Jump to content

FBI Moneypak virus


Recommended Posts

I appear to be infected with the FBI Piracy Porn Moneypak virus. I was in a Chrome window. Would not allow me to close chrome. Any attempt would only open a pop-up window with what appeared to be German.  Had to use task mangaer to close it. Did not seem to affect IE or Firefox. 

 

I tried to do a restore, in safe mode, from last week but it would not take. The FBI screen has not come back, yet.

 

Using Premium version 2.0.2.1012 with the latest database found nothing and Anti-Exploit had no warnings.

 

This is on a networked system running XP Pro.

 

Looking for a pro to assist with analyzing and removing whatever it is.

 

Thanks!

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Thanks for your assistance, Kevin!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by paul.smith (administrator) on PAULSOFFICE on 21-07-2014 16:34:11
Running from C:\File Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {15de9d94-7d04-11e2-8cca-00219b2177ca} - I:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {1fd731fc-669c-11e0-81af-00219b2177ca} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {6cd2d04c-2a7f-11de-ac06-00219b2177ca} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {85e65948-f34a-11e0-81bc-00219b2177ca} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {d642ea53-87b4-11e0-81b1-00219b2177ca} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {e3ef165b-3eca-11de-ac0a-00219b2177ca} - F:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264540604700
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} http://192.168.1.148/vcredist_x86.exe
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A444A75B-D0C1-4440-B830-4F8206ADE1F5} http://203.254.221.27:7000/ems/download/ezPDFLauncherX2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @alternatiff.com/AlternaTIFF - C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator - C:\DOCUME~1\PAUL~1.SMI\APPLIC~1\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF user.js: detected! => C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Garmin Communicator - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-19]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-16]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-27]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-09]
FF Extension: Adblock Plus - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-21]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-21]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Search) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (DivX HiQ) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2014-02-04]
CHR Extension: (Google Wallet) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-02-04]
CHR Extension: (Gmail) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-18] (Oracle Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation) [File not signed]
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [46296 2014-04-11] ()
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [35392 2011-09-22] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-21] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
S3 usbkey; C:\WINDOWS\System32\DRIVERS\USBKey.sys [33852 2009-08-05] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [File not signed]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 16:33 - 2014-07-21 16:34 - 00000000 ____D () C:\FRST
2014-06-26 13:01 - 2014-06-26 13:01 - 00000758 _____ () C:\Documents and Settings\All Users\Desktop\EPS File Viewer.lnk
2014-06-26 13:01 - 2014-06-26 13:01 - 00000000 ____D () C:\Program Files\EPS File Viewer
2014-06-26 13:01 - 2014-06-26 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPS File Viewer
2014-06-24 17:07 - 2014-06-24 17:07 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Application Data\Adobe

==================== One Month Modified Files and Folders =======

2014-07-21 16:34 - 2014-07-21 16:33 - 00000000 ____D () C:\FRST
2014-07-21 16:34 - 2009-03-27 13:51 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Temp
2014-07-21 16:20 - 2009-03-27 13:44 - 00000152 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-07-21 16:14 - 2014-02-04 15:44 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 16:13 - 2012-12-19 18:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-21 14:37 - 2013-08-04 14:50 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-07-21 14:28 - 2014-05-05 09:16 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 14:28 - 2008-04-25 17:28 - 01831609 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-21 14:27 - 2014-02-04 15:44 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 14:27 - 2012-02-07 11:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-21 14:27 - 2012-02-07 11:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-21 14:27 - 2008-04-25 17:32 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-21 14:27 - 2008-04-25 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-21 14:27 - 2008-04-25 12:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-21 14:05 - 2009-03-27 13:51 - 00000278 ___SH () C:\Documents and Settings\paul.smith\ntuser.ini
2014-07-21 13:57 - 2009-03-31 22:30 - 00000000 ____D () C:\Program Files\asystV10 Dealer Management
2014-07-21 04:40 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\security
2014-07-21 04:02 - 2008-04-25 17:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-07-20 12:03 - 2008-04-25 17:26 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-07-18 09:57 - 2011-04-14 18:48 - 00000000 ____D () C:\Program Files\Jawbone
2014-07-18 03:18 - 2014-02-04 15:45 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-07-09 01:13 - 2012-11-17 13:49 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-09 01:13 - 2012-11-17 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-07 14:56 - 2009-03-19 17:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB967715$
2014-07-07 14:53 - 2013-01-24 14:18 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-07 14:53 - 2013-01-24 14:18 - 00001736 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-07-07 14:53 - 2010-11-06 11:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-07 14:53 - 2009-01-16 16:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-07-07 13:14 - 2009-07-15 13:14 - 00000000 ____D () C:\Temp partsmart
2014-06-26 13:01 - 2014-06-26 13:01 - 00000758 _____ () C:\Documents and Settings\All Users\Desktop\EPS File Viewer.lnk
2014-06-26 13:01 - 2014-06-26 13:01 - 00000000 ____D () C:\Program Files\EPS File Viewer
2014-06-26 13:01 - 2014-06-26 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPS File Viewer
2014-06-26 12:19 - 2009-04-04 12:42 - 00000000 ____D () C:\Twin Hills Iron
2014-06-24 17:07 - 2014-06-24 17:07 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Application Data\Adobe
2014-06-23 09:33 - 2012-04-25 13:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfix.exe
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfixr.dll
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\vbtbrowser.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\applnch.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst64.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\ESDPK-HLX5-PhotoPlusStarterEdition_Setup.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\GdiPlus.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\mfc80u.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\regini.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\SETUP.EXE
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUAComnCtrl.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUARefresh.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\uninst.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\UTEngine.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\_is7C.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by paul.smith at 2014-07-21 16:35:00
Running from C:\File Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
asyst Dealer Management for Microsoft Office v10 (HKLM\...\asyst Dealer Management for Microsoft Office v10) (Version: 10 - United Systems Technology, Inc.)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Blue Iris ActiveX Control (HKLM\...\InstallShield_{7106E079-28CA-4FEC-A083-6577EB674526}) (Version: 3.0.0.8 - Perspective Software)
Blue Iris ActiveX Control (Version: 3.0.0.8 - Perspective Software) Hidden
Brother MFL-Pro Suite MFC-8950DW (HKLM\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
Doxillion Document Converter (HKLM\...\Doxillion) (Version:  - NCH Software)
DSX System Administrator (HKLM\...\{A3D1AF62-A77F-43C6-B476-663194599655}) (Version: 2.21 - NEC Infrontia, Inc.)
Easy Duplicate Finder v. 3.1 (HKLM\...\Easy Duplicate Finder_is1) (Version:  - WebMinds, Inc.)
Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
EPS File Viewer (HKLM\...\{35B4B5ED-41DE-4CAB-A757-F967474819DC}_is1) (Version:  - epsfileviewer.com)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Free Audio CD to MP3 Converter version 1.3.11.908 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Harley-Davidson Super Tuner VCI Drivers (Driver Removal) (HKLM\...\HDVCCOMM&125E&1802) (Version:  - )
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version:  - )
Malwarebytes Anti-Exploit version 0.10.3.0100 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.3.0100 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access 2002 Runtime (HKLM\...\{901C0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
Power Vision Software (HKLM\...\{C665EE1E-47D7-4169-80E2-6F7077BB4184}) (Version: 1.0.68.1180 - Dynojet Research Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
RPM Control Center Version 1.0.0.4 (HKLM\...\{13185BE4-096D-4857-B62B-057056AB572C}_is1) (Version:  - Rinehart Racing)
Screamin Eagle Pro Super Tuner (HKLM\...\{BC317EDD-5E0D-4CF0-A619-8B1EA798BA89}) (Version: 6.000.0006 - Harley-Davidson)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Serif PhotoPlus Starter Edition 3 (HKLM\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB978506) (HKLM\...\KB978506-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{FD1408CA-47E3-45C8-B7CB-75AEB8F98DA1}) (Version: 2.13.0273 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{D3D2A5FF-55C2-4A5A-BDAC-A502A66E6B8D}) (Version: 2.13.0246 - Samsung Electronics Co., Ltd.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VolID 4.0.1 Demo (HKLM\...\VolID_is1) (Version:  - SoftRM)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
WinPEP 7 (HKLM\...\InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}) (Version: 7.5.1.14 - Dynojet Research Inc.)
WinPEP 7 (Version: 7.5.1.14 - Dynojet Research Inc.) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Restore Points  =========================

