ztvunrar39.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00605968 _____ (Igor Pavlov) C:\WINDOWS\system32\ztv7z.dll

2014-06-25 08:38 - 2012-06-15 16:33 - 00077072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztvcabinet.dll

2014-06-25 08:38 - 2005-08-26 01:50 - 00077312 _____ () C:\WINDOWS\system32\ztvunace26.dll

2014-06-25 08:38 - 2003-02-02 20:06 - 00153088 _____ () C:\WINDOWS\system32\unrar3.dll

2014-06-25 08:38 - 2002-03-06 01:00 - 00075264 _____ () C:\WINDOWS\system32\unacev2.dll

2014-06-25 08:37 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

 

==================== One Month Modified Files and Folders =======

 

2014-07-22 12:09 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Temp

2014-07-22 12:07 - 2014-01-08 14:17 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Dropbox

2014-07-22 12:06 - 2014-07-02 08:50 - 00000000 ____D () C:\FRST

2014-07-22 11:58 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job

2014-07-22 11:27 - 2013-03-14 16:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-22 11:22 - 2013-01-06 11:50 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-07-22 11:09 - 2014-07-21 09:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Desktop\MBAM

2014-07-22 10:24 - 2014-07-22 10:24 - 00000000 ____D () C:\Program Files\ESET

2014-07-22 10:15 - 2012-11-02 07:27 - 00622713 _____ () C:\WinTab.log

2014-07-22 10:10 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job

2014-07-22 09:52 - 2014-07-21 09:01 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 09:50 - 2014-01-08 14:25 - 00000000 ___RD () C:\Documents and Settings\A7AS\My Documents\Dropbox

2014-07-22 09:49 - 2014-01-08 14:23 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\DropboxMaster

2014-07-22 09:48 - 2014-04-14 10:45 - 00000276 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-22 09:48 - 2012-12-13 10:03 - 00000284 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-22 09:47 - 2014-05-05 11:18 - 00000626 ____H () C:\WINDOWS\Tasks\SN.Booster-S-469265631.job

2014-07-22 09:47 - 2013-03-14 16:27 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-22 09:47 - 2013-02-05 21:33 - 00000298 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-22 09:47 - 2012-11-07 10:43 - 00000000 ____D () C:\Temp

2014-07-22 09:47 - 2009-09-17 15:42 - 00000000 ____D () C:\Program Files\Symantec AntiVirus

2014-07-22 09:47 - 2009-09-16 11:16 - 01735241 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-22 09:47 - 2008-01-21 12:57 - 00000256 ___SH () C:\WINDOWS\system32\CredSys.cdb

2014-07-22 09:46 - 2009-09-16 07:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-07-22 09:46 - 2009-09-16 07:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-07-22 09:45 - 2009-09-16 11:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-22 09:43 - 2009-09-16 11:23 - 00032434 _____ () C:\WINDOWS\SchedLgU.Txt

2014-07-22 09:42 - 2014-07-22 09:19 - 00000000 ____D () C:\AdwCleaner

2014-07-22 09:42 - 2008-01-21 12:13 - 00000278 ___SH () C:\Documents and Settings\A7AS\ntuser.ini

2014-07-22 09:42 - 2008-01-21 12:13 - 00000000 ____D () C:\Documents and Settings\A7AS

2014-07-22 09:35 - 2014-07-22 09:35 - 00010842 _____ () C:\Documents and Settings\A7AS\Desktop\AdwCleaner[R0].txt

2014-07-22 09:18 - 2014-07-22 08:31 - 00002249 _____ () C:\Documents and Settings\A7AS\Desktop\JRT.txt

2014-07-22 08:25 - 2014-07-22 08:25 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-07-21 14:22 - 2013-02-05 21:33 - 00000306 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-21 14:00 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job

2014-07-21 13:00 - 2013-08-10 16:59 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2014-07-21 12:53 - 2014-03-10 12:53 - 00000460 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job

2014-07-21 09:49 - 2013-01-08 12:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON

2014-07-21 09:41 - 2012-11-08 10:41 - 00000000 ____D () C:\WINDOWS\Minidump

2014-07-21 09:41 - 2012-10-01 13:41 - 00000000 __SHD () C:\WINDOWS\CSC

2014-07-21 09:40 - 2014-07-21 09:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini072114-01.dmp

2014-07-21 09:01 - 2014-07-21 08:55 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-21 08:55 - 2014-07-21 08:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-21 08:55 - 2014-05-14 12:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-07-21 08:43 - 2006-02-28 06:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-07-21 08:19 - 2014-07-21 08:19 - 00000000 ____D () C:\WINDOWS\ERDNT

2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Program Files\ERUNT

2014-07-21 08:18 - 2014-07-21 08:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

2014-07-20 20:40 - 2013-01-29 12:58 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job

2014-07-20 20:33 - 2013-02-05 21:33 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1757981266-1482476501-839522115-1006.job

2014-07-17 15:59 - 2013-01-30 18:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWdf01007$

2014-07-17 13:44 - 2014-05-05 11:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\f654fe39c13d631b

2014-07-17 13:31 - 2009-09-16 14:38 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt

2014-07-17 13:29 - 2006-02-28 06:00 - 00001023 _____ () C:\WINDOWS\win.ini

2014-07-17 13:01 - 2009-09-16 11:22 - 00000000 __SHD () C:\Documents and Settings\LocalService

2014-07-17 11:57 - 2014-07-17 11:57 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9876

