malware removal help advised to come here by root admin Ron

alison2011 · August 28, 2014

https://forums.malwarebytes.org/index.php?/topic/155860-i-have-tried-everything-i-can-think-of-to-get-chameleon-to-complete/ please see this link for logs etc and i await your direction thanks

Naathim · August 28, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Hello

I will be glad to help you

One thing. While I will go through your previous thread, please re-post here FRST & Addition logfiles for the record. Sometimes I need to compare logs and it would make my work easier if I won't have to jump over the threads.

Thank you!
Naat

alison2011 · August 28, 2014

ok i am on to it now Naat

alison2011 · August 28, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Heather (administrator) on CURLEWBIRDY on 28-08-2014 15:01:53
Running from C:\Documents and Settings\Heather\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corp.) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2008-08-13] (Synaptics, Inc.)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [450648 2008-04-14] (Atheros Communications, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [393216 2008-09-05] (TOSHIBA)
HKLM\...\Run: [smoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [495616 2007-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-10-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-08-19] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\S-1-5-21-2577866921-869302320-1379617784-1011\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
SearchScopes: HKCU - DefaultScope {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {6465B39C-2FA5-46DD-9E82-E632AF7DCDB7} URL = http://search.avg.com/route/?d=4db39a1e&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKCU - {89196B53-83FE-4A05-B900-2557610C5DA6} URL = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {9FFCCE37-2FE7-4240-B306-B7B498BBE9B8} URL = http://search.live.com/results.aspx?q={searchTerms}&form=MS8TDS&pc=MS8TDS&src=IE-SearchBox
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-14]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-04-14] (Atheros) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-09] (Adobe Systems Incorporated) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-19] (Oracle Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-07-22] (Mozilla Foundation) [File not signed]
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) [File not signed]
R2 TAPPSRV; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [33792 2008-08-29] (TOSHIBA Corp.) [File not signed]
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-08-27] (Malwarebytes Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-28] (Malwarebytes Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-09-04] (Realtek Semiconductor Corp.)
S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [92464 2009-06-18] (Sunbelt Software)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-05] ()
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 tdcmdpst; C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed]
R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
S3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
R3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [80000 2010-05-20] (Vodafone)
S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated)
S3 BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [X]
S3 BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 sdbus; C:\Windows\System32\Drivers\sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 Tosrfcom; No ImagePath
S3 Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk
2014-08-27 23:13 - 2014-08-27 23:31 - 00032477 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt
2014-08-27 23:11 - 2014-08-27 23:12 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe
2014-08-27 22:39 - 2014-08-28 15:02 - 00000000 ___DC () C:\FRST
2014-08-27 05:20 - 2014-08-27 23:32 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:08 - 2014-08-28 09:50 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-27 04:08 - 2014-08-28 09:50 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-27 04:08 - 2014-08-27 05:45 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-27 04:08 - 2014-08-27 04:10 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 04:08 - 2013-11-27 09:17 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\TuneUp Software
2014-08-27 04:08 - 2013-11-27 09:16 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Avg2014
2014-08-27 04:08 - 2011-05-11 17:32 - 00000000 __SHD () C:\Documents and Settings\mine\IETldCache
2014-08-27 04:08 - 2009-08-01 00:34 - 00001599 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Remote Assistance.lnk
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Seven Zip
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Adobe
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Sun
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\InstallShield
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Adobe
2014-08-27 04:08 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Microsoft Help
2014-08-27 04:08 - 2008-09-19 07:31 - 00000745 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Outlook Express.lnk
2014-08-27 03:54 - 2014-08-27 03:57 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-28 09:50 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 01:12 - 2014-08-27 01:58 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 00:26 - 2014-08-27 01:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2014-08-21 16:47 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escdev.dll
2014-08-21 16:47 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2014-08-21 16:25 - 2014-08-21 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:25 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLBFIE.DLL
2014-08-21 16:25 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FD4BFIE.DLL
2014-08-21 16:25 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2014-08-18 15:02 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll
2014-08-18 15:02 - 2007-06-22 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini
2014-08-18 15:02 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll
2014-08-18 15:02 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll
2014-08-18 15:02 - 2005-06-01 00:20 - 00111932 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00026154 _____ () C:\WINDOWS\system32\EPPICPattern1.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00024903 _____ () C:\WINDOWS\system32\EPPICPattern3.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00021390 _____ () C:\WINDOWS\system32\EPPICPattern5.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00020148 _____ () C:\WINDOWS\system32\EPPICPattern2.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00013732 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00011811 _____ () C:\WINDOWS\system32\EPPICPattern4.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00006442 _____ () C:\WINDOWS\system32\EPPICLocal_IT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006335 _____ () C:\WINDOWS\system32\EPPICLocal_GE.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006122 _____ () C:\WINDOWS\system32\EPPICLocal_DU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006103 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005817 _____ () C:\WINDOWS\system32\EPPICLocal_KO.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005436 _____ () C:\WINDOWS\system32\EPPICLocal_SC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00002889 _____ () C:\WINDOWS\system32\EPPICLocal_RU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00002426 _____ () C:\WINDOWS\system32\EPPICLocal_TC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00001146 _____ () C:\WINDOWS\system32\EPPICPresetData_DU.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001136 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001120 _____ () C:\WINDOWS\system32\EPPICPresetData_IT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001107 _____ () C:\WINDOWS\system32\EPPICPresetData_GE.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat
2014-08-18 14:55 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-18 14:47 - 2014-08-21 16:47 - 00000000 ____D () C:\Program Files\epson

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 15:04 - 2010-10-06 09:55 - 00000000 ____D () C:\Documents and Settings\Heather\Local Settings\Temp
2014-08-28 15:02 - 2014-08-27 22:39 - 00000000 ___DC () C:\FRST
2014-08-28 14:53 - 2013-12-03 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-28 14:39 - 2010-09-06 01:26 - 01559187 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-28 14:14 - 2014-06-19 09:09 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 12:14 - 2011-06-21 02:24 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-28 09:50 - 2014-08-27 04:08 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-28 09:50 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-28 09:50 - 2014-08-27 01:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 09:14 - 2014-06-19 09:09 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 07:39 - 2014-07-18 04:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-28 07:39 - 2014-01-15 00:05 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 07:39 - 2014-01-15 00:05 - 00000724 ____C () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-08-28 07:39 - 2014-01-15 00:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk
2014-08-28 07:29 - 2014-07-26 13:56 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Old Firefox Data
2014-08-28 02:43 - 2009-04-06 07:56 - 00000000 ____D () C:\Documents and Settings\Heather
2014-08-28 01:41 - 2011-09-27 02:53 - 00001919 ____C () C:\WINDOWS\epplauncher.mif
2014-08-27 23:32 - 2014-08-27 05:20 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-27 23:31 - 2014-08-27 23:13 - 00032477 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt
2014-08-27 23:21 - 2014-03-12 07:44 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-27 23:21 - 2010-09-06 03:16 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-08-27 23:21 - 2010-09-06 03:16 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-08-27 23:20 - 2008-09-19 07:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-27 23:19 - 2009-04-06 07:56 - 00000178 __SHC () C:\Documents and Settings\Heather\ntuser.ini
2014-08-27 23:19 - 2008-09-19 08:10 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-08-27 23:12 - 2014-08-27 23:11 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe
2014-08-27 11:14 - 2008-09-19 07:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-27 06:47 - 2012-05-28 02:17 - 00005632 __SHC () C:\WINDOWS\Thumbs.db
2014-08-27 05:45 - 2014-08-27 04:08 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 05:19 - 2010-12-16 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 04:50 - 2014-02-12 16:01 - 00000000 ____D () C:\Program Files\Music Toolbar
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:10 - 2014-08-27 04:08 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 04:01 - 2008-09-19 08:21 - 00824206 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-27 03:57 - 2014-08-27 03:54 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 03:16 - 2008-09-19 08:37 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-27 02:04 - 2014-02-12 16:22 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\SwvUpdater
2014-08-27 01:58 - 2014-08-27 01:12 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-08-27 00:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 01:00 - 2014-04-25 00:59 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2014-08-27 01:00 - 2014-04-25 00:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-27 00:15 - 2013-10-14 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-27 00:15 - 2010-12-18 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-27 00:13 - 2013-12-02 20:50 - 00000000 ___DC () C:\$AVG
2014-08-27 00:07 - 2014-03-31 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-27 00:03 - 2014-04-16 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-08-26 23:29 - 2014-06-19 09:20 - 00001813 _____ () C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2014-08-25 21:14 - 2014-04-16 16:18 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-08-24 03:17 - 2012-02-11 14:02 - 00316416 __SHC () C:\Documents and Settings\Heather\My Documents\Thumbs.db
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:47 - 2014-08-18 14:47 - 00000000 ____D () C:\Program Files\epson
2014-08-21 16:47 - 2008-09-19 08:15 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-21 16:25 - 2014-08-18 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-13 13:14 - 2012-10-15 12:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-13 13:14 - 2009-10-18 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-13 13:05 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 13:03 - 2013-07-12 22:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-08 15:00 - 2014-03-12 07:44 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-31 23:42 - 2009-04-21 01:35 - 96303304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-29 03:21 - 2013-10-14 23:41 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