22-04-2014 22:00:52 Software Distribution Service 3.0
23-04-2014 03:02:20 Software Distribution Service 3.0
23-04-2014 22:00:45 Software Distribution Service 3.0
24-04-2014 22:00:36 Software Distribution Service 3.0
25-04-2014 03:07:38 Software Distribution Service 3.0
25-04-2014 22:06:15 Software Distribution Service 3.0
26-04-2014 03:12:11 Software Distribution Service 3.0
26-04-2014 22:02:16 Software Distribution Service 3.0
27-04-2014 03:02:59 Software Distribution Service 3.0
27-04-2014 22:00:34 Software Distribution Service 3.0
28-04-2014 03:02:31 Software Distribution Service 3.0
28-04-2014 22:00:35 Software Distribution Service 3.0
29-04-2014 03:03:05 Software Distribution Service 3.0
29-04-2014 22:00:27 Software Distribution Service 3.0
30-04-2014 03:02:19 Software Distribution Service 3.0
30-04-2014 14:10:39 Configured Blue Iris ActiveX Control
30-04-2014 22:00:14 Software Distribution Service 3.0
01-05-2014 03:02:15 Software Distribution Service 3.0
01-05-2014 22:00:40 Software Distribution Service 3.0
02-05-2014 03:02:35 Software Distribution Service 3.0
02-05-2014 21:59:11 Software Distribution Service 3.0
03-05-2014 03:02:53 Software Distribution Service 3.0
03-05-2014 21:59:17 Software Distribution Service 3.0
04-05-2014 03:02:53 Software Distribution Service 3.0
05-05-2014 13:27:11 Software Distribution Service 3.0
06-05-2014 03:03:01 Software Distribution Service 3.0
06-05-2014 13:25:18 Software Distribution Service 3.0
07-05-2014 03:03:59 Software Distribution Service 3.0
08-05-2014 02:51:37 Software Distribution Service 3.0
08-05-2014 13:04:35 Software Distribution Service 3.0
09-05-2014 02:54:30 Software Distribution Service 3.0
09-05-2014 14:10:31 Software Distribution Service 3.0
10-05-2014 03:03:36 Software Distribution Service 3.0
10-05-2014 14:10:24 Software Distribution Service 3.0
11-05-2014 02:55:09 Software Distribution Service 3.0
11-05-2014 14:09:55 Software Distribution Service 3.0
12-05-2014 02:54:18 Software Distribution Service 3.0
12-05-2014 14:11:21 Software Distribution Service 3.0
13-05-2014 02:54:20 Software Distribution Service 3.0
13-05-2014 14:09:53 Software Distribution Service 3.0
14-05-2014 02:54:39 Software Distribution Service 3.0
14-05-2014 14:09:24 Software Distribution Service 3.0
15-05-2014 02:54:17 Software Distribution Service 3.0
16-05-2014 03:01:25 Software Distribution Service 3.0
16-05-2014 12:59:38 Software Distribution Service 3.0
16-05-2014 13:44:21 Configured Blue Iris ActiveX Control
17-05-2014 03:00:53 Software Distribution Service 3.0
17-05-2014 12:59:24 Software Distribution Service 3.0
18-05-2014 03:00:20 Software Distribution Service 3.0
18-05-2014 12:59:15 Software Distribution Service 3.0
19-05-2014 03:01:08 Software Distribution Service 3.0
19-05-2014 12:59:10 Software Distribution Service 3.0
20-05-2014 03:01:04 Software Distribution Service 3.0
21-05-2014 03:01:20 Software Distribution Service 3.0
21-05-2014 12:59:20 Software Distribution Service 3.0
22-05-2014 03:00:50 Software Distribution Service 3.0
22-05-2014 12:58:45 Software Distribution Service 3.0
23-05-2014 03:00:24 Software Distribution Service 3.0
23-05-2014 12:57:43 Software Distribution Service 3.0
24-05-2014 03:00:17 Software Distribution Service 3.0
24-05-2014 12:57:35 Software Distribution Service 3.0
25-05-2014 03:00:22 Software Distribution Service 3.0
25-05-2014 12:57:29 Software Distribution Service 3.0
26-05-2014 03:00:16 Software Distribution Service 3.0
26-05-2014 12:57:34 Software Distribution Service 3.0
27-05-2014 03:00:47 Software Distribution Service 3.0
27-05-2014 12:57:35 Software Distribution Service 3.0
28-05-2014 03:00:39 Software Distribution Service 3.0
28-05-2014 13:01:34 Software Distribution Service 3.0
29-05-2014 03:00:53 Software Distribution Service 3.0
29-05-2014 12:57:41 Software Distribution Service 3.0
30-05-2014 03:00:26 Software Distribution Service 3.0
30-05-2014 12:57:34 Software Distribution Service 3.0
31-05-2014 03:00:33 Software Distribution Service 3.0
31-05-2014 12:56:30 Software Distribution Service 3.0
01-06-2014 02:32:55 Software Distribution Service 3.0
01-06-2014 14:12:08 Software Distribution Service 3.0
02-06-2014 02:33:15 Software Distribution Service 3.0
02-06-2014 14:11:39 Software Distribution Service 3.0
03-06-2014 02:32:24 Software Distribution Service 3.0
03-06-2014 14:11:49 Software Distribution Service 3.0
04-06-2014 02:32:17 Software Distribution Service 3.0
04-06-2014 14:11:43 Software Distribution Service 3.0
05-06-2014 02:32:28 Software Distribution Service 3.0
05-06-2014 14:11:36 Software Distribution Service 3.0
06-06-2014 02:32:28 Software Distribution Service 3.0
06-06-2014 14:11:57 Software Distribution Service 3.0
07-06-2014 02:32:28 Software Distribution Service 3.0
