Jump to content

MBAM won't run or update, desktop seems hijacked


Recommended Posts

Hopeful for a little help here.  I have an older Windows XP desktop with an apparent malware infection.  I can't run MBAM or the updater from the desktop, from windows explorer or from safe mode.  The desktop seems to have been hijacked as there are only a few icons there instead of the normal crowd.  When searchin g the c drive directories via my computer, I am able to see the proper contents of the desktop folder but still can't run them.  I couldn't get FRST to install or run from desktop or normal safe mode but finally got it to scan from a flash drive while in safe mode with command prompt.  Here are the 2 logs.  Thanks in advance for any help.

 

 

-----------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by ............ (administrator) on OFFICE-NEW on 16-08-2014 20:39:05
Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll ()
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} http://www.pulkin.com/OnlineInstaller/setup.exe
DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} http://www.pulkin.com/OnlineInstaller/setup.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139196173421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://pulkin.com/OnlineInstaller/setup.exe
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (YouTube) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
CHR Extension: (Google Search) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
CHR Extension: (Gmail) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-14] ()
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-03-03] () [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [99840 2002-11-12] (Intel Corporation)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S1 FAMv4; C:\WINDOWS\System32\DRIVERS\FAMv4.sys [97816 2008-04-21] (FAMv4)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 l8042pr2; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [50830 2002-07-02] (Logitech, Inc.)
R3 LKbdFlt2; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [6030 2002-07-02] (Logitech, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-14] (Malwarebytes Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2006-02-12] (Sonic Solutions) [File not signed]
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 si3112; C:\WINDOWS\System32\drivers\si3112.sys [47320 2002-12-17] (Silicon Image, Inc.) [File not signed]
S0 FileCloner; System32\drivers\famfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\Drivers\AFS2K.sys 0EBB674888CBDEFD5773341C16DD6A07
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\ati2mtag.sys BD7DC30DF0679E99F65D8B310F6C8DFE
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\avgdiskx.sys 66005CD6AA6764265EC67AD1A3F4552F
C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys A9794BF4820E6C3225B24F990B5203EF
C:\WINDOWS\System32\DRIVERS\avgidshx.sys C0701A3C53F0A0F5E4900F26365A10A1
C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys E7FEE532CEF01C97D7682E35D156244F
C:\WINDOWS\System32\DRIVERS\avgldx86.sys FA868D5784DE755DD8A1B4B1A80574E4
C:\WINDOWS\System32\DRIVERS\avglogx.sys 8D37558421330218C98722DF4AD85E83
C:\WINDOWS\System32\DRIVERS\avgmfx86.sys 5C3A4A2F473E614C1BF807FE2ABE0D05
C:\WINDOWS\System32\DRIVERS\avgrkx86.sys 86FCB8CE3E68C4777B98F7AF06FE8519
C:\WINDOWS\System32\DRIVERS\avgtdix.sys ACFEE559442E1FCD48EC74C7D3452608
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\Drivers\cercsr6.sys 84853B3FD012251690570E9E7E43343F
C:\WINDOWS\System32\DRIVERS\ctljystk.sys 71007BD2E1E26927FE3E4EB00C0BEEDF
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\DRIVERS\e1000325.sys 854293999E91BF2EB9E786166DE4A35F
C:\WINDOWS\System32\drivers\emu10k1m.sys 01F83E1B5DCE05F5CB7D99113CA9E890
C:\WINDOWS\System32\drivers\ctlfacem.sys 7FFA171CCE6A8BFC774862A578BA39A2
C:\WINDOWS\System32\DRIVERS\FAMv4.sys 222967005F832AB78FE070E315A81C56
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\gameenum.sys 065639773D8B03F33577F6CDAEA21063
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys 80794CC09E6AEA4C10EC35AE6BA86AD4
C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys B3E69110FBA2C07B634E6BF20FE9F9AC
C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys 6D8F6F74341D804A2552D5C6EDC98CB9
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\system32\Drivers\PCIIde.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\Drivers\PxHelp20.sys 86724469CD077901706854974CD13C3E
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\System32\DRIVERS\sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\sfmanm.sys 0B1A5E9CACB5CDD54A2815107BD7C772
C:\WINDOWS\System32\drivers\si3112.sys 83409D0F9C886DB038DCC4D377955C6A
C:\WINDOWS\System32\DRIVERS\smserial.sys 7788242E3628A32A77C384AFF392E514
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 20:36 - 2014-08-16 20:39 - 00000000 ____D () C:\FRST
2014-08-16 20:10 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.bat.exe
2014-08-16 20:07 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.exe.exe
2014-08-16 18:59 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\dts.bat.exe
2014-08-13 23:33 - 2014-08-13 23:38 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\vlc
2014-08-13 21:52 - 2014-08-13 23:28 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Adobe
2014-08-13 21:32 - 2014-08-13 21:32 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\AVG2014
2014-08-13 13:55 - 2014-08-14 14:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 13:55 - 2014-08-13 13:55 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 13:55 - 2014-08-13 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2014-08-13 13:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-13 13:34 - 2014-08-13 13:34 - 00000000 ____D () C:\Malwarebytes
2014-08-13 11:10 - 2014-08-13 11:10 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-08-13 11:10 - 2014-08-13 11:10 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-08-13 10:35 - 2014-08-15 15:36 - 00000000 ____D () C:\Documents and Settings\TEMP
2014-08-08 13:57 - 2014-08-08 13:57 - 00043008 _____ () C:\Documents and Settings\Mike Taylor\Desktop\closed sat sign.pub
2014-07-30 19:19 - 2014-07-30 19:19 - 00000913 _____ () C:\Documents and Settings\Mike Taylor\Desktop\Notary Law Updates  NNA.url
2014-07-22 23:10 - 2014-07-22 23:10 - 00031744 _____ () C:\Documents and Settings\Mike Taylor\Desktop\logo color.pub