alison2011 · August 28, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Heather at 2014-08-28 15:07:26
Running from C:\Documents and Settings\Heather\My Documents\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: - Atheros)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.24 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation)
Map Button (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Internet Explorer Administration Kit 5 (HKLM\...\IEAK5) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Resource Kit Tools (HKLM\...\{95250409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6403.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038 - Microsoft Corporation) Hidden
OutRun (HKLM\...\OutRun_is1) (Version: - GameFabrique)
Pacman (remove only) (HKLM\...\Pacman) (Version: - JenkatGames)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0001 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5699 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.11A2 - )
TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0a - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.00.0002 - TOSHIBA)
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.00.00.24f - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1011_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

03-05-2014 10:00:36 Software Distribution Service 3.0
14-05-2014 10:02:19 Software Distribution Service 3.0
20-05-2014 09:57:43 System Checkpoint
13-06-2014 11:01:14 Software Distribution Service 3.0
09-07-2014 03:40:18 Software Distribution Service 3.0
24-07-2014 00:58:53 System Checkpoint
26-07-2014 09:41:32 Installed AVG PC TuneUp 2014
26-07-2014 09:51:18 Removed AVG PC TuneUp 2014
26-07-2014 09:52:02 Removed AVG PC TuneUp 2014 (en-US)
26-07-2014 09:53:31 Installed AVG PC TuneUp 2014
28-07-2014 10:40:42 Removed AVG PC TuneUp 2014
28-07-2014 10:43:10 Removed AVG PC TuneUp 2014 (en-US)
13-08-2014 11:45:13 Software Distribution Service 3.0
21-08-2014 15:25:19 Unsigned printer driver EPSON SX510W Series installed.
26-08-2014 23:13:06 Removed AVG 2014
26-08-2014 23:14:20 Removed AVG 2014
27-08-2014 03:03:58 Installed Malwarebytes Secure Backup
27-08-2014 03:05:30 Installed Malwarebytes Secure Backup
27-08-2014 04:18:55 Installed Malwarebytes Secure Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe
Task: C:\WINDOWS\Tasks\System Restore.job => C:\WINDOWS\system32\Restore\rstrui.exe

==================== Loaded Modules (whitelisted) =============

2013-12-09 19:37 - 2012-06-28 07:19 - 00233344 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
2008-09-19 08:26 - 2004-11-05 17:24 - 00090112 _____ () C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll
2014-07-18 04:27 - 2014-07-22 22:20 - 03709040 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 09:50:26 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 11:26:11 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 11:22:21 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:56:25 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:47:37 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:16:53 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:55:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:53:32 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:11:54 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 04:08:57 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

System errors:
=============
Error: (08/28/2014 01:40:48 PM) (Source: 0) (EventID: 1) (User: )
Description: \Device\ACPIEC

Error: (08/28/2014 09:50:50 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (08/28/2014 09:50:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (08/28/2014 09:50:09 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/28/2014 09:50:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (08/28/2014 09:50:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/28/2014 09:49:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error:
%%5

Error: (08/28/2014 09:49:55 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/27/2014 11:26:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (08/27/2014 11:23:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Atom CPU N270 @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 1013.88 MB
Available physical RAM: 339.74 MB
Total Pagefile: 2444.99 MB
Available Pagefile: 1173 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:86.96 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 5417C78F)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Naathim · August 28, 2014

Hi

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Make sure that Scan All Users, LOP check and Purity check are ticked.
For 64-bit systems only - make sure that Include 64-bit option is also ticked.
Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
Section Extra Registry is also set to Use Safelist.
Under the Custom Scans/Fixes bar in the box paste in the following:
```
BASESERVICES/md5startrpcss.dll/md5stop
```
Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

alison2011 · August 29, 2014

Temporary disable your AntiVirus and AntiSpyware protection???? i have none can you not see that from my logs unless mbam is classed as the previous? i am not sure which of the previous to add to my system and would like advice please Naat

alison2011 · August 29, 2014

hi Naat no joy i am afraid with your first direction of the JRT it ran all the way to the registry and then my windows popped open "my documents" then all i could hear was my disk resetting itself repeatedly will try your next direction hoping that will come up with a log i did let the registry run on JRT for nearly 2hrs as you can see from my last post

alison2011 · August 29, 2014

and also the JRT was not allowed to run as administrator so i just ran it without :/

alison2011 · August 29, 2014

# AdwCleaner v3.308 - Report created 29/08/2014 at 05:26:04
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Heather - CURLEWBIRDY
# Running from : C:\Documents and Settings\Heather\desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\ale\Application Data\Mozilla\Firefox\Profiles\wjmervw1.default\user.js
File Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\searchplugins\Ask.xml
File Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\user.js
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
Folder Found : C:\Documents and Settings\ale\Application Data\AVG Nation toolbar
Folder Found : C:\Documents and Settings\ale\Application Data\AVG SafeGuard toolbar
Folder Found : C:\Documents and Settings\ale\Application Data\Mozilla\Firefox\Profiles\wjmervw1.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Documents and Settings\ale\Application Data\Mozilla\Firefox\Profiles\wjmervw1.default\Extensions\staged\ffxtlbr@mysearchdial.com
Folder Found : C:\Documents and Settings\Alison\Application Data\DriverCure
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\Conduit
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\CT2384137
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\Extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Found : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\Extensions\staged\ffxtlbr@mysearchdial.com
Folder Found : C:\Documents and Settings\Alison\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\Alison\Application Data\Uniblue
Folder Found : C:\Documents and Settings\Alison\Application Data\Uniblue\DriverScanner
Folder Found : C:\Documents and Settings\Alison\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\All Users\Application Data\WinMaximizer
Folder Found : C:\Documents and Settings\Heather\Application Data\ParetoLogic
Folder Found : C:\Documents and Settings\Heather\Application Data\Uniblue
Folder Found : C:\Documents and Settings\Heather\Local Settings\Application Data\AlterGeo
Folder Found : C:\Documents and Settings\Heather\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\Heather\Local Settings\Application Data\PackageAware
Folder Found : C:\Program Files\Music Toolbar

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\WinMaximizer
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\WinMaximizer
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\BearShare Applications\BearShare\BearShare.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Documents and Settings\ale\Application Data\Mozilla\Firefox\Profiles\wjmervw1.default\prefs.js ]

Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Alison\Application Data\Mozilla\Firefox\Profiles\vjrlnu7o.default\prefs.js ]