07-06-2014 14:11:41 Software Distribution Service 3.0
08-06-2014 02:33:10 Software Distribution Service 3.0
08-06-2014 14:11:16 Software Distribution Service 3.0
09-06-2014 02:32:19 Software Distribution Service 3.0
09-06-2014 14:11:22 Software Distribution Service 3.0
10-06-2014 02:33:12 Software Distribution Service 3.0
10-06-2014 14:11:14 Software Distribution Service 3.0
11-06-2014 02:33:02 Software Distribution Service 3.0
11-06-2014 14:09:25 Software Distribution Service 3.0
12-06-2014 02:33:01 Software Distribution Service 3.0
12-06-2014 14:10:26 Software Distribution Service 3.0
13-06-2014 02:33:15 Software Distribution Service 3.0
13-06-2014 14:08:50 Software Distribution Service 3.0
14-06-2014 02:32:31 Software Distribution Service 3.0
14-06-2014 14:08:52 Software Distribution Service 3.0
15-06-2014 02:32:35 Software Distribution Service 3.0
15-06-2014 14:08:46 Software Distribution Service 3.0
16-06-2014 02:32:20 Software Distribution Service 3.0
16-06-2014 14:08:49 Software Distribution Service 3.0
17-06-2014 02:32:35 Software Distribution Service 3.0
17-06-2014 14:09:02 Software Distribution Service 3.0
18-06-2014 02:33:15 Software Distribution Service 3.0
18-06-2014 14:08:41 Software Distribution Service 3.0
19-06-2014 02:33:03 Software Distribution Service 3.0
19-06-2014 14:08:39 Software Distribution Service 3.0
20-06-2014 02:32:27 Software Distribution Service 3.0
20-06-2014 14:05:54 Software Distribution Service 3.0
21-06-2014 02:32:59 Software Distribution Service 3.0
21-06-2014 14:02:38 Software Distribution Service 3.0
22-06-2014 02:49:53 Software Distribution Service 3.0
22-06-2014 14:02:32 Software Distribution Service 3.0
23-06-2014 02:32:16 Software Distribution Service 3.0
24-06-2014 02:48:48 System Checkpoint
24-06-2014 03:16:55 Software Distribution Service 3.0
24-06-2014 13:43:41 Software Distribution Service 3.0
25-06-2014 03:15:30 Software Distribution Service 3.0
25-06-2014 13:44:55 Software Distribution Service 3.0
26-06-2014 03:15:49 Software Distribution Service 3.0
26-06-2014 13:45:23 Software Distribution Service 3.0
27-06-2014 03:16:01 Software Distribution Service 3.0
27-06-2014 13:43:33 Software Distribution Service 3.0
28-06-2014 03:15:32 Software Distribution Service 3.0
28-06-2014 13:44:32 Software Distribution Service 3.0
29-06-2014 03:15:30 Software Distribution Service 3.0
29-06-2014 13:43:28 Software Distribution Service 3.0
30-06-2014 03:16:14 Software Distribution Service 3.0
30-06-2014 13:43:34 Software Distribution Service 3.0
01-07-2014 03:16:13 Software Distribution Service 3.0
01-07-2014 13:44:05 Software Distribution Service 3.0
02-07-2014 03:15:49 Software Distribution Service 3.0
02-07-2014 13:43:33 Software Distribution Service 3.0
03-07-2014 03:16:18 Software Distribution Service 3.0
03-07-2014 13:43:31 Software Distribution Service 3.0
04-07-2014 03:15:42 Software Distribution Service 3.0
04-07-2014 13:43:19 Software Distribution Service 3.0
05-07-2014 03:15:20 Software Distribution Service 3.0
05-07-2014 13:43:17 Software Distribution Service 3.0
06-07-2014 03:15:25 Software Distribution Service 3.0
06-07-2014 13:43:17 Software Distribution Service 3.0
07-07-2014 03:16:10 Software Distribution Service 3.0
07-07-2014 13:43:20 Software Distribution Service 3.0
08-07-2014 03:24:38 Software Distribution Service 3.0
08-07-2014 19:06:30 Software Distribution Service 3.0
09-07-2014 03:25:12 Software Distribution Service 3.0
09-07-2014 19:06:29 Software Distribution Service 3.0
10-07-2014 02:35:51 Software Distribution Service 3.0
10-07-2014 21:23:47 Software Distribution Service 3.0
11-07-2014 02:41:54 Software Distribution Service 3.0
11-07-2014 21:23:58 Software Distribution Service 3.0
12-07-2014 02:35:45 Software Distribution Service 3.0
12-07-2014 21:23:47 Software Distribution Service 3.0
13-07-2014 02:35:15 Software Distribution Service 3.0
13-07-2014 21:24:45 Software Distribution Service 3.0
14-07-2014 02:35:27 Software Distribution Service 3.0
14-07-2014 21:23:49 Software Distribution Service 3.0
15-07-2014 02:35:29 Software Distribution Service 3.0
15-07-2014 21:24:00 Software Distribution Service 3.0
16-07-2014 02:35:46 Software Distribution Service 3.0
16-07-2014 21:23:41 Software Distribution Service 3.0
17-07-2014 02:36:11 Software Distribution Service 3.0
18-07-2014 03:07:32 Software Distribution Service 3.0
18-07-2014 12:57:49 Software Distribution Service 3.0
19-07-2014 02:34:43 Software Distribution Service 3.0
20-07-2014 00:04:33 Software Distribution Service 3.0
20-07-2014 02:34:27 Software Distribution Service 3.0
21-07-2014 00:04:30 Software Distribution Service 3.0
21-07-2014 02:34:37 Software Distribution Service 3.0
21-07-2014 18:25:38 Restore Operation
21-07-2014 18:28:11 Restore Operation

