i have tried everything i can think of to get chameleon to complete

[alison2011]

hi i have done what it has said in a pinned post i created a new user account i rebooted i then ran mbam full scan i then quarantined i then rebooted and did a hyperscan nothing was found i then rebooted and logged into my usual admin acct i then did a fullscan on mbam nothing found i then deleted all in quarantine i then accessed chameleon and ran it and now it is stuck on a file/program for about 3hours so i have killed it but the reason for re-running it is because i wanted to make sure that there was nothing to be killed but obviously there is as it got stuck so my question is how long should i let it run for what is the maximum time and why does it say the time out for killing is 1800 seconds ? does this mean i have to keep minimizing it before the 30minutes are up? i am running it right now and i will put the file/program info here asap that chameleon is not passing on thanks for any guidance :-) i am on windows xp 32bit using firefox my system is a toshiba nb100 12A 5years old & 4 months i am passing this system on to somebody and would like to make sure it is clean. I am receiving a toshiba nb200 10z tomorrow so i maybe asking you for help with that system too it is operated by windows 7

[alison2011]

also no luck with the set up of backing up files with mbam

[AdvancedSetup]

 Please read the following and post back the 3 requested logs.
 
Diagnostic Logs
 
Thank you
 

[alison2011]

scanning now thanks Root Admin

[alison2011]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Heather (administrator) on CURLEWBIRDY on 27-08-2014 22:40:10
Running from C:\Documents and Settings\Heather\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corp.) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2008-08-13] (Synaptics, Inc.)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [450648 2008-04-14] (Atheros Communications, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [393216 2008-09-05] (TOSHIBA)
HKLM\...\Run: [smoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [495616 2007-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-10-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-08-19] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2577866921-869302320-1379617784-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2577866921-869302320-1379617784-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
HKU\S-1-5-21-2577866921-869302320-1379617784-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6465B39C-2FA5-46DD-9E82-E632AF7DCDB7} URL = http://search.avg.com/route/?d=4db39a1e&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKCU - {89196B53-83FE-4A05-B900-2557610C5DA6} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {9FFCCE37-2FE7-4240-B306-B7B498BBE9B8} URL = http://search.live.com/results.aspx?q={searchTerms}&form=MS8TDS&pc=MS8TDS&src=IE-SearchBox
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\oks8iv9n.default-1406379396781
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: NoSquint - C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\oks8iv9n.default-1406379396781\Extensions\nosquint@urandom.ca.xpi [2014-07-28]
FF Extension: Adblock Plus - C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\oks8iv9n.default-1406379396781\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-04-14] (Atheros) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-09] (Adobe Systems Incorporated) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-19] (Oracle Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-07-22] (Mozilla Foundation) [File not signed]
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) [File not signed]
R2 TAPPSRV; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [33792 2008-08-29] (TOSHIBA Corp.) [File not signed]
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-08-27] (Malwarebytes Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-27] (Malwarebytes Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-09-04] (Realtek Semiconductor Corp.)
S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [92464 2009-06-18] (Sunbelt Software)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-05] ()
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 tdcmdpst; C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed]
R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
S3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
R3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [80000 2010-05-20] (Vodafone)
S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated)
S3 BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [X]
S3 BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 sdbus; C:\Windows\System32\Drivers\sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 Tosrfcom; No ImagePath
S3 Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 22:39 - 2014-08-27 22:40 - 00000000 ___DC () C:\FRST
2014-08-27 05:20 - 2014-08-27 05:54 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-08-27 04:08 - 2014-08-27 05:45 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-27 04:08 - 2014-08-27 04:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-27 04:08 - 2014-08-27 04:10 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 04:08 - 2013-11-27 09:17 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\TuneUp Software
2014-08-27 04:08 - 2013-11-27 09:16 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Avg2014