Line Found : user_pref("CT2384137.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2384137.CTID", "CT2384137");
Line Found : user_pref("CT2384137.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2384137.EMailNotifierPollDate", "Thu Mar 04 2010 00:17:34 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedLastCount129027572955594721", 250);
Line Found : user_pref("CT2384137.FeedPollDate129027572956531254", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedPollDate129027572956531255", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedPollDate129027572956531256", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedPollDate129027572956531257", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedPollDate129027572956531258", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.FeedTTL129027572956531254", 40);
Line Found : user_pref("CT2384137.FeedTTL129027572956531255", 40);
Line Found : user_pref("CT2384137.FeedTTL129027572956531256", 40);
Line Found : user_pref("CT2384137.FeedTTL129027572956531257", 40);
Line Found : user_pref("CT2384137.FeedTTL129027572956531258", 40);
Line Found : user_pref("CT2384137.FirstTime", true);
Line Found : user_pref("CT2384137.FirstTimeFF3", true);
Line Found : user_pref("CT2384137.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2384137.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2384137.Initialize", true);
Line Found : user_pref("CT2384137.InitializeCommonPrefs", true);
Line Found : user_pref("CT2384137.InstalledDate", "Mon Nov 23 2009 18:18:20 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.InvalidateCache", false);
Line Found : user_pref("CT2384137.IsGrouping", false);
Line Found : user_pref("CT2384137.IsMulticommunity", false);
Line Found : user_pref("CT2384137.IsOpenThankYouPage", true);
Line Found : user_pref("CT2384137.IsOpenUninstallPage", true);
Line Found : user_pref("CT2384137.LanguagePackLastCheckTime", "Thu Mar 04 2010 00:12:42 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2384137.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2384137.LastLogin_2.4.0.4", "Thu Mar 04 2010 00:12:35 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.LatestVersion", "2.1.0.18");
Line Found : user_pref("CT2384137.Locale", "en");
Line Found : user_pref("CT2384137.LoginCache", 4);
Line Found : user_pref("CT2384137.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2384137.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2384137.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2384137.RadioIsPodcast", false);
Line Found : user_pref("CT2384137.RadioLastCheckTime", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.RadioLastUpdateIPServer", "4");
Line Found : user_pref("CT2384137.RadioLastUpdateServer", "128998424480370000");
Line Found : user_pref("CT2384137.RadioMediaID", "12743586");
Line Found : user_pref("CT2384137.RadioMediaType", "Media Player");
Line Found : user_pref("CT2384137.RadioMenuSelectedID", "EBRadioMenu_CT238413712743586");
Line Found : user_pref("CT2384137.RadioStationName", "Radio%20IO%20-%2080s%20New%20Wave%20");
Line Found : user_pref("CT2384137.RadioStationURL", "hxxp://eradioportal.com/radioio_80s_New_Wave.asx");
Line Found : user_pref("CT2384137.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT2384137.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2384137&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2384137.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2384137.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2384137.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2384137.SearchInNewTabLastCheckTime", "Thu Mar 04 2010 00:12:30 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2384137.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2384137.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2384137.SettingsLastCheckTime", "Thu Mar 04 2010 00:12:29 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.SettingsLastUpdate", "1263226192");
Line Found : user_pref("CT2384137.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2384137.ThirdPartyComponentsLastCheck", "Thu Mar 04 2010 00:12:29 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.ThirdPartyComponentsLastUpdate", "1265750167");
Line Found : user_pref("CT2384137.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2384137.UserID", "UN63829465382982159");
Line Found : user_pref("CT2384137.ValidationData_Search", 2);
Line Found : user_pref("CT2384137.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2384137.WeatherNetwork", "");
Line Found : user_pref("CT2384137.WeatherPollDate", "Thu Mar 04 2010 00:12:33 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CT2384137.WeatherUnit", "C");
Line Found : user_pref("CT2384137.alertChannelId", "778910");
Line Found : user_pref("CT2384137.clientLogIsEnabled", false);
Line Found : user_pref("CT2384137.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2384137.myStuffEnabled", true);
Line Found : user_pref("CT2384137.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2384137.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
Line Found : user_pref("CT2384137.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2384137.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2384137.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2384137");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 04 2010 00:12:29 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 04 2010 00:12:29 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "{abcb4b8d-f284-4b6a-bbc7-86fab81a2b7d}");
Line Found : user_pref("CommunityToolbar.twitter.user_14372486.LastCheckTime", "Thu Mar 04 2010 00:12:31 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.twitter.user_20278298.LastCheckTime", "Thu Mar 04 2010 00:12:31 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.twitter.user_717313.LastCheckTime", "Thu Mar 04 2010 00:12:31 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Thu Mar 04 2010 00:12:31 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("CommunityToolbar.twitter.user_819800.LastCheckTime", "Thu Mar 04 2010 00:12:31 GMT+0000 (GMT Standard Time)");
Line Found : user_pref("avg.toolbar.searchhistory", "[\"toolbar.ask.com\", \"uk.yhs.search.yahoo.com\", \"king.com\", \"free lesbian porn\", \"halifax\", \"facebook\", \"nationalexpress\", \"megabus.com\", \"yahoo[...]
Line Found : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Found : user_pref("extensions.snipit.askTbInstalled", true);
Line Found : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10168&gct=&gc=1&q={searchTerms}&crm=1");

[ File : C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012\prefs.js ]

[ File : C:\Documents and Settings\mine\Application Data\Mozilla\Firefox\Profiles\kxwzco7f.default\prefs.js ]

-\\ Google Chrome v39.0.2138.3

[ File : C:\Documents and Settings\ale\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [19017 octets] - [29/08/2014 05:26:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [19078 octets] ##########

alison2011 · August 29, 2014

doing the ot scan again thought some of the lists were auto set lol oh well the joys of getting clean also unticked the box on run as admin on the JRT it went a bit further but not much and it did the same as before opened documents and it went no further

alison2011 · August 29, 2014

OTL logfile created on: 29/08/2014 06:42:30 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.88 Mb Total Physical Memory | 277.87 Mb Available Physical Memory | 27.41% Memory free
2.39 Gb Paging File | 1.58 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 86.57 Gb Free Space | 77.44% Space Free | Partition Type: NTFS

Computer Name: CURLEWBIRDY | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Heather\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Secure Backup)
PRC - C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe (Malwarebytes Corporation)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\3f1613bcf5b9cf536359bfff7bd18a5a\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\40f4f298c3c655b834c73b5046a9cd0b\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fd54d0f2f9e59c87b568b9abc23d7cdf\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\40ab9da3eafd6bd1cbc6695ba406975a\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\591cc2015a0165ede73d3e6770e0e7c2\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\b420437eca1d1aec1a8bf23cc5173661\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\30ed505f7ea7d6139128d4a6d9981dc0\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d85a3d6ed5bb77f5603e098cccf60bfa\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\c12e10c218be4be353975af6abb072d9\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\2d7c29ad77c15abfa6a8fe6d24840a91\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\85693dfd9ba4905b0fd947fdb51446d5\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac2cd19f2159d48684e17cbdecfaa3b7\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\aa86b1a0c9a5bd2a973bef106c0461f9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fd639d8d8def70deaf3b26cd073577f3\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe ()
MOD - C:\Program Files\Toshiba\ConfigFree\CFShlExt.dll ()

========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (AVG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (sagentservice) -- C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Secure Backup)
SRV - (Mobile Broadband HL Service) -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe ()
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (TAPPSRV) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbnet) -- system32\DRIVERS\ZTEusbnet.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Trufos) -- C:\Program Files\Softwin\BitDefender10\trufos.sys File not found
DRV - (Tosrfcom) -- File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (Profos) -- C:\Program Files\Softwin\BitDefender10\profos.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_cdcacm) -- system32\DRIVERS\ew_jucdcacm.sys File not found
DRV - (filtertdidriver) -- system32\drivers\ewfiltertdidriver.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (BDRsDrv) -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys File not found
DRV - (BDFsDrv) -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (vodafone_K380x-z_dc_enum) -- C:\WINDOWS\system32\drivers\vodafone_K380x-z_dc_enum.sys (Vodafone)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\sbredrv.sys (Sunbelt Software)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (tos_sps32) -- C:\WINDOWS\system32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://badoo.com/startpage/
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes,DefaultScope = {8A244612-A1F7-11E0-95C0-E71F4824019B}
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{6465B39C-2FA5-46DD-9E82-E632AF7DCDB7}: "URL" = http://search.avg.com/route/?d=4db39a1e&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en-GB&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{89196B53-83FE-4A05-B900-2557610C5DA6}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{93FC45A0-251A-4661-A6EA-C7B99A552464}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSED
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{9FFCCE37-2FE7-4240-B306-B7B498BBE9B8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&form=MS8TDS&pc=MS8TDS&src=IE-SearchBox
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/07/18 04:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/08/13 11:45:22 | 000,000,000 | ---D | M]