==================== Hosts content: ==========================

2008-04-25 12:16 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DoxillionReminder.job => C:\Program Files\NCH Software\Doxillion\doxillion.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RegInOut Scheduled Scan - paul.smith.job => C:\Program Files\RegInOut\RegInOut.exe

==================== Loaded Modules (whitelisted) =============

2012-12-04 17:33 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2007-07-23 16:04 - 2007-07-23 16:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2013-09-19 09:08 - 2014-06-11 10:16 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-07-18 03:18 - 2014-07-15 05:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-18 03:18 - 2014-07-15 05:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-18 03:18 - 2014-07-15 05:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-18 03:18 - 2014-07-15 05:24 - 14664008 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\MOUNT:$WIMMOUNTDATA
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 02:27:43 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (07/21/2014 02:27:43 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (07/21/2014 02:25:12 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (07/21/2014 02:25:12 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (07/21/2014 02:07:29 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (07/21/2014 02:05:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/21/2014 01:58:09 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 376630321.

Error: (07/21/2014 01:56:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 36.0.1985.125, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/21/2014 09:39:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: TWINHILLSIRON)
Description: Product: Blue Iris ActiveX Control -- Error 1706.No valid source could be found for product Blue Iris ActiveX Control.  The Windows Installer cannot continue.

Error: (07/21/2014 09:39:12 AM) (Source: MsiInstaller) (EventID: 11706) (User: TWINHILLSIRON)
Description: Product: Blue Iris ActiveX Control -- Error 1706.No valid source could be found for product Blue Iris ActiveX Control.  The Windows Installer cannot continue.


System errors:
=============
Error: (07/21/2014 02:27:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (07/21/2014 02:27:43 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain TWINHILLSIRON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (07/21/2014 02:25:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (07/21/2014 02:25:12 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain TWINHILLSIRON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (07/21/2014 02:24:06 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/21/2014 02:09:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BANTExt
ElbyCDIO
ESProtectionDriver
Fips
intelppm
Lbd
MpFilter

Error: (07/21/2014 02:07:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/21/2014 02:07:29 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain TWINHILLSIRON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (07/20/2014 00:03:32 PM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.

Error: (07/20/2014 00:03:31 PM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver Nuance Image Printer Driver required for printer PaperPort Image Printer is unknown. Contact the administrator to install the driver before you log in again.


Microsoft Office Sessions:
=========================
Error: (07/21/2014 02:27:43 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/21/2014 02:27:43 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (07/21/2014 02:25:12 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (07/21/2014 02:25:12 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (07/21/2014 02:07:29 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (07/21/2014 02:05:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532hungapp0.0.0.000000000

Error: (07/21/2014 01:58:09 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 376630321

Error: (07/21/2014 01:56:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.125hungapp0.0.0.000000000

Error: (07/21/2014 09:39:15 AM) (Source: MsiInstaller) (EventID: 11706) (User: TWINHILLSIRON)
Description: Product: Blue Iris ActiveX Control -- Error 1706.No valid source could be found for product Blue Iris ActiveX Control.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)

Error: (07/21/2014 09:39:12 AM) (Source: MsiInstaller) (EventID: 11706) (User: TWINHILLSIRON)
Description: Product: Blue Iris ActiveX Control -- Error 1706.No valid source could be found for product Blue Iris ActiveX Control.  The Windows Installer cannot continue.(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 3036.91 MB
Available physical RAM: 1995.25 MB
Total Pagefile: 4926.53 MB
Available Pagefile: 4069.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.24 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:42.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:148.95 GB) (Free:119.35 GB) NTFS
Drive e: (140630_1743) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive g: (EOS_DIGITAL) (Removable) (Total:15.03 GB) (Free:15.02 GB) FAT32
Drive h: () (Network) (Total:698.08 GB) (Free:624.61 GB)
Drive s: () (Network) (Total:698.08 GB) (Free:624.61 GB)
Drive u: () (Network) (Total:698.08 GB) (Free:624.61 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 

 

  • On the Dashboard, click the 'Update Now >>' link

  • After the update completes, click the 'Scan Now >>' button.

  • Or, on the Dashboard, click the Scan Now >> button.

  • If an update is available, click the Update Now button.

  • A Threat Scan will begin.

  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

  • In most cases, a restart will be required.

  • Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

     

     

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

let me see those logs in your next reply...

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-07-2014
Ran by paul.smith at 2014-07-21 17:09:52 Run:1
Running from C:\File Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {15de9d94-7d04-11e2-8cca-00219b2177ca} - I:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {1fd731fc-669c-11e0-81af-00219b2177ca} - F:\TL_Bootstrap.exe
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {6cd2d04c-2a7f-11de-ac06-00219b2177ca} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {85e65948-f34a-11e0-81bc-00219b2177ca} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {d642ea53-87b4-11e0-81b1-00219b2177ca} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\MountPoints2: {e3ef165b-3eca-11de-ac0a-00219b2177ca} - F:\LaunchU3.exe -a
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; No ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
U1 WS2IFSL;
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfix.exe
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfixr.dll
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\vbtbrowser.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\applnch.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst64.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\ESDPK-HLX5-PhotoPlusStarterEdition_Setup.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\GdiPlus.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\mfc80u.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\regini.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\SETUP.EXE
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUAComnCtrl.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUARefresh.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\uninst.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\UTEngine.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\_is7C.exe
AlternateDataStreams: C:\MOUNT:$WIMMOUNTDATA
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
End
*****************

