Jump to content

Need help removing a rootkit.


Recommended Posts

I have a laptop here that has Avast free on it, and it keeps finding a rootkit, even though it keeps saying it deletes it.  After each boot time scan, the rootkit shows up again.  I have run RogueKiller because I saw a post on here that recommends it, and sure enough it seems to have found more infection.  However, I am not quite sure how to remove it.  Is someone able to help me disinfect this machine?  I'd be very grateful.

 

Thanks in advance, and if I posted this in the wrong area, I apologize.

 

NewGuy

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Here's the MBAM .txt log.  Off to do the rest.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/10/2014
Scan Time: 4:49:02 PM
Logfile: MBAM LOG.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.03.05
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Morag

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 284737
Time Elapsed: 14 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

FRST Log (Addition to follow)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by Morag (administrator) on MORAG-PC on 03-10-2014 17:16:04
Running from F:\
Loaded Profile: Morag (Available profiles: Morag)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4911104 2008-01-29] (Realtek Semiconductor)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [342312 2009-04-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-29] (AVAST Software)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: {3d50cbb4-0f2a-11df-ba91-001e338a0bba} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3706797550-2617553011-2250622441-1003\...\MountPoints2: {9c52cd81-1aee-11de-9309-001e338a0bba} - F:\Hilton_SuitesMarkham.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPEE20281B-8C16-4189-A94B-2802108FE71C&q={searchTerms}&SSPV=SE1CG1_sp_ie
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=EC36099001CBB67E00567E83&install_time=2011-01-17T19:44:14Z&src_id=11617&camp_id=1865&tb_version=2.5.15000.521
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {F492F68F-652D-46D4-A957-9E3E31873D74} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYCA&apn_uid=208082FE-BC8B-49A0-BF1B-0F4799B1CC6E&apn_sauid=D22F7E77-A46E-46FC-A6F2-365C8BA1CF7D
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name -> {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {15B782AF-55D8-11D1-B477-006097098764} https://lms.hilton.com/courses/authorwareplayer/awswaxd.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/CA/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19]
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29]