[2009/06/30 10:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Extensions
[2014/08/28 07:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012\extensions
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(3)
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(3)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2014/08/28 07:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/08/28 07:39:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution(2)\extensions(2)
[2014/07/18 04:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution(3)\extensions(2)
[2009/05/12 17:26:34 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npganymedenet.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_1\
CHR - Extension: No name found = C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2013/10/16 10:46:39 | 000,449,016 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 15442 more lines...
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AccountCreatorRunner] C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe (Malwarebytes Secure Backup)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [sMessaging] C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe (Malwarebytes Secure Backup)
O4 - HKLM..\Run: [smoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [sOSUAUI] C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe (Malwarebytes Secure Backup)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe ()
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe ()
O4 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007..\Run: [EPSON SX510W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Heather\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\browsemngr.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browsermngr.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta babylon.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta tb.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta2.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltainstaller.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltasetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltatb.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\iminentsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - tasklist.exe File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/19 07:27:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/29 05:43:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2014/08/29 05:24:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/29 05:00:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ
[2014/08/29 04:53:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/08/29 03:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/08/29 03:27:06 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Heather\Desktop\JRT.exe
[2014/08/28 02:43:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Heather\Recent
[2014/08/27 23:11:54 | 001,682,416 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\Heather\Desktop\mbam-check-2.1.1.1001.exe
[2014/08/27 22:39:44 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/27 05:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
[2014/08/27 05:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Secure Backup
[2014/08/27 01:52:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2014/08/27 01:12:51 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/27 01:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/08/27 01:12:35 | 000,054,232 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/27 01:12:35 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/08/27 01:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014/08/27 00:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/08/21 19:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Heather\Application Data\EPSON
[2014/08/21 16:47:37 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\esdevapp.exe
[2014/08/21 16:47:37 | 000,015,872 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escdev.dll
[2014/08/21 16:47:36 | 000,342,016 | ---- | C] (Seiko Epson Corporation) -- C:\WINDOWS\System32\eswiaud.dll
[2014/08/21 16:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2014/08/21 16:25:25 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2014/08/21 16:25:23 | 000,093,696 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBFIE.DLL
[2014/08/21 16:25:23 | 000,079,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BFIE.DLL
[2014/08/21 15:18:47 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2014/08/18 15:02:53 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2014/08/18 15:02:53 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2014/08/18 15:02:53 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2014/08/18 15:02:53 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2014/08/18 15:02:52 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2014/08/18 14:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2014/08/18 14:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/08/29 06:53:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/08/29 06:14:49 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/29 06:11:45 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/08/29 05:43:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Heather\Desktop\OTL.exe
[2014/08/29 05:23:44 | 001,364,531 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\AdwCleaner.exe
[2014/08/29 04:56:56 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\Online Backup Update Notifier.job
[2014/08/29 04:46:36 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/29 04:46:25 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/08/29 04:44:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/08/29 04:44:49 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/29 03:27:39 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Heather\Desktop\JRT.exe
[2014/08/29 02:03:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/08/28 07:39:49 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/08/28 07:39:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/08/28 07:37:43 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Heather\Desktop\Set Program Access and Defaults.lnk
[2014/08/28 01:41:20 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/08/27 23:12:55 | 001,682,416 | ---- | M] (Malwarebytes Corporation) -- C:\Documents and Settings\Heather\Desktop\mbam-check-2.1.1.1001.exe
[2014/08/27 05:19:10 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Secure Backup.lnk
[2014/08/27 04:01:35 | 000,662,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/08/27 04:01:35 | 000,150,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/08/27 01:58:39 | 000,054,232 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/08/27 01:12:42 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/27 01:00:58 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/08/21 16:47:38 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2014/08/13 13:31:08 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Heather\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/08/08 15:00:00 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/08/29 05:23:17 | 001,364,531 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\AdwCleaner.exe
[2014/08/28 07:37:42 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Heather\Desktop\Set Program Access and Defaults.lnk
[2014/08/27 05:20:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\Online Backup Update Notifier.job
[2014/08/27 05:19:10 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Secure Backup.lnk
[2014/08/27 01:12:42 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/08/21 16:47:38 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2014/08/18 15:02:53 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2014/08/18 15:02:53 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2014/08/18 15:02:53 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2014/08/18 15:02:53 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2014/08/18 15:02:53 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2014/08/18 15:02:53 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2014/08/18 15:02:53 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2014/08/18 15:02:53 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2014/08/18 15:02:53 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2014/08/18 15:02:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2014/08/18 15:02:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2014/08/18 15:02:53 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2014/08/18 15:02:53 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2014/08/18 15:02:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2014/08/18 15:02:53 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2014/08/18 15:02:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2014/08/18 15:02:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2014/08/18 15:02:53 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2014/08/18 15:02:53 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2014/08/18 15:02:52 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2014/08/18 15:02:52 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2014/08/18 15:02:52 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2014/08/18 15:02:52 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2014/08/18 15:02:52 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2014/08/18 15:02:52 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2014/08/18 15:02:52 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2014/08/18 15:02:52 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2014/08/18 15:02:52 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2014/08/18 15:02:52 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2014/08/18 15:02:52 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2014/08/18 15:02:52 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2014/08/18 15:02:52 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2014/04/16 16:18:36 | 000,003,744 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2014/04/05 03:35:09 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2014/02/26 14:47:42 | 000,245,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/06/03 20:02:31 | 000,118,626 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1338750107.bdinstall.bin
[2010/08/04 21:31:03 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\wklnhst.dat
[2010/03/21 10:50:34 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Heather\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/01 00:19:15 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Heather\Application Data\Launch Internet Explorer Browser.lnk

========== ZeroAccess Check ==========

[2008/09/19 07:32:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\SHDOCVW.dll -- [2009/03/03 00:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/03 23:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ale\Application Data\AVG Nation toolbar
[2014/05/02 13:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ale\Application Data\AVG SafeGuard toolbar
[2013/03/07 23:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ale\Application Data\Vodafone
[2013/03/07 23:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ale\Application Data\Windows Desktop Search
[2012/07/25 01:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\aAvgApi
[2012/07/25 01:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\AVG10
[2009/04/27 20:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/09/14 18:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\DriverCure
[2009/09/14 03:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\ErrorExpert
[2009/06/08 21:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\GanymedeNet
[2009/09/06 10:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\GetRightToGo
[2009/11/27 04:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\GlarySoft
[2009/11/23 19:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\IObit
[2009/09/14 22:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\ParetoLogic
[2009/10/19 12:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\Reg Tool
[2009/05/19 23:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\Template
[2009/04/17 16:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\Toshiba
[2009/11/30 13:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alison\Application Data\Uniblue
[2012/07/23 17:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alison3\Application Data\Vodafone
[2011/04/25 21:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/14 23:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2014/08/27 00:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/07/25 01:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2014/08/27 00:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/07/25 01:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/10/25 11:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2009/09/14 18:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/12/18 00:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/18 17:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2009/09/14 22:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/08/02 04:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2014/08/21 16:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/24 02:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2014/08/27 00:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/08/29 05:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ
[2010/10/13 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/14 22:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2009/09/14 23:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/11/19 02:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/01 18:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/05/01 19:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/03/30 01:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2011/05/15 04:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC
[2011/04/18 03:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/25 09:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2013/07/21 21:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2011/04/17 11:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinMaximizer
[2014/07/26 11:44:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/07/26 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2014/07/26 10:48:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2014/07/26 10:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/11/27 09:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/10/14 23:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVG
[2012/07/25 01:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVG10
[2013/10/14 21:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\AVG2014
[2010/04/16 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/12/03 03:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\DMCache
[2012/05/02 19:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ElevatedDiagnostics
[2014/08/21 19:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\EPSON
[2011/04/17 10:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ErrorExpert
[2011/04/18 03:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\GlarySoft
[2013/06/22 03:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IDM
[2009/12/27 12:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\IObit
[2013/11/27 13:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Jenkat
[2011/04/26 22:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\licenses
[2014/06/13 23:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\MSNInstaller
[2013/11/27 13:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Namco
[2012/07/25 02:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Oracle
[2010/08/03 02:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\ParetoLogic
[2011/04/26 22:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PCMM2009
[2011/04/26 22:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\PCMM2011
[2014/04/17 11:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\QuickScan
[2011/10/25 20:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\T-Mobile
[2011/10/25 21:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\T-Mobile Internet Manager
[2010/08/04 21:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Template
[2010/09/29 14:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Toshiba
[2013/10/14 21:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\TuneUp Software
[2013/11/27 14:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Uniblue
[2011/04/15 17:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Vodafone
[2012/07/25 01:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Windows Desktop Search
[2012/05/19 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Heather\Application Data\Windows Search
[2014/07/26 10:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2009/05/17 01:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2013/11/27 09:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mine\Application Data\TuneUp Software
[2014/08/27 04:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mine\Application Data\Windows Desktop Search