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 20:39 - 2014-08-16 20:36 - 00000000 ____D () C:\FRST
2014-08-16 20:34 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-16 20:32 - 2006-02-05 16:55 - 01934182 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-16 20:28 - 2014-07-02 22:58 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\Ang N Paul
2014-08-16 20:23 - 2013-08-15 09:21 - 00667850 _____ () C:\WINDOWS\setupapi.log
2014-08-16 19:13 - 2006-09-26 17:58 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-16 19:07 - 2014-03-20 11:39 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-16 19:07 - 2013-01-31 20:17 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 19:05 - 2012-01-31 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-16 18:44 - 2014-08-16 20:10 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.bat.exe
2014-08-16 18:44 - 2014-08-16 20:07 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.exe.exe
2014-08-16 18:44 - 2014-08-16 18:59 - 01093632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\dts.bat.exe
2014-08-16 18:32 - 2013-01-31 20:17 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 18:19 - 2012-03-29 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-16 16:10 - 2013-08-14 15:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 16:00 - 2006-02-05 20:56 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 15:58 - 2006-02-05 17:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-16 15:58 - 2006-02-05 11:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-16 15:58 - 2006-02-05 11:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-15 18:14 - 2006-02-05 17:07 - 00032500 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-15 15:54 - 2006-02-05 23:14 - 00000532 _____ () C:\WINDOWS\ODBC.INI
2014-08-15 15:36 - 2014-08-13 10:35 - 00000000 ____D () C:\Documents and Settings\TEMP
2014-08-14 19:23 - 2006-08-17 09:50 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\scan
2014-08-14 14:37 - 2014-08-13 13:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:51 - 2013-10-09 15:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-13 23:52 - 2011-07-22 10:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-13 23:38 - 2014-08-13 23:33 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\vlc
2014-08-13 23:28 - 2014-08-13 21:52 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Adobe
2014-08-13 21:32 - 2014-08-13 21:32 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\AVG2014
2014-08-13 19:07 - 2006-07-21 18:48 - 00002435 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
2014-08-13 18:47 - 2006-02-05 16:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-13 13:57 - 2006-03-22 15:08 - 00000000 ____D () C:\Program Files\Remote Backup
2014-08-13 13:55 - 2014-08-13 13:55 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 13:55 - 2014-08-13 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2014-08-13 13:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2012-01-02 18:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-13 13:54 - 2012-01-02 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-13 13:34 - 2014-08-13 13:34 - 00000000 ____D () C:\Malwarebytes
2014-08-13 11:10 - 2014-08-13 11:10 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-08-13 11:10 - 2014-08-13 11:10 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-08-13 11:10 - 2006-02-05 11:03 - 00001024 ____H () C:\WINDOWS\system32\config\userdiff.LOG
2014-08-13 10:31 - 2006-02-05 17:09 - 00000278 ___SH () C:\Documents and Settings\Mike Taylor\ntuser.ini
2014-08-12 21:18 - 2007-11-14 22:38 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\Shopping
2014-08-12 10:28 - 2006-02-05 17:09 - 00000000 ____D () C:\Documents and Settings\Mike Taylor
2014-08-08 15:00 - 2014-03-20 11:39 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 13:57 - 2014-08-08 13:57 - 00043008 _____ () C:\Documents and Settings\Mike Taylor\Desktop\closed sat sign.pub
2014-08-06 00:01 - 2006-03-10 20:04 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\My Documents\Customer Files
2014-08-04 18:15 - 2006-02-07 21:25 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Application Data\AdobeUM
2014-07-30 19:19 - 2014-07-30 19:19 - 00000913 _____ () C:\Documents and Settings\Mike Taylor\Desktop\Notary Law Updates  NNA.url
2014-07-25 17:17 - 2010-08-16 20:17 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Application Data\vlc
2014-07-24 10:27 - 2013-07-15 23:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:20 - 2013-07-15 23:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-22 23:10 - 2014-07-22 23:10 - 00031744 _____ () C:\Documents and Settings\Mike Taylor\Desktop\logo color.pub

Files to move or delete:
====================
C:\Documents and Settings\Mike Taylor\gotomypc_437.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

And the ADDITION scan is as follows

 

_______________________________________________________________________________

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Mike Taylor at 2014-08-16 20:40:46
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALZip (HKLM\...\ALZip_is1) (Version: 6.7 - ESTsoft Corp.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1008 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5090 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 7.992-040303m-014319C-ATI - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Broderbund Media Manager (HKLM\...\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}) (Version:  - Broderbund)
Calendar Creator 7.0 (HKLM\...\Calendar Creator 7.0) (Version:  - )
Calendar Creator for Windows V4.00 (HKLM\...\ccwin4.0) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Detector Tools (HKLM\...\{61B13456-C8EE-4805-8E0C-DF1A5BCABB32}) (Version: 1.4.0 - Escort)
EPSON TWAIN 5 (HKLM\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
J2SE Runtime Environment 5.0 Update 10 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 9 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LiveUpdate 2.6 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.6.18.0 - Symantec Corporation)
Logitech MouseWare 9.70  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PackMeister pro (HKLM\...\ST6UNST #1) (Version:  - )
Quick View Plus (HKLM\...\QVP) (Version:  - )
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Connection Diagnostic Tool (HKLM\...\{8FC44A80-059E-4358-BBB4-50FAEBED7627}) (Version: 4.0.0 - Intuit)
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime (HKLM\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.)
Remote Backup 2006 (Version: 9.20.000 - Remote Backup Systems, Inc.) Hidden
Remote Backup 2007 (HKLM\...\{F0674B40-D8C3-11D3-8C61-00104B1F6CF0}) (Version: 10.00.003 - Remote Backup Systems)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
The Big Box of Art 615,000 (HKLM\...\{2F5D985D-2748-40F8-ACEC-2E59B4F23C50}) (Version: 2.20.0000 - Hemera Technologies Inc.)
The Print Shop (HKLM\...\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}) (Version:  - Broderbund LLC)
The Print Shop 21 (HKLM\...\{55B30AF2-7331-4436-9318-D9EA45A42F79}) (Version: 21.00.0000 - Broderbund Software)
Time Zone Data Update Tool for Microsoft Office Outlook (HKLM\...\{95120000-0038-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1029 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VBA (3821h) (Version: 6.02.00.8919 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - English (Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 2002 (Version: 10 - Corel) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