'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15de9d94-7d04-11e2-8cca-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{15de9d94-7d04-11e2-8cca-00219b2177ca}'=> Key not found.
'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1fd731fc-669c-11e0-81af-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{1fd731fc-669c-11e0-81af-00219b2177ca}'=> Key not found.
'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cd2d04c-2a7f-11de-ac06-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{6cd2d04c-2a7f-11de-ac06-00219b2177ca}'=> Key not found.
'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85e65948-f34a-11e0-81bc-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{85e65948-f34a-11e0-81bc-00219b2177ca}'=> Key not found.
'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d642ea53-87b4-11e0-81b1-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{d642ea53-87b4-11e0-81b1-00219b2177ca}'=> Key not found.
'HKU\S-1-5-21-2072321966-259001148-2609447416-1136\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3ef165b-3eca-11de-ac0a-00219b2177ca}' => Key deleted successfully.
'HKCR\CLSID\{e3ef165b-3eca-11de-ac0a-00219b2177ca}'=> Key not found.
Lavasoft Kernexplorer => Service deleted successfully.
Lbd => Service deleted successfully.
USBAAPL => Service deleted successfully.
usbbus => Service deleted successfully.
UsbDiag => Service deleted successfully.
USBModem => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfix.exe => Moved successfully.
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\ohotfixr.dll => Moved successfully.
C:\Documents and Settings\administrator.TWINHILLSIRON\Local Settings\Temp\vbtbrowser.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\applnch.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst64.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\ESDPK-HLX5-PhotoPlusStarterEdition_Setup.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\GdiPlus.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\mfc80u.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcp80.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\msvcr80.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\regini.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\SETUP.EXE => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUAComnCtrl.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\SUARefresh.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\uninst.exe => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\UTEngine.dll => Moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\_is7C.exe => Moved successfully.
C:\MOUNT => ":$WIMMOUNTDATA" ADS removed successfully.
"C:\WINDOWS\system32\igfxsrvc.exe" => ":SummaryInformation" ADS not found.
C:\WINDOWS\system32\igfxsrvc.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog ====


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 5:13:28 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: paul.smith

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346428
Time Elapsed: 12 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


# AdwCleaner v3.216 - Report created 21/07/2014 at 17:31:35
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : paul.smith - PAULSOFFICE
# Running from : C:\File Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\paul.smith\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\paul.smith\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\WINDOWS\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\FLV Player
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5677 octets] - [21/07/2014 17:28:09]
AdwCleaner[s0].txt - [5625 octets] - [21/07/2014 17:31:36]

########## EOF - H:\AdwCleaner\AdwCleaner[s0].txt - [5625 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by paul.smith on Mon 07/21/2014 at 17:38:28.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\paul.smith\Application Data\mozilla\firefox\profiles\z5x3mr44.default\minidumps [25 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 17:42:27.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close" (Remember to save the log first)
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Post those logs in next reply, also let me know if you have any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Hey Kevin,

 

Here are the last two log files you asked for. Have not seen any other issues. System already seems to run better. Let me know if there is anything else I need to do.

 

 

Thanks for your help!

 

Paul

 

 

C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0267d6    HTML/Ransom.P trojan
C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\1030-4002_PassShow.exe    a variant of Win32/AdWare.AddLyrics.AS application
C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\sp-downloader.exe    Win32/Conduit.SearchProtect.N potentially unwanted application
C:\File Downloads\FreeAudioCDToMP3Converter.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\File Downloads\Utilities\reginout_setup.exe    multiple threats
C:\FRST\Quarantine\C\Documents and Settings\paul.smith\Local Settings\Temp\uninst.exe.xBAD    a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\RECYCLER\S-1-5-21-2072321966-259001148-2609447416-1136\Dc414.exe    Win32/Toolbar.Conduit.S potentially unwanted application

 Results of screen317's Security Check version 0.99.86  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player     14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (30.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Hiya Paul,

 

Thanks for the new logs and update. It would seem that you did not have the FBI Ransom virus, the issue was a typical browser hijacker. Continue as follows:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0267d6C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\1030-4002_PassShow.exe    C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\sp-downloader.exe    C:\File Downloads\FreeAudioCDToMP3Converter.exe    C:\File Downloads\Utilities\reginout_setup.exeC:\RECYCLER\S-1-5-21-2072321966-259001148-2609447416-1136\Dc414.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Post log from OTM, also let me know if java updated successfully. Give an update on any remaining issues or concerns.. if none run the following to clean up, remove tools etc...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

 

Kevin...

Link to post
Share on other sites

Here is the OTM log;

 

All processes killed
========== FILES ==========
C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0267d6 moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\1030-4002_PassShow.exe moved successfully.
C:\Documents and Settings\paul.smith\Local Settings\Temp\dlmE01.tmp\sp-downloader.exe moved successfully.
C:\File Downloads\FreeAudioCDToMP3Converter.exe moved successfully.
C:\File Downloads\Utilities\reginout_setup.exe moved successfully.
C:\RECYCLER\S-1-5-21-2072321966-259001148-2609447416-1136\Dc414.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 636730 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes
 
User: administrator.TWINHILLSIRON
->Temp folder emptied: 43715646 bytes
->Temporary Internet Files folder emptied: 856652 bytes
->Flash cache emptied: 321 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 321 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 3322376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: paul.smith
->Temp folder emptied: 558139457 bytes
->Temporary Internet Files folder emptied: 27361760 bytes
->Java cache emptied: 99175330 bytes
->FireFox cache emptied: 151496605 bytes
->Google Chrome cache emptied: 448607373 bytes
->Flash cache emptied: 2876767 bytes
 
User: PAUL~1~SMI
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51407415 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 580841628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 125350209 bytes
 
Total Files Cleaned = 1,997.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07222014_090601

Files moved on Reboot...
File C:\Documents and Settings\paul.smith\Local Settings\Temp\WERed77.dir00\appcompat.txt not found!
File C:\Documents and Settings\paul.smith\Local Settings\Temp\WERed77.dir00\manifest.txt not found!
File C:\Documents and Settings\paul.smith\Local Settings\Temp\WERed77.dir00\MsMpEng.exe.hdmp not found!
File C:\Documents and Settings\paul.smith\Local Settings\Temp\WERed77.dir00\MsMpEng.exe.mdmp not found!
File C:\Documents and Settings\paul.smith\Local Settings\Temp\WERdc7e.dir00\mbamservice.exe.mdmp not found!
File C:\Documents and Settings\paul.smith\Local Settings\Temp\Temporary Internet Files\Content.IE5\3RWSFKF6\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

And the DelFix log.  I will try the Java install again.