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 13:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 14:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 13:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 13:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 13:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 13:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 13:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 13:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 13:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 13:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 13:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 13:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 13:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 13:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 00:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 13:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 13:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 13:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 13:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 13:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 07:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< MD5 for: RPCSS.DLL >
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 11:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wupdmgr.exe:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

alison2011 · August 29, 2014

OTL Extras logfile created on: 29/08/2014 06:42:30 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Heather\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.88 Mb Total Physical Memory | 277.87 Mb Available Physical Memory | 27.41% Memory free
2.39 Gb Paging File | 1.58 Gb Available in Paging File | 66.06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 86.57 Gb Free Space | 77.44% Space Free | Partition Type: NTFS

Computer Name: CURLEWBIRDY | User Name: Heather | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2577866921-869302320-1379617784-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95250409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Resource Kit Tools
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}" = Malwarebytes Secure Backup
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"IEAK5" = Microsoft Internet Explorer Administration Kit 5
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 32.0 (x86 en-US)" = Mozilla Firefox 32.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OutRun_is1" = OutRun
"Pacman" = Pacman (remove only)
"Picasa 3" = Picasa 3
"Revo Uninstaller" = Revo Uninstaller 1.92
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/08/2014 23:53:32 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 26/08/2014 23:55:57 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:16:53 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:47:37 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:56:25 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:22:21 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:26:11 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 04:50:26 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:45:30 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:47:44 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

[ Application Events ]
Error - 26/08/2014 23:53:32 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 26/08/2014 23:55:57 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:16:53 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:47:37 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:56:25 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:22:21 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:26:11 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 04:50:26 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:45:30 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:47:44 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

[ Application Events ]
Error - 26/08/2014 23:53:32 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 26/08/2014 23:55:57 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:16:53 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:47:37 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 00:56:25 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:22:21 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 27/08/2014 18:26:11 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 04:50:26 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:45:30 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

Error - 28/08/2014 23:47:44 | Computer Name = CURLEWBIRDY | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 28/08/2014 04:50:09 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
   %%5

Error - 28/08/2014 04:50:09 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Description with the following
error:   %%5

Error - 28/08/2014 04:50:50 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 28/08/2014 08:40:48 | Computer Name = CURLEWBIRDY | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 28/08/2014 11:11:29 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 28/08/2014 23:45:31 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 28/08/2014 23:45:37 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   BMLoad

Error - 28/08/2014 23:46:25 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 28/08/2014 23:46:47 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the MBAMService service.

Error - 28/08/2014 23:47:46 | Computer Name = CURLEWBIRDY | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

< End of report >

AdvancedSetup · August 29, 2014

I will go ahead and take over this topic per agreement. Please run the following and post back the log.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Restart the computer after running the fix.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

alison2011 · August 29, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014
Ran by Heather at 2014-08-29 07:57:18 Run:1
Running from C:\Documents and Settings\Heather\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...8140&type=horus
SearchScopes: HKCU - {6465B39C-2FA5-46DD-9E82-E632AF7DCDB7} URL = http://search.avg.co...}&iy=b&ychte=us
SearchScopes: HKCU - {89196B53-83FE-4A05-B900-2557610C5DA6} URL = http://de.search.yah...8140&type=horus
SearchScopes: HKCU - {9FFCCE37-2FE7-4240-B306-B7B498BBE9B8} URL = http://search.live.c...rc=IE-SearchBox
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-19] (Oracle Corporation) [File not signed]
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6465B39C-2FA5-46DD-9E82-E632AF7DCDB7}" => Key deleted successfully.
"HKCR\CLSID\{6465B39C-2FA5-46DD-9E82-E632AF7DCDB7}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89196B53-83FE-4A05-B900-2557610C5DA6}" => Key deleted successfully.
"HKCR\CLSID\{89196B53-83FE-4A05-B900-2557610C5DA6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}" => Key deleted successfully.
"HKCR\CLSID\{8A244612-A1F7-11E0-95C0-E71F4824019B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9FFCCE37-2FE7-4240-B306-B7B498BBE9B8}" => Key deleted successfully.
"HKCR\CLSID\{9FFCCE37-2FE7-4240-B306-B7B498BBE9B8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key deleted successfully.
"HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
"HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5C051655-FCD5-4969-9182-770EA5AA5565}" => Key deleted successfully.
"HKCR\CLSID\{5C051655-FCD5-4969-9182-770EA5AA5565}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}" => Key deleted successfully.
"HKCR\CLSID\{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}" => Key deleted successfully.
"HKCR\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2" => Key deleted successfully.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2" => Key deleted successfully.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml => Moved successfully.
C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\jqs@sun.com => value deleted successfully.
JavaQuickStarterService => Service stopped successfully.
JavaQuickStarterService => Service deleted successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
"C:\WINDOWS\system32\wupdmgr.exe" => ":SummaryInformation" ADS not found.
C:\WINDOWS\system32\wupdmgr.exe => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":430C6D84" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":D1B5B4F1" ADS removed successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

AdvancedSetup · August 29, 2014

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.

Please download JavaRa-1.16 and save it to your computer.

Double click to open the zip file and then select all and choose Copy.
Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
Quit all browsers and other running applications.
Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

alison2011 · August 29, 2014

Hi Ron , i went as far as i could with the javara - after i clicked remove all older versions it said that Internet Explorer is open

so FRST fix must of fixed some of IE as i have not been able to use IE since Sep 2009!

When I have tried to fix IE myself manually before it has said that there is a major file missing!

I just went to the IE logo on my applications - under start menu and tried to open IE but nothing at all happened and no exit option.

Obviously i never got a log from JavaRa

i opened properties for IE on apps it is a shortcut only

created/modified 01/12/09 @ 00:19:15 assessed today 07:58:59

size 803bytes, size on disk 400kb (4096bytes)

run normal

start in %HOMEDRIVE%%HOMEPATH%

nothing is available/highlighted to click on in AVAILABILITY

I then went to add/remove programs

windows IE8 last used 18/04/2011

the only option is to remove not change/remove

version 20090308.140743

AdvancedSetup · August 29, 2014

No problem. Not sure we'll be able to fix everything but we'll do our best to get you cleaned up.