19-05-2014 15:25:02 System Checkpoint
20-05-2014 18:11:55 System Checkpoint
21-05-2014 18:39:35 System Checkpoint
22-05-2014 22:11:11 System Checkpoint
23-05-2014 22:19:02 System Checkpoint
25-05-2014 02:17:57 System Checkpoint
26-05-2014 02:19:03 System Checkpoint
27-05-2014 06:19:01 System Checkpoint
28-05-2014 06:34:51 System Checkpoint
29-05-2014 09:50:19 System Checkpoint
30-05-2014 10:41:56 System Checkpoint
31-05-2014 14:11:38 System Checkpoint
02-06-2014 15:49:12 System Checkpoint
03-06-2014 16:25:10 System Checkpoint
04-06-2014 18:33:07 System Checkpoint
05-06-2014 19:03:36 System Checkpoint
06-06-2014 19:09:40 System Checkpoint
07-06-2014 19:45:06 System Checkpoint
08-06-2014 23:44:01 System Checkpoint
10-06-2014 00:26:24 System Checkpoint
11-06-2014 02:52:40 System Checkpoint
11-06-2014 07:00:21 Software Distribution Service 3.0
12-06-2014 10:28:16 System Checkpoint
13-06-2014 11:39:57 System Checkpoint
14-06-2014 14:14:38 System Checkpoint
15-06-2014 14:54:38 System Checkpoint
16-06-2014 18:10:58 System Checkpoint
17-06-2014 22:43:06 System Checkpoint
18-06-2014 23:46:56 System Checkpoint
20-06-2014 02:45:38 System Checkpoint
21-06-2014 05:59:10 System Checkpoint
22-06-2014 06:45:04 System Checkpoint
23-06-2014 10:43:58 System Checkpoint
24-06-2014 13:21:28 System Checkpoint
25-06-2014 18:13:21 System Checkpoint
26-06-2014 20:14:28 System Checkpoint
27-06-2014 23:08:59 System Checkpoint
29-06-2014 02:59:35 System Checkpoint
30-06-2014 03:23:23 System Checkpoint
01-07-2014 06:20:27 System Checkpoint
02-07-2014 09:59:04 System Checkpoint
03-07-2014 02:29:00 Removed Bentley View V8i 08.11.05.19
04-07-2014 03:58:49 System Checkpoint
05-07-2014 04:18:55 System Checkpoint
06-07-2014 04:30:20 System Checkpoint
07-07-2014 08:17:51 System Checkpoint
08-07-2014 10:34:33 System Checkpoint
09-07-2014 07:00:18 Software Distribution Service 3.0
10-07-2014 10:20:56 System Checkpoint
11-07-2014 10:28:51 System Checkpoint
12-07-2014 14:28:05 System Checkpoint
13-07-2014 14:29:28 System Checkpoint
14-07-2014 14:50:00 System Checkpoint
15-07-2014 15:19:14 System Checkpoint
16-07-2014 18:55:01 System Checkpoint
17-07-2014 22:41:38 System Checkpoint
18-07-2014 23:55:11 System Checkpoint
20-07-2014 03:24:10 System Checkpoint
21-07-2014 07:24:10 System Checkpoint
22-07-2014 10:21:04 System Checkpoint
23-07-2014 11:05:10 System Checkpoint
24-07-2014 14:19:23 Software Distribution Service 3.0
25-07-2014 14:43:10 System Checkpoint
26-07-2014 15:17:50 System Checkpoint
27-07-2014 19:02:29 System Checkpoint
29-07-2014 00:10:21 System Checkpoint
30-07-2014 03:39:32 System Checkpoint
31-07-2014 06:33:25 System Checkpoint
01-08-2014 06:51:31 System Checkpoint
02-08-2014 10:50:32 System Checkpoint
03-08-2014 15:03:04 System Checkpoint
04-08-2014 15:32:20 System Checkpoint
05-08-2014 19:50:25 System Checkpoint
06-08-2014 22:39:19 System Checkpoint
07-08-2014 22:40:26 System Checkpoint
08-08-2014 22:45:07 System Checkpoint
10-08-2014 02:38:34 System Checkpoint
11-08-2014 02:39:38 System Checkpoint
12-08-2014 03:46:17 System Checkpoint
13-08-2014 06:38:30 System Checkpoint
13-08-2014 22:47:45 Restore Operation
15-08-2014 20:21:32 System Checkpoint
16-08-2014 20:00:01 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2011-12-30 19:44 - 00439920 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2004-05-14 00:05 - 2004-05-14 00:05 - 00086016 _____ () C:\WINDOWS\system32\Ati2evxx.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk => C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Calendar Creator Scheduler.lnk => C:\WINDOWS\pss\Calendar Creator Scheduler.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Webshots.lnk => C:\WINDOWS\pss\Webshots.lnkStartup
MSCONFIG\startupreg: Ad-Watch => C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DealRunner => C:\Program Files\DealRunner\DealRunner.exe
MSCONFIG\startupreg: EM_EXEC => C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Shop To Win => C:\Program Files\Shop To Win\ShopToWin.exe
MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

==================== Faulty Device Manager Devices =============

Name: RADEON 9200 SERIES - Secondary
Description: RADEON 9200 SERIES - Secondary
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2014 08:39:22 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:16 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:16 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avgtdix
FAMv4
FileCloner
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31

Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (08/16/2014 08:35:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (08/16/2014 08:35:40 PM) (Source: DCOM) (EventID: 10005) (User: OFFICE-NEW)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/16/2014 08:34:47 PM) (Source: DCOM) (EventID: 10005) (User: OFFICE-NEW)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (08/16/2014 08:34:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/16/2014 08:32:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (08/16/2014 08:39:22 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:19 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:16 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:16 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/16/2014 08:39:15 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.66GHz
Percentage of memory in use: 20%
Total physical RAM: 1534.99 MB
Available physical RAM: 1220.53 MB
Total Pagefile: 2923.98 MB
Available Pagefile: 2819.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.75 GB) (Free:149.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (USB DISK) (Removable) (Total:28.85 GB) (Free:28.85 GB) FAT32
Drive g: (LEXAR) (Fixed) (Total:0.96 GB) (Free:0.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233.8 GB) (Disk ID: BAF5BAF5)
Partition 1: (Active) - (Size=233.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 989.5 MB) (Disk ID: 2DB91CAE)
Partition 1: (Not Active) - (Size=988 MB) - (Type=0B)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: 72A017CB)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

Please run a Quick Scan with Malwarebytes

For Malwarebytes ver: 1.75

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Post the log

For Malwarebytes 2.0, please run a Threat Scan

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Here is the scan log for the last scan i could do for mbam.  I cant get it to run now via any method I try.  Sorry for the code.  The report saved as an xml file.  I'm not too fluent in most code based stuff.

 

 
 
 
 
 
<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header>

<date>2014/08/14 11:29:50 -0400</date><logfile>mbam-log-2014-08-14 (11-29-49).xml</logfile><isadmin>yes</isadmin>

</header>

<engine><version>2.00.2.1012</version><malware-database>v2014.03.04.09</malware-database><rootkit-database>v2014.02.20.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine><system><osversion>Windows XP Service Pack 3</osversion><arch>x86</arch><username>Mike Taylor</username><filesys>NTFS</filesys></system><summary><type>threat</type><result>completed</result><objects>250364</objects><time>843</time><processes>0</processes><modules>0</modules><keys>9</keys><values>2</values><datas>0</datas><folders>0</folders><files>8</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items><key><path>HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>c88141be97e3fe387e5fcba92ed426da</hash></key><key><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>50f9fe01cfabbb7b0861301131d1ac54</hash></key><key><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>50f9fe01cfabbb7b0861301131d1ac54</hash></key><key><path>HKLM\SOFTWARE\InstallIQ</path><vendor>PUP.Optional.InstallBrain.A</vendor><action>success</action><hash>55f4807f7505a195201c038b52b06799</hash></key><key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update GrabRez</path><vendor>PUP.Optional.GrabRez.A</vendor><action>success</action><hash>79d007f882f80a2c54caf7ccae5556aa</hash></key><key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Torntv V9.0</path><vendor>PUP.Optional.TornTV.A</vendor><action>success</action><hash>5dece718d2a88aac3f26efa7f90932ce</hash></key><key><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload</path><vendor>PUP.Optional.1ClickDownload.A</vendor><action>success</action><hash>ff4a0ff07505d264b47557558281f10f</hash></key><key><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.BAK-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>c683ce311a60c6705d5f9d0e4eb5a55b</hash></key><key><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.BAK-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER</path><vendor>Adware.GamePlayLab</vendor><action>success</action><hash>ee5b916e2c4e1a1ceb31a8babd46e41c</hash></key><value><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER</path><valuename>Verifier</valuename><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><valuedata>3ec20999c08d38729af1fd04a57eb1a3</valuedata><hash>c683ce311a60c6705d5f9d0e4eb5a55b</hash></value><value><path>HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER</path><valuename>215AppVerifier</valuename><vendor>Adware.GamePlayLab</vendor><action>success</action><valuedata>1aed1f1fd7597dd7b323061d7a611752</valuedata><hash>ee5b916e2c4e1a1ceb31a8babd46e41c</hash></value><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\verifier.exe</path><vendor>PUP.Optional.Conduit</vendor><action>success</action><hash>2425cc334634082e623c0fc0867d5ba5</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nslA4.tmp</path><vendor>PUP.Optional.GigaClicks.A</vendor><action>success</action><hash>2c1d19e63e3c0d29d0b175e2fe0660a0</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nsmBE.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d376d22dbac03cfac490600bc73ad52b</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nso8E.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>58f12fd0a2d85cda92c2a1ca22df5ea2</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nss91.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>a2a713ecaeccfd39a8ac78f355ac659b</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nst89.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>b099fd02a3d769cdb69ec1aa47ba4ab6</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nsu86.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>4405817e73072511c29276f534cd48b8</hash></file><file><path>C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nse81\SpSetup.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>01486c935426ed4953edf769e61b49b7</hash></file></items>