Chrome:
=======
CHR CustomProfile: C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-13]
CHR Extension: (Google Drive) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-13]
CHR Extension: (Google Search) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-13]
CHR Extension: (avast! Online Security) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-29]
CHR Extension: (Google Wallet) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-13]
CHR Extension: (Gmail) - C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-13]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-26] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-29] (AVAST Software)
S4 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [937984 2007-10-30] (Atheros Communications, Inc.) [File not signed]
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S4 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-08-21] (IBM Corp.)
S4 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S4 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-09-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-09-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-09-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-09-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-09-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-09-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-09-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-09-29] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys [433240 2014-09-25] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251928 2014-08-21] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [206520 2014-08-21] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332792 2014-08-21] (IBM Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 17:15 - 2014-10-03 17:16 - 00000000 ____D () C:\FRST
2014-10-03 13:15 - 2014-10-03 13:16 - 04893784 _____ () C:\Users\Morag\Desktop\RogueKiller.exe
2014-10-03 12:50 - 2014-10-03 13:17 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-03 12:50 - 2014-10-03 12:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-30 14:00 - 2014-09-30 14:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-30 13:45 - 2014-09-30 13:44 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-30 13:44 - 2014-09-30 13:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-30 13:44 - 2014-09-30 13:44 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-30 13:44 - 2014-09-30 13:44 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-30 13:44 - 2014-09-30 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-29 15:10 - 2014-10-03 16:42 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-29 15:10 - 2014-09-29 15:10 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-29 15:10 - 2014-09-29 15:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-29 15:10 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-29 15:10 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-29 15:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 15:09 - 2014-09-29 15:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Morag\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-29 15:06 - 2014-09-29 15:06 - 00000000 ____D () C:\Users\Morag\AppData\Roaming\AVAST Software
2014-09-29 15:05 - 2014-09-29 15:05 - 00001884 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-29 15:05 - 2014-09-29 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-29 15:04 - 2014-09-29 15:05 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-29 15:04 - 2014-09-29 15:04 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-29 15:04 - 2014-09-29 15:04 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-29 15:04 - 2014-09-29 15:04 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-29 15:03 - 2014-09-29 15:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-29 15:00 - 2014-09-29 15:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-29 15:00 - 2014-09-29 15:00 - 04862664 _____ (AVAST Software) C:\Users\Morag\Downloads\avast_free_antivirus_setup_online.exe
2014-09-25 22:01 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-25 22:01 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-25 22:01 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-25 22:00 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-25 21:59 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-25 21:59 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-25 21:59 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-25 21:59 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-25 21:59 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-25 21:59 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-25 21:59 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-25 21:59 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-25 21:59 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-25 21:59 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-25 21:59 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-25 21:59 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-25 21:59 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-25 21:59 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-25 21:48 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 21:46 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-25 21:46 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-25 21:04 - 2014-09-25 21:04 - 00000561 _____ () C:\Users\Morag\Desktop\mssstool32.exe - Shortcut.lnk
2014-09-25 21:03 - 2014-09-25 21:03 - 00913400 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool32.exe
2014-09-25 10:13 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-25 10:12 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-25 10:12 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-25 10:12 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-25 10:12 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-25 10:12 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-25 10:12 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-25 09:03 - 2014-09-25 09:03 - 00000000 ____D () C:\Users\Morag\Desktop\usb
2014-09-25 08:38 - 2014-09-25 08:38 - 00913408 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool64 (1).exe
2014-09-23 21:53 - 2014-09-23 21:53 - 00913408 _____ (Microsoft Corporation) C:\Users\Morag\Downloads\mssstool64.exe
2014-09-23 17:36 - 2014-09-23 17:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 16:41 - 2009-01-20 13:26 - 01247369 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 16:38 - 2012-04-12 17:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 16:38 - 2010-02-07 10:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 16:38 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 16:38 - 2006-11-02 08:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 12:51 - 2006-11-02 06:33 - 00848396 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 12:49 - 2006-11-02 08:52 - 00071702 _____ () C:\Windows\setupact.log
2014-10-03 11:59 - 2010-02-07 10:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 11:56 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 09:42 - 2006-11-02 09:01 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-02 12:07 - 2011-11-08 21:43 - 00000000 ____D () C:\Users\Morag\Documents\Resume
2014-09-30 13:45 - 2008-02-11 21:00 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-30 13:44 - 2008-02-11 21:00 - 00000000 ____D () C:\Program Files\Java
2014-09-29 15:09 - 2009-01-19 22:28 - 00000918 _____ () C:\Users\Morag\Desktop\Launch Internet Explorer Browser.lnk
2014-09-29 15:02 - 2014-04-30 15:59 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-29 14:40 - 2012-05-01 10:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-26 10:27 - 2012-04-12 17:20 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 10:27 - 2012-04-12 17:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-26 10:26 - 2014-03-12 14:25 - 17323696 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-26 10:25 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-26 10:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-26 09:56 - 2006-11-02 08:47 - 00397600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-26 09:51 - 2008-01-20 22:47 - 00156412 _____ () C:\Windows\PFRO.log
2014-09-25 22:04 - 2008-02-11 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-25 21:42 - 2013-12-26 11:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-25 13:34 - 2014-03-13 13:18 - 00001982 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 09:33 - 2013-12-26 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-25 03:58 - 2011-01-09 21:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-25 03:53 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-25 03:12 - 2011-01-09 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-15 09:06 - 2009-10-07 21:14 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Morag\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-03 12:01