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

AdvancedSetup · August 29, 2014

Getting late so I'll check back on you sometime tomorrow.

alison2011 · August 29, 2014

i think i would have to run my windows xp recovery disk via usb disk drive for IE to be reinstalled but coz i am on xp not a good idea huh???

alison2011 · August 29, 2014

i maybe in trouble! i may be ok! i have done another frst scan with addition txt and and a fix log

alison2011 · August 29, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Heather (administrator) on CURLEWBIRDY on 29-08-2014 12:59:25
Running from C:\Documents and Settings\Heather\desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Atheros) C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(TOSHIBA Corp.) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Secure Backup\mbsbscan.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications, Inc.) C:\Program Files\Atheros\ACU.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe
(FileHippo.com) C:\Program Files\FileHippo.com\UpdateChecker.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2008-08-13] (Synaptics, Inc.)
HKLM\...\Run: [ACU] => C:\Program Files\Atheros\ACU.exe [450648 2008-04-14] (Atheros Communications, Inc.)
HKLM\...\Run: [THotkey] => C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [393216 2008-09-05] (TOSHIBA)
HKLM\...\Run: [smoothView] => C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [DDWMon] => C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [495616 2007-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16851456 2008-10-29] (Realtek Semiconductor Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-08-19] (Chicony)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup)
HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [5567800 2008-09-08] ()
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [FileHippo.com] => C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Run: [EPSON SX510W Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE [199680 2008-11-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2577866921-869302320-1379617784-1007\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Heather\Application Data\Mozilla\Firefox\Profiles\eh7yg0cn.default-1409207353012
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npganymedenet.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-14]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Heather\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACS; C:\WINDOWS\system32\acs.exe [467028 2008-04-14] (Atheros) [File not signed]
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [262320 2014-07-09] (Adobe Systems Incorporated) [File not signed]
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-31] (Apple Inc.) [File not signed]
R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2005-01-17] (TOSHIBA CORPORATION) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) [File not signed]
R2 Mobile Broadband HL Service; C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe [233344 2012-06-28] ()
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-07-22] (Mozilla Foundation) [File not signed]
R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) [File not signed]
R2 TAPPSRV; C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe [33792 2008-08-29] (TOSHIBA Corp.) [File not signed]
R2 UxTuneUp; C:\WINDOWS\System32\uxtuneup.dll [35640 2014-07-14] (AVG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1528928 2009-03-13] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54232 2014-08-27] (Malwarebytes Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-29] (Malwarebytes Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 Netdevio; C:\WINDOWS\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.) [File not signed]
R3 RSUSBSTOR; C:\WINDOWS\System32\Drivers\RTS5121.sys [157696 2008-09-04] (Realtek Semiconductor Corp.)
S3 SBRE; C:\WINDOWS\system32\drivers\SBREdrv.sys [92464 2009-06-18] (Sunbelt Software)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-05] ()
R1 tcpipBM; C:\WINDOWS\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
R3 tdcmdpst; C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys [16128 2006-10-18] (TOSHIBA Corporation.) [File not signed]
R2 tdudf; C:\WINDOWS\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R2 trudf; C:\WINDOWS\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
S3 UVCFTR; C:\WINDOWS\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
R3 vodafone_K380x-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K380x-z_dc_enum.sys [80000 2010-05-20] (Vodafone)
S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-08-11] (ZTE Incorporated)
S3 BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [X]
S3 BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [X]
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 PCASp50; System32\Drivers\PCASp50.sys [X]
S3 Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
U5 sdbus; C:\Windows\System32\Drivers\sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
S3 Tosrfcom; No ImagePath
S3 Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 12:59 - 2014-08-29 12:59 - 00015225 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt
2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt
2014-08-29 12:33 - 2014-08-29 12:34 - 01095168 _____ (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe
2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log
2014-08-29 08:30 - 2014-08-29 08:31 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java
2014-08-29 06:35 - 2014-08-29 06:57 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt
2014-08-29 06:08 - 2014-08-29 06:57 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt
2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe
2014-08-29 05:24 - 2014-08-29 05:28 - 00000000 ___DC () C:\AdwCleaner
2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe
2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log
2014-08-29 05:00 - 2014-08-29 05:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ
2014-08-29 04:54 - 2014-08-29 05:02 - 00011345 _____ () C:\WINDOWS\KB945436.log
2014-08-29 04:53 - 2014-08-29 05:01 - 00007495 _____ () C:\WINDOWS\KB959765.log
2014-08-29 04:51 - 2014-08-29 05:05 - 00049586 _____ () C:\WINDOWS\setupapi.log
2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe
2014-08-28 19:43 - 2014-08-28 19:43 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk
2014-08-27 23:13 - 2014-08-27 23:31 - 00032477 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt
2014-08-27 23:11 - 2014-08-27 23:12 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe
2014-08-27 22:39 - 2014-08-29 12:59 - 00000000 ___DC () C:\FRST
2014-08-27 05:20 - 2014-08-29 08:12 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:08 - 2014-08-29 04:42 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-27 04:08 - 2014-08-28 09:50 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-27 04:08 - 2014-08-28 09:50 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-27 04:08 - 2014-08-27 04:10 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 04:08 - 2013-11-27 09:17 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\TuneUp Software
2014-08-27 04:08 - 2013-11-27 09:16 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Avg2014
2014-08-27 04:08 - 2011-05-11 17:32 - 00000000 __SHD () C:\Documents and Settings\mine\IETldCache
2014-08-27 04:08 - 2009-08-01 00:34 - 00001599 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Remote Assistance.lnk
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Seven Zip
2014-08-27 04:08 - 2008-09-25 09:55 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Adobe
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Sun
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\InstallShield
2014-08-27 04:08 - 2008-09-25 09:54 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Adobe
2014-08-27 04:08 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Microsoft Help
2014-08-27 04:08 - 2008-09-19 07:31 - 00000745 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Outlook Express.lnk
2014-08-27 03:54 - 2014-08-27 03:57 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-29 08:04 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 01:12 - 2014-08-27 01:58 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 00:26 - 2014-08-27 01:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2014-08-21 16:47 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\escdev.dll
2014-08-21 16:47 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2014-08-21 16:25 - 2014-08-21 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:25 - 2008-11-12 03:00 - 00093696 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FLBFIE.DLL
2014-08-21 16:25 - 2008-11-12 03:00 - 00079360 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_FD4BFIE.DLL
2014-08-21 16:25 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_DCINST.DLL
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2014-08-21 15:18 - 2008-04-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2014-08-18 15:02 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll
2014-08-18 15:02 - 2007-06-22 00:10 - 00000097 _____ () C:\WINDOWS\system32\PICSDK.ini
2014-08-18 15:02 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll
2014-08-18 15:02 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll
2014-08-18 15:02 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll
2014-08-18 15:02 - 2005-06-01 00:20 - 00111932 _____ () C:\WINDOWS\system32\EPPICPrinterDB.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00031053 _____ () C:\WINDOWS\system32\EPPICPattern131.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00027417 _____ () C:\WINDOWS\system32\EPPICPattern121.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00026154 _____ () C:\WINDOWS\system32\EPPICPattern1.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00024903 _____ () C:\WINDOWS\system32\EPPICPattern3.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00021390 _____ () C:\WINDOWS\system32\EPPICPattern5.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00020148 _____ () C:\WINDOWS\system32\EPPICPattern2.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00013732 _____ () C:\WINDOWS\system32\EPPICLocal_EN.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00011811 _____ () C:\WINDOWS\system32\EPPICPattern4.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00006442 _____ () C:\WINDOWS\system32\EPPICLocal_IT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_PT.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006347 _____ () C:\WINDOWS\system32\EPPICLocal_BP.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006335 _____ () C:\WINDOWS\system32\EPPICLocal_GE.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_FR.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006195 _____ () C:\WINDOWS\system32\EPPICLocal_CF.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006122 _____ () C:\WINDOWS\system32\EPPICLocal_DU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00006103 _____ () C:\WINDOWS\system32\EPPICLocal_ES.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005817 _____ () C:\WINDOWS\system32\EPPICLocal_KO.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00005436 _____ () C:\WINDOWS\system32\EPPICLocal_SC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00004943 _____ () C:\WINDOWS\system32\EPPICPattern6.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00002889 _____ () C:\WINDOWS\system32\EPPICLocal_RU.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00002426 _____ () C:\WINDOWS\system32\EPPICLocal_TC.cfg
2014-08-18 15:02 - 2004-03-03 06:10 - 00001146 _____ () C:\WINDOWS\system32\EPPICPresetData_DU.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_PT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001139 _____ () C:\WINDOWS\system32\EPPICPresetData_BP.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001136 _____ () C:\WINDOWS\system32\EPPICPresetData_ES.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_FR.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001129 _____ () C:\WINDOWS\system32\EPPICPresetData_CF.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001120 _____ () C:\WINDOWS\system32\EPPICPresetData_IT.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001107 _____ () C:\WINDOWS\system32\EPPICPresetData_GE.dat
2014-08-18 15:02 - 2004-03-03 06:10 - 00001104 _____ () C:\WINDOWS\system32\EPPICPresetData_EN.dat
2014-08-18 14:55 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-18 14:47 - 2014-08-21 16:47 - 00000000 ____D () C:\Program Files\epson