</mbam-log>----------------------------

---------------------------------------------

-----------------------------------------------

 

 

 

 

 

 

 

 

 

 

Here is the Roguekiller report

 

-RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User : Mike Taylor [Admin rights]
Mode : Scan -- Date : 08/17/2014  19:09:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0x2]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Maxtor 6 B250S0 SCSI Disk Device +++++
--- User ---
[MBR] e0776ce43fb2d986cca7b5d2c7597b63
[bSP] 9e35c1b4cef5a9fa40a1c2ecf9795e61 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 239359 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: LEXAR JUMPDRIVE SECURE USB Device +++++
--- User ---
[MBR] 790133cceb3a89d88a09d550cfe219c4
[bSP] 65de562ffc3168d49f3abaafc279aa66 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 988 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: USB Device +++++
--- User ---
[MBR] eed7f6ed4aa3492f38d5ec891973d962
[bSP] 2e4d498efeca1c971e8ff595f527c6c5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 29569 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

 

---

--

 

---

 

--

 

-

-

-

-

-

--

I was able to get MBAM to run from flash drive using chameleon but had no control of the scan.  It seems as if it didnt do much.

 

 

-

 

-

-

-

-

-

-

<?xml version="1.0" encoding="UTF-16"?>

<mbam-log>

<header><date>2014/08/17 17:31:04 -0400</date><logfile>mbam-log-2014-08-17 (17-31-03).xml</logfile><isadmin>yes</isadmin></header>

<engine><version>2.00.2.1012</version><malware-database>v2014.03.04.09</malware-database><rootkit-database>v2014.02.20.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>enabled</self-protection></engine><system><osversion>Windows XP Service Pack 3</osversion><arch>x86</arch><username>Mike Taylor</username><filesys>FAT32</filesys></system><summary><type>threat</type><result>completed</result><objects>252164</objects><time>2517</time><processes>0</processes><modules>0</modules><keys>0</keys><values>0</values><datas>0</datas><folders>0</folders><files>0</files><sectors>0</sectors></summary><options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>enabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options><items> </items>

</mbam-log>

 

Link to post
Share on other sites

Save the logs as txt files and post them again:

 

Logs can be located by clicking on the History button. You can double click a log and choose to export in either text or xml file formats. In most cases you can simply click on the Copy to Clipboard button when the log is opened and then paste it back to a reply here on the forum if looking for help or someone requested you to post the log. Please do not post xml log files on the forum unless requested by a helper or Staff member. The logs are also stored in the following location by default for Vista/Win7/8 unless you move the path. C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs The path for Windows XP is: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs

MrC

Link to post
Share on other sites

I will work on that.  I am having difficulty in getting MBAM to run any way other than in safe mode via chameleon.  When I run it, I do not have an option as to what type of scan to run nor a method to choose what type of file the report will be when generated.  Is there any action the RogueKiller report above indicates I should take?

Link to post
Share on other sites

Yes, knew I'd seen it.  In safe mode, the lower part of the window is not visible.  Had to save report to flash drive and then copy it to a working computer with malwarebytes installed.  Then, open the report from there and export.  Here it is.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/14/2014
Scan Time: 11:29:50 AM
Logfile: mbam rpt 081414.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Mike Taylor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250364
Time Elapsed: 14 min, 3 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [c88141be97e3fe387e5fcba92ed426da],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [50f9fe01cfabbb7b0861301131d1ac54],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [50f9fe01cfabbb7b0861301131d1ac54],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\InstallIQ, Quarantined, [55f4807f7505a195201c038b52b06799],
PUP.Optional.GrabRez.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update GrabRez, Quarantined, [79d007f882f80a2c54caf7ccae5556aa],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Torntv V9.0, Quarantined, [5dece718d2a88aac3f26efa7f90932ce],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [ff4a0ff07505d264b47557558281f10f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2025429265-362288127-839522115-1003.BAK-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [c683ce311a60c6705d5f9d0e4eb5a55b],
Adware.GamePlayLab, HKU\S-1-5-21-2025429265-362288127-839522115-1003.BAK-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [ee5b916e2c4e1a1ceb31a8babd46e41c],

Registry Values: 2
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|Verifier, 3ec20999c08d38729af1fd04a57eb1a3, Quarantined, [c683ce311a60c6705d5f9d0e4eb5a55b]
Adware.GamePlayLab, HKU\S-1-5-21-2025429265-362288127-839522115-1003.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|215AppVerifier, 1aed1f1fd7597dd7b323061d7a611752, Quarantined, [ee5b916e2c4e1a1ceb31a8babd46e41c]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.Conduit, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\verifier.exe, Quarantined, [2425cc334634082e623c0fc0867d5ba5],
PUP.Optional.GigaClicks.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nslA4.tmp, Quarantined, [2c1d19e63e3c0d29d0b175e2fe0660a0],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nsmBE.exe, Quarantined, [d376d22dbac03cfac490600bc73ad52b],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nso8E.exe, Quarantined, [58f12fd0a2d85cda92c2a1ca22df5ea2],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nss91.exe, Quarantined, [a2a713ecaeccfd39a8ac78f355ac659b],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nst89.exe, Quarantined, [b099fd02a3d769cdb69ec1aa47ba4ab6],
PUP.Optional.SearchProtect.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nsu86.exe, Quarantined, [4405817e73072511c29276f534cd48b8],
PUP.Optional.Conduit.A, C:\Documents and Settings\Mike Taylor\Local Settings\Temp\nse81\SpSetup.exe, Quarantined, [01486c935426ed4953edf769e61b49b7],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ======================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

    Run FRST.exe/FRST64.exe and click Fix only once and wait

    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    =====================

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

When I get to the point at which I need to run TDSSKiller, I run into a problem.  As I stated in the beginning, my desktop has been hijacked and I can only functionally run programs from a flash drive.  I can't figure out how to have TDSSKiller reboot properly after the first step so that it starts automatically.  How should I proceed?