==================== End Of Log ============================

Link to post
Share on other sites

Addition scan

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-10-2014
Ran by Morag at 2014-10-03 17:17:32
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
123di Version 5.0 (HKLM\...\123di Version 5.0 5.0) (Version: 5.0 - Name of your company)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{AFA20D47-69C3-4030-8DF8-D37466E70F13}) (Version: 2.4.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{63427619-C918-6F3C-7318-11DDA4975241}) (Version: 3.0.634.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
C4580 (Version: 120.0.209.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (HKLM\...\{D58A1E94-9EEA-4C6E-B9FB-D7C63DC6C941}) (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0815.2326.40058 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Czech (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Danish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Dutch (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help English (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Finnish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help French (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help German (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Greek (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Italian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Japanese (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Korean (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Polish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Russian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Spanish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Swedish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Thai (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Turkish (Version: 2007.0815.2325.40058 - ATI) Hidden
ccc-core-static (Version: 2007.0815.2326.40058 - ATI) Hidden
ccc-utility (Version: 2007.0815.2326.40058 - ATI) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.01 - TOSHIBA)
Copy (Version: 120.0.194.000 - Hewlett-Packard) Hidden
D2400 (Version: 82.0.201.000 - Hewlett-Packard) Hidden
D2400_Help (Version: 82.0.201.000 - Hewlett-Packard) Hidden
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
dj_sf_ProductContext (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software (Version: 82.0.201.000 - Hewlett-Packard) Hidden
dj_sf_software_req (Version: 82.0.201.000 - Hewlett-Packard) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
GearDrvs (Version: 1 - Symantec Corporation) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 8.0 Software (HKLM\...\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}) (Version: 8.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4 (HKLM\...\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}) (Version: 12.0 - HP)
HPPhotoGadget (Version: 120.0.150.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}) (Version: 8.1.1.10 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton 360 (Version: 1.2.0.10 - Symantec Corporation) Hidden
OnlinePlay 1.0 (HKLM\...\OnlinePlay) (Version: 1.0 - AOL LLC)
PS_AIO_04_C4580_Software_Min (Version: 120.0.209.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Rapport (Version: 3.5.1403.78 - Trusteer) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Skins (Version: 2007.0815.2326.40058 - ATI) Hidden
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.05 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}) (Version: 7.1.27 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.1a - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.20.10 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.05 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.03 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.14 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.14 - TOSHIBA Corporation) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1403.78 - Trusteer)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3706797550-2617553011-2250622441-1003_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\Morag\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3706797550-2617553011-2250622441-1003_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\Morag\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x86\hpqgps01.dll (TODO: <Company name>)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C7930EF-BC7C-4B9F-8B56-A1EE3BD8AFFD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Morag => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {6E808EFF-95D7-4B63-944E-A2414EDC64C1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {7D6B56BA-E31F-40CA-807C-23E1A6456A88} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {8B8ADFA5-1687-4E75-8BE0-1E618B5CADC6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {A18FB878-4969-4FE1-975A-899DD9C77C11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-29] (AVAST Software)
Task: {C28D331F-0DE6-40BF-BD48-5FAC9EA7A713} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-07] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EBE92C6A-CC73-4C80-89CD-39E8967D6992} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-29 15:04 - 2014-09-29 15:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 06:34 - 2014-10-03 06:34 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2008-02-11 20:43 - 2007-07-27 10:26 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-03-02 11:44 - 2007-03-02 11:44 - 00073728 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2014-09-29 15:04 - 2014-09-29 15:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-12-12 13:46 - 2007-12-12 13:46 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: ConfigFree Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: LiveUpdate Notice Service => 2
MSCONFIG\Services: TNaviSrv => 2
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TosCoSrv => 2
MSCONFIG\Services: TOSHIBA SMART Log Service => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Symantec PIF AlertEng => "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
MSCONFIG\startupreg: TOSCDSPD => TOSCDSPD.EXE
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3706797550-2617553011-2250622441-500 - Administrator - Disabled)
Guest (S-1-5-21-3706797550-2617553011-2250622441-501 - Limited - Disabled)
Morag (S-1-5-21-3706797550-2617553011-2250622441-1003 - Administrator - Enabled) => C:\Users\Morag

==================== Faulty Device Manager Devices =============

Name: HP Photosmart C4500
Description: HP Photosmart C4500
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: F:\
Description: v165w           
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: hp      
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2014 11:57:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2014 02:07:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x80042306).

Error: (10/03/2014 02:07:16 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000130,0x0053c008,008B0FC8,0,006BA948,4096,[0]).  hr = 0x8007045d.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (10/03/2014 02:06:55 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B0FC8,0,006BA948,4096,[0]).  hr = 0x8007045d.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (10/03/2014 02:06:33 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B0FC8,0,006BA948,4096,[0]).  hr = 0x8007045d.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (10/03/2014 02:06:12 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B07C8,0,006BA948,4096,[0]).  hr = 0x8007045d.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (10/03/2014 02:05:50 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{36042fb6-e715-11dd-bbb0-806e6f6e6963} - 00000150,0x0053c008,008B07C8,0,006BA948,4096,[0]).  hr = 0x8007045d.