 

 

 

 

# DelFix v10.7 - Logfile created 22/07/2014 at 09:39:02
# Updated 27/04/2014 by Xplode
# Username : paul.smith - PAULSOFFICE
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : H:\AdwCleaner
Deleted : C:\Documents and Settings\paul.smith\Desktop\JRT.txt
Deleted : C:\Documents and Settings\paul.smith\Desktop\Rkill.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2179 [software Distribution Service 3.0 | 04/23/2014 22:00:45]
Deleted : RP #2180 [software Distribution Service 3.0 | 04/24/2014 22:00:36]
Deleted : RP #2181 [software Distribution Service 3.0 | 04/25/2014 03:07:38]
Deleted : RP #2182 [software Distribution Service 3.0 | 04/25/2014 22:06:15]
Deleted : RP #2183 [software Distribution Service 3.0 | 04/26/2014 03:12:11]
Deleted : RP #2184 [software Distribution Service 3.0 | 04/26/2014 22:02:16]
Deleted : RP #2185 [software Distribution Service 3.0 | 04/27/2014 03:02:59]
Deleted : RP #2186 [software Distribution Service 3.0 | 04/27/2014 22:00:34]
Deleted : RP #2187 [software Distribution Service 3.0 | 04/28/2014 03:02:31]
Deleted : RP #2188 [software Distribution Service 3.0 | 04/28/2014 22:00:35]
Deleted : RP #2189 [software Distribution Service 3.0 | 04/29/2014 03:03:05]
Deleted : RP #2190 [software Distribution Service 3.0 | 04/29/2014 22:00:27]
Deleted : RP #2191 [software Distribution Service 3.0 | 04/30/2014 03:02:19]
Deleted : RP #2192 [Configured Blue Iris ActiveX Control | 04/30/2014 14:10:39]
Deleted : RP #2193 [software Distribution Service 3.0 | 04/30/2014 22:00:14]
Deleted : RP #2194 [software Distribution Service 3.0 | 05/01/2014 03:02:15]
Deleted : RP #2195 [software Distribution Service 3.0 | 05/01/2014 22:00:40]
Deleted : RP #2196 [software Distribution Service 3.0 | 05/02/2014 03:02:35]
Deleted : RP #2197 [software Distribution Service 3.0 | 05/02/2014 21:59:11]
Deleted : RP #2198 [software Distribution Service 3.0 | 05/03/2014 03:02:53]
Deleted : RP #2199 [software Distribution Service 3.0 | 05/03/2014 21:59:17]
Deleted : RP #2200 [software Distribution Service 3.0 | 05/04/2014 03:02:53]
Deleted : RP #2201 [software Distribution Service 3.0 | 05/05/2014 13:27:11]
Deleted : RP #2202 [software Distribution Service 3.0 | 05/06/2014 03:03:01]
Deleted : RP #2203 [software Distribution Service 3.0 | 05/06/2014 13:25:18]
Deleted : RP #2204 [software Distribution Service 3.0 | 05/07/2014 03:03:59]
Deleted : RP #2205 [software Distribution Service 3.0 | 05/08/2014 02:51:37]
Deleted : RP #2206 [software Distribution Service 3.0 | 05/08/2014 13:04:35]
Deleted : RP #2207 [software Distribution Service 3.0 | 05/09/2014 02:54:30]
Deleted : RP #2208 [software Distribution Service 3.0 | 05/09/2014 14:10:31]
Deleted : RP #2209 [software Distribution Service 3.0 | 05/10/2014 03:03:36]
Deleted : RP #2210 [software Distribution Service 3.0 | 05/10/2014 14:10:24]
Deleted : RP #2211 [software Distribution Service 3.0 | 05/11/2014 02:55:09]
Deleted : RP #2212 [software Distribution Service 3.0 | 05/11/2014 14:09:55]
Deleted : RP #2213 [software Distribution Service 3.0 | 05/12/2014 02:54:18]
Deleted : RP #2214 [software Distribution Service 3.0 | 05/12/2014 14:11:21]
Deleted : RP #2215 [software Distribution Service 3.0 | 05/13/2014 02:54:20]
Deleted : RP #2216 [software Distribution Service 3.0 | 05/13/2014 14:09:53]
Deleted : RP #2217 [software Distribution Service 3.0 | 05/14/2014 02:54:39]
Deleted : RP #2218 [software Distribution Service 3.0 | 05/14/2014 14:09:24]
Deleted : RP #2219 [software Distribution Service 3.0 | 05/15/2014 02:54:17]
Deleted : RP #2220 [software Distribution Service 3.0 | 05/16/2014 03:01:25]
Deleted : RP #2221 [software Distribution Service 3.0 | 05/16/2014 12:59:38]
Deleted : RP #2222 [Configured Blue Iris ActiveX Control | 05/16/2014 13:44:21]
Deleted : RP #2223 [software Distribution Service 3.0 | 05/17/2014 03:00:53]
Deleted : RP #2224 [software Distribution Service 3.0 | 05/17/2014 12:59:24]
Deleted : RP #2225 [software Distribution Service 3.0 | 05/18/2014 03:00:20]
Deleted : RP #2226 [software Distribution Service 3.0 | 05/18/2014 12:59:15]
Deleted : RP #2227 [software Distribution Service 3.0 | 05/19/2014 03:01:08]
Deleted : RP #2228 [software Distribution Service 3.0 | 05/19/2014 12:59:10]
Deleted : RP #2229 [software Distribution Service 3.0 | 05/20/2014 03:01:04]
Deleted : RP #2230 [software Distribution Service 3.0 | 05/21/2014 03:01:20]
Deleted : RP #2231 [software Distribution Service 3.0 | 05/21/2014 12:59:20]
Deleted : RP #2232 [software Distribution Service 3.0 | 05/22/2014 03:00:50]
Deleted : RP #2233 [software Distribution Service 3.0 | 05/22/2014 12:58:45]
Deleted : RP #2234 [software Distribution Service 3.0 | 05/23/2014 03:00:24]
Deleted : RP #2235 [software Distribution Service 3.0 | 05/23/2014 12:57:43]
Deleted : RP #2236 [software Distribution Service 3.0 | 05/24/2014 03:00:17]