Link to post
Share on other sites

See if you can do this:

Download aswMBR to your desktop.

http://public.avast.com/~gmerek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

MrC

Link to post
Share on other sites

Here is the fixlog report.  I am unable to complete running either the TDSSKIller or the aswMBR.  NOTHING will run from the desktop in regular startup, safe mode or safe mode with networking.  The ONLY way I seem to be able to get anything to run is in safe mode with command prompt.  Any suggestions?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Mike Taylor at 2014-08-18 12:40:50 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} http://www.pulkin.co...aller/setup.exe
DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} http://www.pulkin.co...aller/setup.exe
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} http://pulkin.com/On...aller/setup.exe
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly => Value not found.
Error setting Default URLSearchHook.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{53D40FAA-4E21-459F-AA87-E4D97FC3245A}" => Key deleted successfully.
"HKCR\CLSID\{53D40FAA-4E21-459F-AA87-E4D97FC3245A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5E936384-B736-4A9E-AA93-832CA59FDCEC}" => Key deleted successfully.
"HKCR\CLSID\{5E936384-B736-4A9E-AA93-832CA59FDCEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" => Key deleted successfully.
"HKCR\CLSID\{B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@viewpoint.com/VMP" => Key deleted successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Combofix ran from flash drive.  Here is the report.

 

 

ComboFix 14-08-17.01 - Mike Taylor 08/18/2014  20:10:35.1.1 - x86 MINIMAL
Running from: F:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Mike Taylor\WINDOWS
C:\END
C:\LOG232.tmp
C:\LOGD1.tmp
C:\LOGD2.tmp
c:\windows\system32\bszip.dll
c:\windows\system32\SET16.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB1.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-19 to 2014-08-19  )))))))))))))))))))))))))))))))
.
.
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-15 17:16 . 2012-03-29 20:02    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-15 17:16 . 2011-05-20 00:05    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 05:25 . 2014-06-18 05:25    6010880    ----a-w-    c:\program files\GUT53.tmp
2014-06-17 20:22 . 2011-10-07 11:23    188696    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-06-17 20:21 . 2011-07-11 06:14    197400    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-06-17 20:18 . 2012-09-21 08:46    241944    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2014-06-17 20:17 . 2012-04-19 08:50    147736    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2014-06-17 20:17 . 2014-06-17 20:17    190232    ----a-w-    c:\windows\system32\drivers\avgidsdriverlx.sys
2014-06-17 20:06 . 2013-08-01 20:06    121624    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 20:06 . 2011-08-08 11:08    98584    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 20:06 . 2011-09-13 11:30    27416    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 20:06 . 2011-12-23 17:32    21272    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-09-30 3761464]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"{7C1E3591-6DF5-4025-B814-62FC45DFC128}"="start" [X]
"{6FA3AC8D-A017-4DA6-B3C2-24E3E004292D}"="start" [X]
"{AC7526C7-280B-408B-A576-1F2A39871F76}"="start" [X]
"1"="f:\mbam-chameleon-3.1.4.0\Chameleon\Windows\mbam-chameleon.exe" [2014-06-03 755512]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20607013.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28284749.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72901429.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk
backup=c:\windows\pss\LaunchU3.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Calendar Creator Scheduler.lnk]
path=c:\documents and settings\Mike Taylor\Start Menu\Programs\Startup\Calendar Creator Scheduler.lnk
backup=c:\windows\pss\Calendar Creator Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Mike Taylor\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 06:18    57344    ----a-w-    c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
2002-07-01 13:50    28672    ----a-w-    c:\progra~1\Logitech\MOUSEW~1\system\EM_EXEC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ------w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2002-08-15 09:54    77887    ----a-w-    c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-20 01:16    286720    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2003-06-19 13:49    548864    ----a-w-    c:\windows\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07    2260480    --sha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27    144784    ----a-w-    c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"YahooAUService"=2 (0x2)
"Symantec AntiVirus"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"gupdatem"=3 (0x3)
"CiSvc"=3 (0x3)
"AdobeActiveFileMonitor4.0"=2 (0x2)
"SwitchBoard"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBW32.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\DBManagerExe.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\FileManagement.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBLaunch.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 FileCloner;FileCloner;c:\windows\System32\drivers\famfd.sys [x]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\DRIVERS\avgidsdriverlx.sys [2014-06-17 190232]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 FAMv4;FAMv4;c:\windows\system32\DRIVERS\FAMv4.sys [2008-04-21 97816]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-08-17 54232]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 03:42    1104200    ----a-w-    c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:16]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:21]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:21]
.
2014-08-18 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-19 01:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
Notify-NavLogon - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeAAMUpdater-1 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
MSConfigStartUp-DealRunner - c:\program files\DealRunner\DealRunner.exe
MSConfigStartUp-Shop To Win - c:\program files\Shop To Win\ShopToWin.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-18 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(240)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2014-08-18  20:19:40
ComboFix-quarantined-files.txt  2014-08-19 00:19
.
Pre-Run: 161,408,602,112 bytes free
Post-Run: 161,795,866,624 bytes free
.
- - End Of File - - CA182275EBEC4392795F531985E55D8E
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

It started last Wednesday morning.  I restarted my computer and when the desktop came back up, it had changed resolution and had only 8-10 icons instead of the 40-50 that were there just before.  Nothing recently installed.  Older computer that I've been wary of adding anything to for a while now.  No program would run from the desktop or from any folders when looking through the c drive.  At some point, I would see an error or something that referenced "MSVCR100.DLL"  I COULD open a few files that would prompt their default program to run (publisher, word, photo viewer, pdf) but not all the time.  When I try to launch a program, including some of the ones you have posted here, I get a small popup window stating that "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."  I can move files around, and have moved some needed ones to a shared network folder and opened them from another pc without a problem.  When I start in safe mode with command prompt, the prompt is "C:\Documents and Settings\TEMP>"