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-29 12:59 - 2014-08-29 12:59 - 00015225 _____ () C:\Documents and Settings\Heather\desktop\FRST.txt
2014-08-29 12:59 - 2014-08-27 22:39 - 00000000 ___DC () C:\FRST
2014-08-29 12:59 - 2010-10-06 09:55 - 00000000 ____D () C:\Documents and Settings\Heather\Local Settings\Temp
2014-08-29 12:53 - 2013-12-03 08:30 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-29 12:51 - 2010-09-06 01:26 - 01640981 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-29 12:43 - 2014-08-29 12:43 - 00004050 _____ () C:\Documents and Settings\Heather\desktop\fixlist.txt
2014-08-29 12:34 - 2014-08-29 12:33 - 01095168 _____ (Farbar) C:\Documents and Settings\Heather\desktop\FRST.exe
2014-08-29 12:14 - 2008-09-19 08:21 - 00826882 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-29 08:38 - 2014-08-29 08:38 - 00006368 ____C () C:\JavaRa.log
2014-08-29 08:31 - 2014-08-29 08:30 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\remove java
2014-08-29 08:12 - 2014-08-27 05:20 - 00000466 _____ () C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2014-08-29 08:04 - 2014-08-27 01:12 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-29 08:01 - 2010-09-06 03:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-29 08:01 - 2010-09-06 03:16 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-08-29 08:01 - 2008-09-19 07:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-29 07:59 - 2011-06-21 02:24 - 00032494 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-29 07:59 - 2009-04-06 07:56 - 00000178 __SHC () C:\Documents and Settings\Heather\ntuser.ini
2014-08-29 07:59 - 2008-09-19 08:10 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-08-29 07:22 - 2009-04-19 14:01 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-29 06:57 - 2014-08-29 06:35 - 00048140 _____ () C:\Documents and Settings\Heather\desktop\Extras.Txt
2014-08-29 06:57 - 2014-08-29 06:08 - 00117946 _____ () C:\Documents and Settings\Heather\desktop\OTL.Txt
2014-08-29 05:43 - 2014-08-29 05:43 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Heather\desktop\OTL.exe
2014-08-29 05:28 - 2014-08-29 05:24 - 00000000 ___DC () C:\AdwCleaner
2014-08-29 05:23 - 2014-08-29 05:23 - 01364531 _____ () C:\Documents and Settings\Heather\desktop\AdwCleaner.exe
2014-08-29 05:05 - 2014-08-29 05:05 - 00000388 _____ () C:\WINDOWS\nsw.log
2014-08-29 05:05 - 2014-08-29 04:51 - 00049586 _____ () C:\WINDOWS\setupapi.log
2014-08-29 05:02 - 2014-08-29 04:54 - 00011345 _____ () C:\WINDOWS\KB945436.log
2014-08-29 05:01 - 2014-08-29 05:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MobileBrServ
2014-08-29 05:01 - 2014-08-29 04:53 - 00007495 _____ () C:\WINDOWS\KB959765.log
2014-08-29 04:44 - 2014-01-15 00:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-29 04:42 - 2014-08-27 04:08 - 00000178 ___SH () C:\Documents and Settings\mine\ntuser.ini
2014-08-29 03:30 - 2014-08-29 03:30 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-29 03:27 - 2014-08-29 03:27 - 01016261 _____ (Thisisu) C:\Documents and Settings\Heather\desktop\JRT.exe
2014-08-29 02:03 - 2014-06-19 09:20 - 00001813 _____ () C:\Documents and Settings\All Users\desktop\Google Chrome.lnk
2014-08-28 19:43 - 2014-08-28 19:43 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-08-28 19:43 - 2014-08-28 19:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-08-28 09:50 - 2014-08-27 04:08 - 00053240 _____ () C:\Documents and Settings\mine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-08-28 09:50 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Temp
2014-08-28 07:39 - 2014-07-18 04:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-28 07:39 - 2014-01-15 00:05 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 07:39 - 2014-01-15 00:05 - 00000724 ____C () C:\Documents and Settings\All Users\desktop\Mozilla Firefox.lnk
2014-08-28 07:37 - 2014-08-28 07:37 - 00000104 _____ () C:\Documents and Settings\Heather\desktop\Set Program Access and Defaults.lnk
2014-08-28 07:29 - 2014-07-26 13:56 - 00000000 ____D () C:\Documents and Settings\Heather\desktop\Old Firefox Data
2014-08-28 02:43 - 2009-04-06 07:56 - 00000000 ____D () C:\Documents and Settings\Heather
2014-08-28 01:41 - 2011-09-27 02:53 - 00001919 ____C () C:\WINDOWS\epplauncher.mif
2014-08-27 23:31 - 2014-08-27 23:13 - 00032477 _____ () C:\Documents and Settings\Heather\desktop\CheckResults.txt
2014-08-27 23:12 - 2014-08-27 23:11 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Heather\desktop\mbam-check-2.1.1.1001.exe
2014-08-27 11:14 - 2008-09-19 07:31 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-27 06:47 - 2012-05-28 02:17 - 00005632 __SHC () C:\WINDOWS\Thumbs.db
2014-08-27 05:19 - 2014-08-27 05:19 - 00001752 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Secure Backup.lnk
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup
2014-08-27 05:19 - 2014-08-27 05:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2014-08-27 05:19 - 2010-12-16 02:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 04:50 - 2014-02-12 16:01 - 00000000 ____D () C:\Program Files\Music Toolbar
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Mozilla
2014-08-27 04:12 - 2014-08-27 04:12 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Mozilla
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Windows Desktop Search
2014-08-27 04:11 - 2014-08-27 04:11 - 00000000 ____D () C:\Documents and Settings\mine\Application Data\Apple Computer
2014-08-27 04:10 - 2014-08-27 04:10 - 00000803 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Internet Explorer.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000797 _____ () C:\Documents and Settings\mine\Application Data\Launch Internet Explorer Browser.lnk
2014-08-27 04:10 - 2014-08-27 04:10 - 00000000 ____D () C:\Documents and Settings\mine\Local Settings\Application Data\Google
2014-08-27 04:10 - 2014-08-27 04:08 - 00000000 ___RD () C:\Documents and Settings\mine\Start Menu\Programs\Accessories
2014-08-27 04:09 - 2014-08-27 04:09 - 00000788 _____ () C:\Documents and Settings\mine\Start Menu\Programs\Windows Media Player.lnk
2014-08-27 04:09 - 2014-08-27 04:09 - 00000782 _____ () C:\Documents and Settings\mine\desktop\Windows Media Player.lnk
2014-08-27 04:08 - 2014-08-27 04:08 - 00000000 ____D () C:\Documents and Settings\mine
2014-08-27 03:57 - 2014-08-27 03:54 - 00000796 _____ () C:\Documents and Settings\Heather\desktop\unhide.txt
2014-08-27 03:16 - 2008-09-19 08:37 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-08-27 01:58 - 2014-08-27 01:12 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-27 01:52 - 2014-08-27 01:52 - 00000000 ___HD () C:\WINDOWS\PIF
2014-08-27 01:12 - 2014-08-27 01:12 - 00000777 _____ () C:\Documents and Settings\All Users\desktop\Malwarebytes Anti-Malware.lnk
2014-08-27 01:12 - 2014-08-27 01:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-27 01:12 - 2014-08-27 00:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 01:11 - 2014-08-27 01:11 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-08-27 01:00 - 2014-04-25 00:59 - 00000682 _____ () C:\Documents and Settings\All Users\desktop\CCleaner.lnk
2014-08-27 01:00 - 2014-04-25 00:59 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-27 00:15 - 2013-10-14 21:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-27 00:15 - 2010-12-18 00:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-27 00:13 - 2013-12-02 20:50 - 00000000 ___DC () C:\$AVG
2014-08-27 00:07 - 2014-03-31 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-27 00:03 - 2014-04-16 16:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2014-08-25 21:14 - 2014-04-16 16:18 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-08-24 03:17 - 2012-02-11 14:02 - 00316416 __SHC () C:\Documents and Settings\Heather\My Documents\Thumbs.db
2014-08-21 19:47 - 2014-08-21 19:47 - 00000000 ____D () C:\Documents and Settings\Heather\Application Data\EPSON
2014-08-21 16:47 - 2014-08-21 16:47 - 00000665 _____ () C:\Documents and Settings\All Users\desktop\EPSON Scan.lnk
2014-08-21 16:47 - 2014-08-21 16:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2014-08-21 16:47 - 2014-08-18 14:47 - 00000000 ____D () C:\Program Files\epson
2014-08-21 16:47 - 2008-09-19 08:15 - 00000000 ____D () C:\WINDOWS\twain_32
2014-08-21 16:25 - 2014-08-18 14:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\EPSON
2014-08-13 13:14 - 2012-10-15 12:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-13 13:14 - 2009-10-18 17:19 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-13 13:05 - 2008-09-19 08:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-13 13:03 - 2013-07-12 22:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-31 23:42 - 2009-04-21 01:35 - 96303304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