2014-08-27 04:08 - 2011-05-11 17:32 - 00000000 __SHD () C:\Documents and Settings\mine\IETldCache
2014-08-27 04:08 - 2009-08-01 00:34 - 00001599 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Remote Assistance.lnk
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Seven Zip
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Adobe
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Sun
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\InstallShield
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Adobe
2014-08-27 04:08 - 2008-09-19 08:54 - 00053704 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-27 04:08 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Microsoft Help
2014-08-27 04:08 - 2008-09-19 07:31 - 00000745 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Outlook Express.lnk
2014-08-27 03:54 - 2014-08-27 03:57 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-27 11:00 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 01:12 - 2014-08-27 01:58 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 00:26 - 2014-08-27 01:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2014-08-21 16:47 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escdev.dll
2014-08-21 16:47 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2014-08-21 16:25 - 2014-08-21 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:25 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLBFIE.DLL
2014-08-21 16:25 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FD4BFIE.DLL
2014-08-21 16:25 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2014-08-18 15:02 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll
2014-08-18 15:02 - 2007-06-22 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini
2014-08-18 15:02 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll
2014-08-18 15:02 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll
2014-08-18 15:02 - 2005-06-01 00:20 - 00111932 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00026154 _____ () C:\WINDOWS\system32\EPPICPattern1.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00024903 _____ () C:\WINDOWS\system32\EPPICPattern3.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00021390 _____ () C:\WINDOWS\system32\EPPICPattern5.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00020148 _____ () C:\WINDOWS\system32\EPPICPattern2.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00013732 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00011811 _____ () C:\WINDOWS\system32\EPPICPattern4.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00006442 _____ () C:\WINDOWS\system32\EPPICLocal_IT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006335 _____ () C:\WINDOWS\system32\EPPICLocal_GE.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006122 _____ () C:\WINDOWS\system32\EPPICLocal_DU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006103 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005817 _____ () C:\WINDOWS\system32\EPPICLocal_KO.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005436 _____ () C:\WINDOWS\system32\EPPICLocal_SC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00002889 _____ () C:\WINDOWS\system32\EPPICLocal_RU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00002426 _____ () C:\WINDOWS\system32\EPPICLocal_TC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00001146 _____ () C:\WINDOWS\system32\EPPICPresetData_DU.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001136 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001120 _____ () C:\WINDOWS\system32\EPPICPresetData_IT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001107 _____ () C:\WINDOWS\system32\EPPICPresetData_GE.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat
2014-08-18 14:55 - 2014-08-27 16:02 - 00082628 _____ () C:\WINDOWS\setupapi.log
2014-08-18 14:55 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-18 14:47 - 2014-08-21 16:47 - 00000000 ____D () C:\Program Files\epson
2014-08-06 00:19 - 2014-08-27 00:21 - 00002100 _____ () C:\WINDOWS\setupact.log
2014-08-06 00:19 - 2014-08-06 00:19 - 00000000 _____ () C:\WINDOWS\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-27 22:43 - 2010-10-06 09:55 - 00000000 ____D () C:\Documents and Settings\Heather\Local Settings\Temp
2014-08-27 22:40 - 2014-08-27 22:39 - 00000000 ___DC () C:\FRST
2014-08-27 22:14 - 2014-06-19 09:09 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 21:53 - 2013-12-03 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-27 19:45 - 2010-09-06 01:26 - 01530078 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-27 18:41 - 2010-09-06 03:16 - 00524440 _____ () C:\WINDOWS\wiadebug.log
2014-08-27 16:02 - 2014-08-18 14:55 - 00082628 _____ () C:\WINDOWS\setupapi.log
2014-08-27 11:14 - 2008-09-19 07:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-27 11:00 - 2014-08-27 01:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 09:14 - 2014-06-19 09:09 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 06:47 - 2012-05-28 02:17 - 00005632 __SHC () C:\WINDOWS\Thumbs.db
2014-08-27 05:54 - 2014-08-27 05:20 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-27 05:47 - 2014-03-12 07:44 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-27 05:47 - 2011-06-21 02:24 - 00032546 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-27 05:47 - 2010-09-06 03:16 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-08-27 05:47 - 2008-09-19 07:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-27 05:46 - 2008-09-19 08:10 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-08-27 05:45 - 2014-08-27 04:08 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 05:19 - 2010-12-16 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 04:55 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-27 04:50 - 2014-02-12 16:01 - 00000000 ____D () C:\Program Files\Music Toolbar