2014-07-17 11:57 - 2009-09-16 06:58 - 00000000 ____D () C:\WINDOWS\Resources

2014-07-17 11:55 - 2014-07-17 11:55 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\9468

2014-07-17 08:20 - 2014-06-26 09:47 - 00000000 ____D () C:\Program Files\Advanced Fix 2013

2014-07-16 13:49 - 2014-07-16 13:43 - 00001819 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2014-07-16 13:44 - 2012-10-01 16:48 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Google

2014-07-16 13:43 - 2014-07-16 13:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome

2014-07-16 13:43 - 2013-03-14 16:27 - 00000000 ____D () C:\Program Files\Google

2014-07-15 14:53 - 2013-05-30 14:29 - 00000000 ____D () C:\Documents and Settings\All Users\Lx_cats

2014-07-12 17:18 - 2014-07-17 13:01 - 00055224 _____ (StdLib) C:\WINDOWS\system32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gt.sys

2014-07-09 12:22 - 2014-07-09 12:22 - 11204096 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

2014-07-09 12:22 - 2013-01-06 11:50 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-07-09 12:22 - 2013-01-06 11:50 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-07-08 15:27 - 2014-07-08 15:27 - 00000000 _____ () C:\Documents and Settings\A7AS\Desktop\New Text Document (3).txt

2014-07-08 12:53 - 2014-03-10 12:53 - 00000476 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job

2014-07-07 08:30 - 2009-09-18 13:50 - 00073136 _____ () C:\Documents and Settings\1000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2014-07-07 08:27 - 2009-09-16 07:05 - 00284520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-03 14:08 - 2014-05-15 09:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-07-03 14:03 - 2009-09-16 07:07 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-07-03 12:58 - 2014-05-15 09:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

2014-07-03 11:22 - 2014-07-03 11:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-03 11:22 - 2014-07-03 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-07-02 10:49 - 2014-07-02 10:49 - 00065844 _____ () C:\Documents and Settings\A7AS\My Documents\Benefit Code Chart 3-2014-xls.xlsx

2014-06-26 16:50 - 2009-09-16 14:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968816_WM9$

2014-06-26 10:28 - 2012-10-10 22:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$

2014-06-26 09:36 - 2009-09-18 12:57 - 00000000 ____D () C:\WINDOWS\pss

2014-06-26 09:36 - 2009-09-16 07:04 - 00000211 __RSH () C:\boot.ini

2014-06-26 09:36 - 2006-02-28 06:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-06-26 09:17 - 2014-06-25 08:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software

2014-06-26 08:46 - 2014-06-26 08:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-06-26 08:45 - 2014-06-26 08:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallwinusb0200$

2014-06-25 09:32 - 2014-06-25 09:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-06-25 09:31 - 2014-06-25 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java

2014-06-25 09:30 - 2014-06-25 09:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe

2014-06-25 09:30 - 2014-06-25 09:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

2014-06-25 09:30 - 2014-06-25 09:31 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll

2014-06-25 09:11 - 2014-05-05 11:20 - 00000000 ____D () C:\Documents and Settings\A7AS\Local Settings\Application Data\Temp

2014-06-25 08:56 - 2014-06-25 08:56 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1403704746625

2014-06-25 08:56 - 2014-06-25 08:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswrdr.sys.1403704746625

2014-06-25 08:38 - 2014-06-25 08:38 - 00000000 ____D () C:\Documents and Settings\A7AS\My Documents\Simply Super Software

2014-06-25 08:38 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\A7AS\Application Data\Simply Super Software

2014-06-25 08:37 - 2014-06-25 08:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Simply Super Software

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

C:\Windows\Tasks\At2.job

C:\Windows\Tasks\At3.job

C:\Windows\Tasks\At4.job

 

 

Some content of TEMP:

====================

C:\Documents and Settings\1000\Local Settings\Temp\_is1DE.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpakhznz.dll

C:\Documents and Settings\A7AS\Local Settings\Temp\Quarantine.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3B.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3C.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3D.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3E.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT3F.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT40.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT41.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT42.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT43.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT55.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT56.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT57.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT58.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT59.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5A.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5B.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5C.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\UNT5D.tmp.exe

C:\Documents and Settings\A7AS\Local Settings\Temp\VOPackage.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================


Share this post


Link to post
Share on other sites

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Then restart the computer again and run the following

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Share this post


Link to post
Share on other sites

Thank you for replying so quickly, but it appears there is another issue..  My computer shut down sometime during the night when I went home.  Came into work this AM and it will NOT boot up.  Since this is a work computer, I have to log in through Credant Mobile Shield.  Once I do enter my password, I get the Windows sound when it opens & then nothing.  Only my background.  No icons, can't access start menu and Cntl Alt Delete brings up the option to get to the Task Manager, then it never opens.  There is only the fan running.  It almost seems like the processor isn't working.  So at startup, the only other option other than it starting Windows XP Pro (which is normally what I select) is the Recovery Tool.  I clicked on that and it will allow me to back up my files.. then a Window pops up labled 'Servant Salamander'   

 

At this point I am afraid to touch this machine because whatever the issue is seems to be getting worse.  Help?  Ideas?  I am desperate since the computer I am working off of to type this is being shipped off for repairs today sometime and I am dead in the water since the other one won't even boot up all the way.  I have been here for 3 hours now & nothing about the state of this other computer has changed..  it appears I have killed this computer somehow.. please, please help!

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.