Link to post
Share on other sites

Done.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-08-2014 03
Ran by Mike Taylor (administrator) on OFFICE-NEW on 19-08-2014 14:18:24
Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [1] => F:\mbam-chameleon-3.1.4.0\Chameleon\Windows\mbam-chameleon.exe [755512 2014-06-03] (MalwareBytes)
HKLM\...\RunOnce: [{7C1E3591-6DF5-4025-B814-62FC45DFC128}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {7C1E3591-6DF5-4025-B814-62FC45DFC128}.exe -accepteula -accepteulaksn -activeimages -postboot
HKLM\...\RunOnce: [{6FA3AC8D-A017-4DA6-B3C2-24E3E004292D}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {6FA3AC8D-A017-4DA6-B3C2-24E3E004292D}.exe -accepteula -accepteulaksn -activeimages -postboot
HKLM\...\RunOnce: [{AC7526C7-280B-408B-A576-1F2A39871F76}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {AC7526C7-280B-408B-A576-1F2A39871F76}.exe -accepteula -accepteulaksn -activeimages -postboot
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll ()
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139196173421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-27]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (YouTube) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
CHR Extension: (Google Search) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-13]
CHR Extension: (Gmail) - C:\Documents and Settings\TEMP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
S4 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [397312 2004-05-14] ()
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-03-03] () [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [99840 2002-11-12] (Intel Corporation)
S3 emu10k; C:\WINDOWS\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\WINDOWS\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S1 FAMv4; C:\WINDOWS\System32\DRIVERS\FAMv4.sys [97816 2008-04-21] (FAMv4)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 l8042pr2; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [50830 2002-07-02] (Logitech, Inc.)
R3 LKbdFlt2; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [6030 2002-07-02] (Logitech, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-08-17] (Malwarebytes Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2006-02-12] (Sonic Solutions) [File not signed]
S3 sfman; C:\WINDOWS\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 si3112; C:\WINDOWS\System32\drivers\si3112.sys [47320 2002-12-17] (Silicon Image, Inc.) [File not signed]
U3 TrueSight; C:\WINDOWS\system32\drivers\TrueSight.sys [33512 2014-08-17] ()
S3 catchme; \??\C:\WINDOWS\TEMP\catchme.sys [X]
S0 FileCloner; System32\drivers\famfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 20:19 - 2014-08-18 20:19 - 00014326 _____ () C:\ComboFix.txt
2014-08-18 20:08 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-18 20:08 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-18 20:08 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-18 20:08 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-18 20:07 - 2014-08-18 20:19 - 00000000 ____D () C:\Qoobox
2014-08-18 20:07 - 2014-08-18 20:18 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-18 15:44 - 2014-08-18 15:33 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Mike Taylor\Desktop\aswMBR.exe
2014-08-18 15:43 - 2014-08-18 15:33 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Mike Taylor\Start Menu\Programs\aswMBR.exe
2014-08-18 14:43 - 2014-08-18 11:32 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\TEMP\Desktop\tdsskiller.exe
2014-08-18 12:38 - 2014-08-18 12:38 - 00000266 _____ () C:\DelFix.txt
2014-08-18 12:38 - 2014-08-18 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-17 18:59 - 2014-08-17 18:59 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-17 18:59 - 2014-08-17 18:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-17 17:17 - 2014-08-17 17:27 - 00003458 _____ () C:\Documents and Settings\TEMP\Desktop\unhide.txt
2014-08-16 20:36 - 2014-08-19 14:18 - 00000000 ____D () C:\FRST
2014-08-16 20:10 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.bat.exe
2014-08-16 20:07 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.exe.exe
2014-08-16 18:59 - 2014-08-16 18:44 - 01093632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\dts.bat.exe
2014-08-13 23:33 - 2014-08-13 23:38 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\vlc
2014-08-13 21:52 - 2014-08-13 23:28 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Adobe
2014-08-13 21:32 - 2014-08-13 21:32 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\AVG2014
2014-08-13 13:55 - 2014-08-17 23:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 13:55 - 2014-08-13 13:55 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 13:55 - 2014-08-13 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2014-08-17 17:30 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-13 13:54 - 2014-08-13 13:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 13:34 - 2014-08-13 13:34 - 00000000 ____D () C:\Malwarebytes
2014-08-13 11:10 - 2014-08-13 11:10 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-08-13 11:10 - 2014-08-13 11:10 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-08-13 10:35 - 2014-08-18 20:07 - 00000000 ____D () C:\Documents and Settings\TEMP
2014-08-08 13:57 - 2014-08-08 13:57 - 00043008 _____ () C:\Documents and Settings\Mike Taylor\Desktop\closed sat sign.pub
2014-07-30 19:19 - 2014-07-30 19:19 - 00000913 _____ () C:\Documents and Settings\Mike Taylor\Desktop\Notary Law Updates  NNA.url
2014-07-22 23:10 - 2014-07-22 23:10 - 00031744 _____ () C:\Documents and Settings\Mike Taylor\Desktop\logo color.pub

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 14:18 - 2014-08-16 20:36 - 00000000 ____D () C:\FRST
2014-08-19 14:15 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-19 14:14 - 2013-08-15 09:21 - 00710941 _____ () C:\WINDOWS\setupapi.log
2014-08-19 13:59 - 2014-03-20 11:39 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-19 13:59 - 2013-01-31 20:17 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 13:59 - 2006-02-05 16:55 - 02026186 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 13:59 - 2006-02-05 11:51 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-08-19 13:59 - 2006-02-05 11:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-08-19 13:58 - 2006-02-05 17:07 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-19 13:51 - 2006-02-05 17:07 - 00032642 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-19 13:31 - 2013-01-31 20:17 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 13:19 - 2012-03-29 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-19 09:24 - 2012-01-31 17:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-18 20:26 - 2006-02-05 17:07 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-08-18 20:19 - 2014-08-18 20:19 - 00014326 _____ () C:\ComboFix.txt
2014-08-18 20:19 - 2014-08-18 20:07 - 00000000 ____D () C:\Qoobox
2014-08-18 20:18 - 2014-08-18 20:07 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-18 20:17 - 2004-08-04 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-18 20:16 - 2006-02-05 17:09 - 00000000 ____D () C:\Documents and Settings\Mike Taylor
2014-08-18 20:07 - 2014-08-13 10:35 - 00000000 ____D () C:\Documents and Settings\TEMP
2014-08-18 17:45 - 2006-09-26 17:58 - 00000000 __SHD () C:\WINDOWS\CSC
2014-08-18 15:33 - 2014-08-18 15:44 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Mike Taylor\Desktop\aswMBR.exe
2014-08-18 15:33 - 2014-08-18 15:43 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Mike Taylor\Start Menu\Programs\aswMBR.exe
2014-08-18 12:38 - 2014-08-18 12:38 - 00000266 _____ () C:\DelFix.txt
2014-08-18 12:38 - 2014-08-18 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-18 11:32 - 2014-08-18 14:43 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\TEMP\Desktop\tdsskiller.exe
2014-08-17 23:37 - 2014-08-13 13:55 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-17 18:59 - 2014-08-17 18:59 - 00033512 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-17 18:59 - 2014-08-17 18:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-17 17:30 - 2014-08-13 13:54 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-17 17:27 - 2014-08-17 17:17 - 00003458 _____ () C:\Documents and Settings\TEMP\Desktop\unhide.txt
2014-08-16 20:28 - 2014-07-02 22:58 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\Ang N Paul
2014-08-16 18:44 - 2014-08-16 20:10 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.bat.exe
2014-08-16 18:44 - 2014-08-16 20:07 - 01093632 _____ (Farbar) C:\Documents and Settings\Mike Taylor\Desktop\dts.exe.exe
2014-08-16 18:44 - 2014-08-16 18:59 - 01093632 _____ (Farbar) C:\Documents and Settings\TEMP\Desktop\dts.bat.exe
2014-08-16 16:10 - 2013-08-14 15:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 16:00 - 2006-02-05 20:56 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-15 15:54 - 2006-02-05 23:14 - 00000532 _____ () C:\WINDOWS\ODBC.INI
2014-08-14 19:23 - 2006-08-17 09:50 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\scan
2014-08-14 11:51 - 2013-10-09 15:27 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2847311$
2014-08-13 23:52 - 2011-07-22 10:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-13 23:38 - 2014-08-13 23:33 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\vlc
2014-08-13 23:28 - 2014-08-13 21:52 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\Adobe
2014-08-13 21:32 - 2014-08-13 21:32 - 00000000 ____D () C:\Documents and Settings\TEMP\Application Data\AVG2014
2014-08-13 19:07 - 2006-07-21 18:48 - 00002435 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
2014-08-13 18:47 - 2006-02-05 16:54 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-13 13:57 - 2006-03-22 15:08 - 00000000 ____D () C:\Program Files\Remote Backup
2014-08-13 13:55 - 2014-08-13 13:55 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 13:55 - 2014-08-13 13:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2014-08-13 13:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-13 13:54 - 2012-01-02 18:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-08-13 13:54 - 2012-01-02 18:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-13 13:34 - 2014-08-13 13:34 - 00000000 ____D () C:\Malwarebytes
2014-08-13 11:10 - 2014-08-13 11:10 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-08-13 11:10 - 2014-08-13 11:10 - 00000020 ___SH () C:\Documents and Settings\TEMP\ntuser.ini
2014-08-13 11:10 - 2006-02-05 11:03 - 00001024 _____ () C:\WINDOWS\system32\config\userdiff.LOG
2014-08-13 10:31 - 2006-02-05 17:09 - 00000278 ___SH () C:\Documents and Settings\Mike Taylor\ntuser.ini
2014-08-12 21:18 - 2007-11-14 22:38 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Desktop\Shopping
2014-08-08 15:00 - 2014-03-20 11:39 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 13:57 - 2014-08-08 13:57 - 00043008 _____ () C:\Documents and Settings\Mike Taylor\Desktop\closed sat sign.pub
2014-08-06 00:01 - 2006-03-10 20:04 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\My Documents\Customer Files
2014-08-04 18:15 - 2006-02-07 21:25 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Application Data\AdobeUM
2014-07-30 19:19 - 2014-07-30 19:19 - 00000913 _____ () C:\Documents and Settings\Mike Taylor\Desktop\Notary Law Updates  NNA.url
2014-07-25 17:17 - 2010-08-16 20:17 - 00000000 ____D () C:\Documents and Settings\Mike Taylor\Application Data\vlc
2014-07-24 10:27 - 2013-07-15 23:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:20 - 2013-07-15 23:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-22 23:10 - 2014-07-22 23:10 - 00031744 _____ () C:\Documents and Settings\Mike Taylor\Desktop\logo color.pub