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:10 - 2014-08-27 04:08 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000643 _____ () C:\WINDOWS\wmsetup.log
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 04:07 - 2009-04-06 07:56 - 00000178 __SHC () C:\Documents and Settings\Heather\ntuser.ini
2014-08-27 04:01 - 2008-09-19 08:21 - 00824206 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-27 03:57 - 2014-08-27 03:54 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 03:16 - 2008-09-19 08:37 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-27 02:04 - 2014-02-12 16:22 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\SwvUpdater
2014-08-27 01:58 - 2014-08-27 01:12 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-08-27 00:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 01:00 - 2014-04-25 00:59 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2014-08-27 01:00 - 2014-04-25 00:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-27 00:21 - 2014-08-06 00:19 - 00002100 _____ () C:\WINDOWS\setupact.log
2014-08-27 00:15 - 2013-10-14 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-27 00:15 - 2010-12-18 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-27 00:13 - 2013-12-02 20:50 - 00000000 ___DC () C:\$AVG
2014-08-27 00:07 - 2014-03-31 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-27 00:03 - 2014-04-16 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-08-26 23:29 - 2014-06-19 09:20 - 00001813 _____ () C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2014-08-25 21:14 - 2014-04-16 16:18 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-08-24 03:17 - 2012-02-11 14:02 - 00316416 __SHC () C:\Documents and Settings\Heather\My Documents\Thumbs.db
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:47 - 2014-08-18 14:47 - 00000000 ____D () C:\Program Files\epson
2014-08-21 16:47 - 2008-09-19 08:15 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-21 16:25 - 2014-08-18 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-13 13:14 - 2012-10-15 12:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-13 13:14 - 2009-10-18 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-13 13:05 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 13:03 - 2013-07-12 22:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-13 12:47 - 2009-04-21 01:35 - 96303304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-11 23:30 - 2014-07-18 04:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-08 15:00 - 2014-03-12 07:44 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-06 00:19 - 2014-08-06 00:19 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-05 15:40 - 2009-04-06 07:56 - 00000000 ____D () C:\Documents and Settings\Heather
2014-07-29 03:21 - 2013-10-14 23:41 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[alison2011]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Heather at 2014-08-27 22:47:20
Running from C:\Documents and Settings\Heather\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version:  - Atheros)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.24 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation)
Map Button (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Internet Explorer Administration Kit 5 (HKLM\...\IEAK5) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Resource Kit Tools (HKLM\...\{95250409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6403.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038 - Microsoft Corporation) Hidden
OutRun (HKLM\...\OutRun_is1) (Version:  - GameFabrique)
Pacman (remove only) (HKLM\...\Pacman) (Version:  - JenkatGames)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0001 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5699 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.11A2 - )
TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0a - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.00.0002 - TOSHIBA)
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.00.00.24f - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-05-2014 10:00:36 Software Distribution Service 3.0
14-05-2014 10:02:19 Software Distribution Service 3.0
20-05-2014 09:57:43 System Checkpoint
13-06-2014 11:01:14 Software Distribution Service 3.0
09-07-2014 03:40:18 Software Distribution Service 3.0
24-07-2014 00:58:53 System Checkpoint
26-07-2014 09:41:32 Installed AVG PC TuneUp 2014
26-07-2014 09:51:18 Removed AVG PC TuneUp 2014
26-07-2014 09:52:02 Removed AVG PC TuneUp 2014 (en-US)
26-07-2014 09:53:31 Installed AVG PC TuneUp 2014
28-07-2014 10:40:42 Removed AVG PC TuneUp 2014
28-07-2014 10:43:10 Removed AVG PC TuneUp 2014 (en-US)
13-08-2014 11:45:13 Software Distribution Service 3.0
21-08-2014 15:25:19 Unsigned printer driver EPSON SX510W Series installed.
26-08-2014 23:13:06 Removed AVG 2014
26-08-2014 23:14:20 Removed AVG 2014
27-08-2014 03:03:58 Installed Malwarebytes Secure Backup
27-08-2014 03:05:30 Installed Malwarebytes Secure Backup
27-08-2014 04:18:55 Installed Malwarebytes Secure Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe
Task: C:\WINDOWS\Tasks\System Restore.job => C:\WINDOWS\system32\Restore\rstrui.exe