Deleted : RP #2237 [software Distribution Service 3.0 | 05/24/2014 12:57:35]
Deleted : RP #2238 [software Distribution Service 3.0 | 05/25/2014 03:00:22]
Deleted : RP #2239 [software Distribution Service 3.0 | 05/25/2014 12:57:29]
Deleted : RP #2240 [software Distribution Service 3.0 | 05/26/2014 03:00:16]
Deleted : RP #2241 [software Distribution Service 3.0 | 05/26/2014 12:57:34]
Deleted : RP #2242 [software Distribution Service 3.0 | 05/27/2014 03:00:47]
Deleted : RP #2243 [software Distribution Service 3.0 | 05/27/2014 12:57:35]
Deleted : RP #2244 [software Distribution Service 3.0 | 05/28/2014 03:00:39]
Deleted : RP #2245 [software Distribution Service 3.0 | 05/28/2014 13:01:34]
Deleted : RP #2246 [software Distribution Service 3.0 | 05/29/2014 03:00:53]
Deleted : RP #2247 [software Distribution Service 3.0 | 05/29/2014 12:57:41]
Deleted : RP #2248 [software Distribution Service 3.0 | 05/30/2014 03:00:26]
Deleted : RP #2249 [software Distribution Service 3.0 | 05/30/2014 12:57:34]
Deleted : RP #2250 [software Distribution Service 3.0 | 05/31/2014 03:00:33]
Deleted : RP #2251 [software Distribution Service 3.0 | 05/31/2014 12:56:30]
Deleted : RP #2252 [software Distribution Service 3.0 | 06/01/2014 02:32:55]
Deleted : RP #2253 [software Distribution Service 3.0 | 06/01/2014 14:12:08]
Deleted : RP #2254 [software Distribution Service 3.0 | 06/02/2014 02:33:15]
Deleted : RP #2255 [software Distribution Service 3.0 | 06/02/2014 14:11:39]
Deleted : RP #2256 [software Distribution Service 3.0 | 06/03/2014 02:32:24]
Deleted : RP #2257 [software Distribution Service 3.0 | 06/03/2014 14:11:49]
Deleted : RP #2258 [software Distribution Service 3.0 | 06/04/2014 02:32:17]
Deleted : RP #2259 [software Distribution Service 3.0 | 06/04/2014 14:11:43]
Deleted : RP #2260 [software Distribution Service 3.0 | 06/05/2014 02:32:28]
Deleted : RP #2261 [software Distribution Service 3.0 | 06/05/2014 14:11:36]
Deleted : RP #2262 [software Distribution Service 3.0 | 06/06/2014 02:32:28]
Deleted : RP #2263 [software Distribution Service 3.0 | 06/06/2014 14:11:57]
Deleted : RP #2264 [software Distribution Service 3.0 | 06/07/2014 02:32:28]
Deleted : RP #2265 [software Distribution Service 3.0 | 06/07/2014 14:11:41]
Deleted : RP #2266 [software Distribution Service 3.0 | 06/08/2014 02:33:10]
Deleted : RP #2267 [software Distribution Service 3.0 | 06/08/2014 14:11:16]
Deleted : RP #2268 [software Distribution Service 3.0 | 06/09/2014 02:32:19]
Deleted : RP #2269 [software Distribution Service 3.0 | 06/09/2014 14:11:22]
Deleted : RP #2270 [software Distribution Service 3.0 | 06/10/2014 02:33:12]
Deleted : RP #2271 [software Distribution Service 3.0 | 06/10/2014 14:11:14]
Deleted : RP #2272 [software Distribution Service 3.0 | 06/11/2014 02:33:02]
Deleted : RP #2273 [software Distribution Service 3.0 | 06/11/2014 14:09:25]
Deleted : RP #2274 [software Distribution Service 3.0 | 06/12/2014 02:33:01]
Deleted : RP #2275 [software Distribution Service 3.0 | 06/12/2014 14:10:26]
Deleted : RP #2276 [software Distribution Service 3.0 | 06/13/2014 02:33:15]
Deleted : RP #2277 [software Distribution Service 3.0 | 06/13/2014 14:08:50]
Deleted : RP #2278 [software Distribution Service 3.0 | 06/14/2014 02:32:31]
Deleted : RP #2279 [software Distribution Service 3.0 | 06/14/2014 14:08:52]
Deleted : RP #2280 [software Distribution Service 3.0 | 06/15/2014 02:32:35]
Deleted : RP #2281 [software Distribution Service 3.0 | 06/15/2014 14:08:46]
Deleted : RP #2282 [software Distribution Service 3.0 | 06/16/2014 02:32:20]
Deleted : RP #2283 [software Distribution Service 3.0 | 06/16/2014 14:08:49]
Deleted : RP #2284 [software Distribution Service 3.0 | 06/17/2014 02:32:35]
Deleted : RP #2285 [software Distribution Service 3.0 | 06/17/2014 14:09:02]
Deleted : RP #2286 [software Distribution Service 3.0 | 06/18/2014 02:33:15]
Deleted : RP #2287 [software Distribution Service 3.0 | 06/18/2014 14:08:41]
Deleted : RP #2288 [software Distribution Service 3.0 | 06/19/2014 02:33:03]
Deleted : RP #2289 [software Distribution Service 3.0 | 06/19/2014 14:08:39]
Deleted : RP #2290 [software Distribution Service 3.0 | 06/20/2014 02:32:27]
Deleted : RP #2291 [software Distribution Service 3.0 | 06/20/2014 14:05:54]
Deleted : RP #2292 [software Distribution Service 3.0 | 06/21/2014 02:32:59]
Deleted : RP #2293 [software Distribution Service 3.0 | 06/21/2014 14:02:38]
Deleted : RP #2294 [software Distribution Service 3.0 | 06/22/2014 02:49:53]
Deleted : RP #2295 [software Distribution Service 3.0 | 06/22/2014 14:02:32]
Deleted : RP #2296 [software Distribution Service 3.0 | 06/23/2014 02:32:16]
Deleted : RP #2297 [system Checkpoint | 06/24/2014 02:48:48]
Deleted : RP #2298 [software Distribution Service 3.0 | 06/24/2014 03:16:55]
Deleted : RP #2299 [software Distribution Service 3.0 | 06/24/2014 13:43:41]
Deleted : RP #2300 [software Distribution Service 3.0 | 06/25/2014 03:15:30]