Files to move or delete:
====================
C:\Documents and Settings\Mike Taylor\gotomypc_437.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-08-2014 03
Ran by Mike Taylor at 2014-08-19 14:20:06
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (Version: 2.0.0 - Adobe Systems) Hidden
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 4.0 (HKLM\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 4.0 (Version: 4.0 - Adobe Systems Inc.) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ALZip (HKLM\...\ALZip_is1) (Version: 6.7 - ESTsoft Corp.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1008 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5090 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 7.992-040303m-014319C-ATI - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.4007 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Broderbund Media Manager (HKLM\...\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}) (Version:  - Broderbund)
Calendar Creator 7.0 (HKLM\...\Calendar Creator 7.0) (Version:  - )
Calendar Creator for Windows V4.00 (HKLM\...\ccwin4.0) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Detector Tools (HKLM\...\{61B13456-C8EE-4805-8E0C-DF1A5BCABB32}) (Version: 1.4.0 - Escort)
EPSON TWAIN 5 (HKLM\...\{9A3EABC0-CA06-11D4-BF77-00104B130C19}) (Version:  - )
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FLV Player (HKLM\...\FLV Player2.0 ) (Version: 2.0  - Applian Technologies Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
J2SE Runtime Environment 5.0 Update 10 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150100}) (Version: 1.5.0.100 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 11 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150110}) (Version: 1.5.0.110 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
J2SE Runtime Environment 5.0 Update 9 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150090}) (Version: 1.5.0.90 - Sun Microsystems, Inc.)
Java 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LiveUpdate 2.6 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 2.6.18.0 - Symantec Corporation)
Logitech MouseWare 9.70  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Publisher 2002 (HKLM\...\{90190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PackMeister pro (HKLM\...\ST6UNST #1) (Version:  - )
Quick View Plus (HKLM\...\QVP) (Version:  - )
QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Connection Diagnostic Tool (HKLM\...\{8FC44A80-059E-4358-BBB4-50FAEBED7627}) (Version: 4.0.0 - Intuit)
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime (HKLM\...\{5B09BD67-4C99-46A1-8161-B7208CE18121}) (Version: 7.3.0.70 - Apple Inc.)
Remote Backup 2006 (Version: 9.20.000 - Remote Backup Systems, Inc.) Hidden
Remote Backup 2007 (HKLM\...\{F0674B40-D8C3-11D3-8C61-00104B1F6CF0}) (Version: 10.00.003 - Remote Backup Systems)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
The Big Box of Art 615,000 (HKLM\...\{2F5D985D-2748-40F8-ACEC-2E59B4F23C50}) (Version: 2.20.0000 - Hemera Technologies Inc.)
The Print Shop (HKLM\...\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}) (Version:  - Broderbund LLC)
The Print Shop 21 (HKLM\...\{55B30AF2-7331-4436-9318-D9EA45A42F79}) (Version: 21.00.0000 - Broderbund Software)
Time Zone Data Update Tool for Microsoft Office Outlook (HKLM\...\{95120000-0038-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1029 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
VBA (3821h) (Version: 6.02.00.8919 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - English (Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 2002 (Version: 10 - Corel) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-362288127-839522115-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