==================== Loaded Modules (whitelisted) =============

2013-12-09 19:37 - 2012-06-28 07:19 - 00233344 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
2008-09-19 08:26 - 2004-11-05 17:24 - 00090112 _____ () C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll
2014-07-18 04:27 - 2014-07-22 22:20 - 03709040 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2008-09-19 06:15 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2014 05:56:25 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:47:37 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:16:53 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:55:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:53:32 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:11:54 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:08:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:05:28 AM) (Source: MsiInstaller) (EventID: 11303) (User: CURLEWBIRDY)
Description: Product: Malwarebytes Secure Backup -- Error 1303.The installer has insufficient privileges to access this directory: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Secure Backup.  The installation cannot continue.  Log on as an administrator or contact your system administrator.

Error: (08/27/2014 04:03:56 AM) (Source: MsiInstaller) (EventID: 11303) (User: CURLEWBIRDY)
Description: Product: Malwarebytes Secure Backup -- Error 1303.The installer has insufficient privileges to access this directory: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Secure Backup.  The installation cannot continue.  Log on as an administrator or contact your system administrator.

Error: (08/27/2014 04:03:52 AM) (Source: MsiInstaller) (EventID: 11303) (User: CURLEWBIRDY)
Description: Product: Malwarebytes Secure Backup -- Error 1303.The installer has insufficient privileges to access this directory: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Secure Backup.  The installation cannot continue.  Log on as an administrator or contact your system administrator.


System errors:
=============
Error: (08/27/2014 04:29:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:28:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:13:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:10:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:09:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:09:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:08:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:06:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 04:06:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Error: (08/27/2014 03:56:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Atom CPU N270 @ 1.60GHz
Percentage of memory in use: 84%
Total physical RAM: 1013.88 MB
Available physical RAM: 160.94 MB
Total Pagefile: 2445.1 MB
Available Pagefile: 1016.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:87.18 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 5417C78F)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[alison2011]

very sorry root but the mbam check exe link in your diagnostics link list is not working for me i tried going here https://www.malwarebytes.org/downloads/  but it wasn't in there as mbam check

[alison2011]

your link is now downloading for me phew

[alison2011]

CheckResults.txt

[alison2011]

i keep getting microsoft trying to install updates i believe this to be hackers etc as microsoft no longer update windows xp is there anything i can do to kill it

[alison2011]

i won't run chameleon or scan with mbam until your next direction thanks so much for looking into my log lists also my brother is going to get it for those porn sites grrrrrrrrr MEN lol

[alison2011]

i have reset my firefox and reinstalled it much better web search now   i have also turned the updates off for windows to stop the microsoft fake updates

[AdvancedSetup]

Yes, there was a network error this morning that was preventing downloading of the items from those links. It has been corrected and is now working.

However the current logs you posted show us that the computer is infected and needs to be cleaned.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you

[alison2011]

thank you Ron i will direct the helpers to this topic so i don't have to repeat it all again but don't mind if i need to

[Ashe75]

Alison,

 

Have you tried running a scan at night before you sign off for the evening and then checked it for completion in the morning?

 

You mentioned a scan running for 3 hours,

 

When I do a scan on a Windows XP machine, it runs a long time in the Heuristic Analysis phase but completes in 4 hours 40 minutes.

[AdvancedSetup]

User is being helped in the malware removal forum now so I'll go ahead and close this topic now.