alison2011 · August 29, 2014

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Heather at 2014-08-29 13:00:55
Running from C:\Documents and Settings\Heather\desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall (Disabled) {8decf618-9569-4340-b34a-d78d28969b66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8355F970-601D-442D-A79B-1D7DB4F24CAD}) (Version: 2.5.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Utility (HKLM\...\{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}) (Version: - Atheros)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2138.3 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation)
Map Button (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Internet Explorer Administration Kit 5 (HKLM\...\IEAK5) (Version: - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office XP Resource Kit Tools (HKLM\...\{95250409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6403.0 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.16.00.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 32.0 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OneCare Advisor (Windows Live Toolbar) (Version: 03.00.2038 - Microsoft Corporation) Hidden
OutRun (HKLM\...\OutRun_is1) (Version: - GameFabrique)
Pacman (remove only) (HKLM\...\Pacman) (Version: - JenkatGames)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Popup Blocker (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0001 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5699 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Revo Uninstaller Pro 2.5.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.3 - VS Revo Group, Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Smart Menus (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Tabbed Browsing (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}) (Version: 5.90.11A2 - )
TOSHIBA Direct Disc Writer (HKLM\...\{400830CA-F056-4BBE-80A3-9DF9CA4FB889}) (Version: 1.1.0.0a - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA Manuals (HKLM\...\{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}) (Version: 7.40 - TOSHIBA)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 2.00.0002 - TOSHIBA)
TOSHIBA Zooming Utility (HKLM\...\{64212898-097F-4F3F-AECA-6D34A7EF82DF}) (Version: 2.00.00.24f - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Outlook Toolbar (Windows Live Toolbar) (Version: 03.01.0072 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Toolbar Feed Detector (Windows Live Toolbar) (Version: 03.01.0073 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2577866921-869302320-1379617784-1007_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

03-05-2014 10:00:36 Software Distribution Service 3.0
14-05-2014 10:02:19 Software Distribution Service 3.0
20-05-2014 09:57:43 System Checkpoint
13-06-2014 11:01:14 Software Distribution Service 3.0
09-07-2014 03:40:18 Software Distribution Service 3.0
24-07-2014 00:58:53 System Checkpoint
26-07-2014 09:41:32 Installed AVG PC TuneUp 2014
26-07-2014 09:51:18 Removed AVG PC TuneUp 2014
26-07-2014 09:52:02 Removed AVG PC TuneUp 2014 (en-US)
26-07-2014 09:53:31 Installed AVG PC TuneUp 2014
28-07-2014 10:40:42 Removed AVG PC TuneUp 2014
28-07-2014 10:43:10 Removed AVG PC TuneUp 2014 (en-US)
13-08-2014 11:45:13 Software Distribution Service 3.0
21-08-2014 15:25:19 Unsigned printer driver EPSON SX510W Series installed.
26-08-2014 23:13:06 Removed AVG 2014
26-08-2014 23:14:20 Removed AVG 2014
27-08-2014 03:03:58 Installed Malwarebytes Secure Backup
27-08-2014 03:05:30 Installed Malwarebytes Secure Backup
27-08-2014 04:18:55 Installed Malwarebytes Secure Backup
29-08-2014 03:54:24 Installed Windows XP KB959765.
29-08-2014 03:54:51 Installed Windows XP KB945436.
29-08-2014 04:01:37 Installed Windows XP KB959765.
29-08-2014 04:02:00 Installed Windows XP KB945436.
29-08-2014 07:18:41 Removed Java 7 Update 51
29-08-2014 10:00:30 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-04-20 19:41 - 2013-10-16 10:46 - 00449016 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files\Malwarebytes Secure Backup\SUpdateNotifier.exe
Task: C:\WINDOWS\Tasks\System Restore.job => C:\WINDOWS\system32\Restore\rstrui.exe

==================== Loaded Modules (whitelisted) =============

2014-08-29 05:01 - 2012-06-28 07:19 - 00233344 _____ () C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbservice.exe
2008-09-19 08:26 - 2004-11-05 17:24 - 00090112 _____ () C:\Program Files\TOSHIBA\ConfigFree\CFShlExt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Atheros AR5007EG Wireless Network Adapter
Description: Atheros AR5007EG Wireless Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: AR5416
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2014 08:05:08 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/29/2014 08:01:45 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/29/2014 04:47:44 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/29/2014 04:45:30 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/28/2014 09:50:26 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 11:26:11 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 11:22:21 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:56:25 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:47:37 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

Error: (08/27/2014 05:16:53 AM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 50x80070715Search.MapPI

System errors:
=============
Error: (08/29/2014 08:19:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (08/29/2014 08:19:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Management service terminated with the following error:
%%126

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Atom CPU N270 @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 1013.88 MB
Available physical RAM: 489.52 MB
Total Pagefile: 2445.1 MB
Available Pagefile: 1579.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:85.41 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 5417C78F)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

alison2011 · August 29, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014
Ran by Heather at 2014-08-29 13:03:18 Run:5
Running from C:\Documents and Settings\Heather\desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...8140&type=horus
SearchScopes: HKCU - {6465B39C-2FA5-46DD-9E82-E632AF7DCDB7} URL = http://search.avg.co...}&iy=b&ychte=us
SearchScopes: HKCU - {89196B53-83FE-4A05-B900-2557610C5DA6} URL = http://de.search.yah...8140&type=horus
SearchScopes: HKCU - {9FFCCE37-2FE7-4240-B306-B7B498BBE9B8} URL = http://search.live.c...rc=IE-SearchBox
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://messenger.zon...nt.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-19] (Oracle Corporation) [File not signed]
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\wupdmgr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe" => Key not found.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6465B39C-2FA5-46DD-9E82-E632AF7DCDB7}" => Key not found.
"HKCR\CLSID\{6465B39C-2FA5-46DD-9E82-E632AF7DCDB7}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{89196B53-83FE-4A05-B900-2557610C5DA6}" => Key not found.
"HKCR\CLSID\{89196B53-83FE-4A05-B900-2557610C5DA6}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}" => Key not found.
"HKCR\CLSID\{8A244612-A1F7-11E0-95C0-E71F4824019B}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9FFCCE37-2FE7-4240-B306-B7B498BBE9B8}" => Key not found.

alison2011 · August 29, 2014

i used the internet to go to approved foods site and all the stuff u fixed came back so sorry i have my windows 7 toshiba nb200 now so will use that for the internet and this one just to come here on the internet

malware removal help advised to come here by root admin Ron

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information