21-05-2014 18:39:35 System Checkpoint
22-05-2014 22:11:11 System Checkpoint
23-05-2014 22:19:02 System Checkpoint
25-05-2014 02:17:57 System Checkpoint
26-05-2014 02:19:03 System Checkpoint
27-05-2014 06:19:01 System Checkpoint
28-05-2014 06:34:51 System Checkpoint
29-05-2014 09:50:19 System Checkpoint
30-05-2014 10:41:56 System Checkpoint
31-05-2014 14:11:38 System Checkpoint
02-06-2014 15:49:12 System Checkpoint
03-06-2014 16:25:10 System Checkpoint
04-06-2014 18:33:07 System Checkpoint
05-06-2014 19:03:36 System Checkpoint
06-06-2014 19:09:40 System Checkpoint
07-06-2014 19:45:06 System Checkpoint
08-06-2014 23:44:01 System Checkpoint
10-06-2014 00:26:24 System Checkpoint
11-06-2014 02:52:40 System Checkpoint
11-06-2014 07:00:21 Software Distribution Service 3.0
12-06-2014 10:28:16 System Checkpoint
13-06-2014 11:39:57 System Checkpoint
14-06-2014 14:14:38 System Checkpoint
15-06-2014 14:54:38 System Checkpoint
16-06-2014 18:10:58 System Checkpoint
17-06-2014 22:43:06 System Checkpoint
18-06-2014 23:46:56 System Checkpoint
20-06-2014 02:45:38 System Checkpoint
21-06-2014 05:59:10 System Checkpoint
22-06-2014 06:45:04 System Checkpoint
23-06-2014 10:43:58 System Checkpoint
24-06-2014 13:21:28 System Checkpoint
25-06-2014 18:13:21 System Checkpoint
26-06-2014 20:14:28 System Checkpoint
27-06-2014 23:08:59 System Checkpoint
29-06-2014 02:59:35 System Checkpoint
30-06-2014 03:23:23 System Checkpoint
01-07-2014 06:20:27 System Checkpoint
02-07-2014 09:59:04 System Checkpoint
03-07-2014 02:29:00 Removed Bentley View V8i 08.11.05.19
04-07-2014 03:58:49 System Checkpoint
05-07-2014 04:18:55 System Checkpoint
06-07-2014 04:30:20 System Checkpoint
07-07-2014 08:17:51 System Checkpoint
08-07-2014 10:34:33 System Checkpoint
09-07-2014 07:00:18 Software Distribution Service 3.0
10-07-2014 10:20:56 System Checkpoint
11-07-2014 10:28:51 System Checkpoint
12-07-2014 14:28:05 System Checkpoint
13-07-2014 14:29:28 System Checkpoint
14-07-2014 14:50:00 System Checkpoint
15-07-2014 15:19:14 System Checkpoint
16-07-2014 18:55:01 System Checkpoint
17-07-2014 22:41:38 System Checkpoint
18-07-2014 23:55:11 System Checkpoint
20-07-2014 03:24:10 System Checkpoint
21-07-2014 07:24:10 System Checkpoint
22-07-2014 10:21:04 System Checkpoint
23-07-2014 11:05:10 System Checkpoint
24-07-2014 14:19:23 Software Distribution Service 3.0
25-07-2014 14:43:10 System Checkpoint
26-07-2014 15:17:50 System Checkpoint
27-07-2014 19:02:29 System Checkpoint
29-07-2014 00:10:21 System Checkpoint
30-07-2014 03:39:32 System Checkpoint
31-07-2014 06:33:25 System Checkpoint
01-08-2014 06:51:31 System Checkpoint
02-08-2014 10:50:32 System Checkpoint
03-08-2014 15:03:04 System Checkpoint
04-08-2014 15:32:20 System Checkpoint
05-08-2014 19:50:25 System Checkpoint
06-08-2014 22:39:19 System Checkpoint
07-08-2014 22:40:26 System Checkpoint
08-08-2014 22:45:07 System Checkpoint
10-08-2014 02:38:34 System Checkpoint
11-08-2014 02:39:38 System Checkpoint
12-08-2014 03:46:17 System Checkpoint
13-08-2014 06:38:30 System Checkpoint
13-08-2014 22:47:45 Restore Operation
15-08-2014 20:21:32 System Checkpoint
16-08-2014 20:00:01 Software Distribution Service 3.0
17-08-2014 20:35:53 System Checkpoint
19-08-2014 01:13:31 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 08:00 - 2014-08-18 20:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2004-05-14 00:05 - 2004-05-14 00:05 - 00086016 _____ () C:\WINDOWS\system32\Ati2evxx.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20607013.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\28284749.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72901429.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20607013.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\28284749.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72901429.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk => C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk => C:\WINDOWS\pss\CorelCENTRAL 10.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LaunchU3.exe.lnk => C:\WINDOWS\pss\LaunchU3.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Calendar Creator Scheduler.lnk => C:\WINDOWS\pss\Calendar Creator Scheduler.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Mike Taylor^Start Menu^Programs^Startup^Webshots.lnk => C:\WINDOWS\pss\Webshots.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
MSCONFIG\startupreg: EM_EXEC => C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: QuickFinder Scheduler => "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SMSERIAL => sm56hlpr.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: RADEON 9200 SERIES - Secondary
Description: RADEON 9200 SERIES - Secondary
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2014 02:18:51 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (08/19/2014 02:18:42 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avgtdix
FAMv4
FileCloner
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
WS2IFSL

Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31

Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (08/19/2014 02:17:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31

Error: (08/19/2014 02:16:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/19/2014 01:59:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileCloner

Error: (08/19/2014 02:10:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileCloner

Error: (08/19/2014 01:35:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileCloner


Microsoft Office Sessions:
=========================
Error: (08/19/2014 02:18:51 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (08/19/2014 02:18:42 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:38 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/19/2014 02:18:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 2.66GHz
Percentage of memory in use: 19%
Total physical RAM: 1534.99 MB
Available physical RAM: 1235.94 MB
Total Pagefile: 2923.98 MB
Available Pagefile: 2828.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:233.75 GB) (Free:150.09 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (USB DISK) (Removable) (Total:28.85 GB) (Free:28.81 GB) FAT32
Drive g: (LEXAR) (Fixed) (Total:0.96 GB) (Free:0.96 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233.8 GB) (Disk ID: BAF5BAF5)
Partition 1: (Active) - (Size=233.7 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 989.5 MB) (Disk ID: 2DB91CAE)
Partition 1: (Not Active) - (Size=988 MB) - (Type=0B)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 28.9 GB) (Disk ID: 72A017CB)
Partition 1: (Not Active) - (Size=28.9 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

==========================

It all definitely points to a bad user profile, check the link below and see if some how you can't create a new one:

http://www.techrepublic.com/article/get-it-done-recover-a-damaged-windows-xp-user-profile/

Let me know...MrC

Link to post
Share on other sites

Here is the fixlog.  When I ran the fix, was MBAM supposed to start and run?  It didn't seem to.  Doing all of this from the command prompt, not the desktop.  The process barely took 3 seconds.  Will work on the new user profile setup as time allows this afternoon/evening.  Thanks again for all the help.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:16-08-2014 03
Ran by Mike Taylor at 2014-08-19 15:09:44 Run:2
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [1] => F:\mbam-chameleon-3.1.4.0\Chameleon\Windows\mbam-chameleon.exe [755512 2014-06-03] (MalwareBytes)
HKLM\...\RunOnce: [{7C1E3591-6DF5-4025-B814-62FC45DFC128}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {7C1E3591-6DF5-4025-B814-62FC45DFC128}.exe -accepteula -accepteulaksn -activeimages -postboot
HKLM\...\RunOnce: [{6FA3AC8D-A017-4DA6-B3C2-24E3E004292D}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {6FA3AC8D-A017-4DA6-B3C2-24E3E004292D}.exe -accepteula -accepteulaksn -activeimages -postboot
HKLM\...\RunOnce: [{AC7526C7-280B-408B-A576-1F2A39871F76}] => cmd.exe /C start /D "C:\WINDOWS\TEMP" /B {AC7526C7-280B-408B-A576-1F2A39871F76}.exe -accepteula -accepteulaksn -activeimages -postboot
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\1 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{7C1E3591-6DF5-4025-B814-62FC45DFC128} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{6FA3AC8D-A017-4DA6-B3C2-24E3E004292D} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{AC7526C7-280B-408B-A576-1F2A39871F76} => value deleted successfully.
Error setting Default URLSearchHook.

==== End of Fixlog ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.