Deleted : RP #2301 [software Distribution Service 3.0 | 06/25/2014 13:44:55]
Deleted : RP #2302 [software Distribution Service 3.0 | 06/26/2014 03:15:49]
Deleted : RP #2303 [software Distribution Service 3.0 | 06/26/2014 13:45:23]
Deleted : RP #2304 [software Distribution Service 3.0 | 06/27/2014 03:16:01]
Deleted : RP #2305 [software Distribution Service 3.0 | 06/27/2014 13:43:33]
Deleted : RP #2306 [software Distribution Service 3.0 | 06/28/2014 03:15:32]
Deleted : RP #2307 [software Distribution Service 3.0 | 06/28/2014 13:44:32]
Deleted : RP #2308 [software Distribution Service 3.0 | 06/29/2014 03:15:30]
Deleted : RP #2309 [software Distribution Service 3.0 | 06/29/2014 13:43:28]
Deleted : RP #2310 [software Distribution Service 3.0 | 06/30/2014 03:16:14]
Deleted : RP #2311 [software Distribution Service 3.0 | 06/30/2014 13:43:34]
Deleted : RP #2312 [software Distribution Service 3.0 | 07/01/2014 03:16:13]
Deleted : RP #2313 [software Distribution Service 3.0 | 07/01/2014 13:44:05]
Deleted : RP #2314 [software Distribution Service 3.0 | 07/02/2014 03:15:49]
Deleted : RP #2315 [software Distribution Service 3.0 | 07/02/2014 13:43:33]
Deleted : RP #2316 [software Distribution Service 3.0 | 07/03/2014 03:16:18]
Deleted : RP #2317 [software Distribution Service 3.0 | 07/03/2014 13:43:31]
Deleted : RP #2318 [software Distribution Service 3.0 | 07/04/2014 03:15:42]
Deleted : RP #2319 [software Distribution Service 3.0 | 07/04/2014 13:43:19]
Deleted : RP #2320 [software Distribution Service 3.0 | 07/05/2014 03:15:20]
Deleted : RP #2321 [software Distribution Service 3.0 | 07/05/2014 13:43:17]
Deleted : RP #2322 [software Distribution Service 3.0 | 07/06/2014 03:15:25]
Deleted : RP #2323 [software Distribution Service 3.0 | 07/06/2014 13:43:17]
Deleted : RP #2324 [software Distribution Service 3.0 | 07/07/2014 03:16:10]
Deleted : RP #2325 [software Distribution Service 3.0 | 07/07/2014 13:43:20]
Deleted : RP #2326 [software Distribution Service 3.0 | 07/08/2014 03:24:38]
Deleted : RP #2327 [software Distribution Service 3.0 | 07/08/2014 19:06:30]
Deleted : RP #2328 [software Distribution Service 3.0 | 07/09/2014 03:25:12]
Deleted : RP #2329 [software Distribution Service 3.0 | 07/09/2014 19:06:29]
Deleted : RP #2330 [software Distribution Service 3.0 | 07/10/2014 02:35:51]
Deleted : RP #2331 [software Distribution Service 3.0 | 07/10/2014 21:23:47]
Deleted : RP #2332 [software Distribution Service 3.0 | 07/11/2014 02:41:54]
Deleted : RP #2333 [software Distribution Service 3.0 | 07/11/2014 21:23:58]
Deleted : RP #2334 [software Distribution Service 3.0 | 07/12/2014 02:35:45]
Deleted : RP #2335 [software Distribution Service 3.0 | 07/12/2014 21:23:47]
Deleted : RP #2336 [software Distribution Service 3.0 | 07/13/2014 02:35:15]
Deleted : RP #2337 [software Distribution Service 3.0 | 07/13/2014 21:24:45]
Deleted : RP #2338 [software Distribution Service 3.0 | 07/14/2014 02:35:27]
Deleted : RP #2339 [software Distribution Service 3.0 | 07/14/2014 21:23:49]
Deleted : RP #2340 [software Distribution Service 3.0 | 07/15/2014 02:35:29]
Deleted : RP #2341 [software Distribution Service 3.0 | 07/15/2014 21:24:00]
Deleted : RP #2342 [software Distribution Service 3.0 | 07/16/2014 02:35:46]
Deleted : RP #2343 [software Distribution Service 3.0 | 07/16/2014 21:23:41]
Deleted : RP #2344 [software Distribution Service 3.0 | 07/17/2014 02:36:11]
Deleted : RP #2345 [software Distribution Service 3.0 | 07/18/2014 03:07:32]
Deleted : RP #2346 [software Distribution Service 3.0 | 07/18/2014 12:57:49]
Deleted : RP #2347 [software Distribution Service 3.0 | 07/19/2014 02:34:43]
Deleted : RP #2348 [software Distribution Service 3.0 | 07/20/2014 00:04:33]
Deleted : RP #2349 [software Distribution Service 3.0 | 07/20/2014 02:34:27]
Deleted : RP #2350 [software Distribution Service 3.0 | 07/21/2014 00:04:30]
Deleted : RP #2351 [software Distribution Service 3.0 | 07/21/2014 02:34:37]
Deleted : RP #2352 [Restore Operation | 07/21/2014 18:25:38]
Deleted : RP #2353 [Restore Operation | 07/21/2014 18:28:11]
Deleted : RP #2354 [software Distribution Service 3.0 | 07/22/2014 03:11:43]
Deleted : RP #2355 [Revo Uninstaller's restore point - Java 7 Update 45 | 07/22/2014 12:51:27]
Deleted : RP #2356 [Removed Java 7 Update 45 | 07/22/2014 12:51:45]
Deleted : RP #2357 [installed Java 7 Update 65 | 07/22/2014 12:54:44]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Link to post
Share on other sites

Yep Java 7/65 is current version, we can leave that now. The FBI Ransom was down to a browser hijacker, this was removed, the accompanied Trojan was also removed. The rest of the dross removed was simple adware.

 

If no remaing issues or concerns are we ok to close out?

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

cheers,

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.