Operation:
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (10/02/2014 02:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2014 11:29:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/01/2014 09:47:42 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (10/03/2014 01:18:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000SysMain

Error: (10/03/2014 01:18:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks

Error: (10/03/2014 01:17:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000TrkWks

Error: (10/03/2014 11:58:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/03/2014 02:07:16 AM) (Source: volsnap) (EventID: 28) (User: )
Description: The shadow copy of volume C: could not be created due to a failure in creating the necessary on disk structures.

Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (10/03/2014 02:07:16 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (12/23/2010 00:34:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/04/2009 09:01:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/04/2009 09:01:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 565 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/13/2009 05:00:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 622 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 01:06:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 01:05:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 01:05:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2396 seconds with 1620 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 10:21:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 10:21:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 166 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (04/12/2009 09:54:46 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-03 17:17:20.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:19.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:18.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:18.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:16.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:16.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:15.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:17:14.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:16:41.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-03 17:16:41.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\RapportKELL.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon 64 X2 Dual-Core Processor TK-57
Percentage of memory in use: 57%
Total physical RAM: 1916.89 MB
Available physical RAM: 816.01 MB
Total Pagefile: 4082.95 MB
Available Pagefile: 2753.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.69 MB

==================== Drives ================================

Drive c: (S3A6555D004) (Fixed) (Total:135.96 GB) (Free:86.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:5.98 GB) (Free:1.66 GB) NTFS
Drive f: () (Removable) (Total:29.08 GB) (Free:26.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 11647005)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=136 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5.6 GB) - (Type=17)

========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 0007AB22)
Partition 1: (Active) - (Size=29.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Rogue Killer report.....

 

RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Morag [Admin rights]
Mode : Scan -- Date : 10/03/2014  17:40:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 64.71.255.204 64.71.255.198  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{178EEBBF-CFD4-4F18-94F2-E2D18F2CB8CB} | DhcpNameServer : 64.71.255.198  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{284B0BE1-ABC8-4EEF-AC16-FF2E75A716CA} | DhcpNameServer : 64.71.255.204 64.71.255.198  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{178EEBBF-CFD4-4F18-94F2-E2D18F2CB8CB} | DhcpNameServer : 64.71.255.198  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{284B0BE1-ABC8-4EEF-AC16-FF2E75A716CA} | DhcpNameServer : 64.71.255.204 64.71.255.198  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3706797550-2617553011-2250622441-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 117 (Driver: LOADED) ¤¤¤
[sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys @ 0x8fb5e0d0
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000066 (\SystemRoot\system32\drivers\NETIO.SYS)
[EAT:Addr] (explorer.exe) MSImg32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x751d152c
[EAT:Addr] (explorer.exe) MSImg32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x751dc80a
[EAT:Addr] (explorer.exe) MSImg32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x751cdd2c
[EAT:Addr] (explorer.exe) MSImg32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x751d7041
[EAT:Addr] (explorer.exe) MSImg32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x751dc9a7
[EAT:Addr] (explorer.exe) MSImg32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x751d1135
[EAT:Addr] (explorer.exe) MSImg32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x751d7131
[EAT:Addr] (explorer.exe) MSImg32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x751d118c
[EAT:Addr] (explorer.exe) MSImg32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x751c7339
[EAT:Addr] (explorer.exe) MSImg32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x751c5197
[EAT:Addr] (explorer.exe) MSImg32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x751dc83a
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x751db7e8
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x751dc776
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x751dc7b9
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x751db81e
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x751db9c1
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x751dc6e7
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x751d0020
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x751d0096
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x751d78fd
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x751dc7c9
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x751d7908
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x751d7913
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x751d791e
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x751dc735
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x751c630f
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x751db639
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x751ca5b1
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x751c9f93
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x751cb046
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x751c3258
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x751db5b0
[EAT:Addr] (explorer.exe) MSImg32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x751d84e4
[EAT:Addr] (explorer.exe) MSImg32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x751c3ef8
[EAT:Addr] (explorer.exe) MSImg32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x751c657d
[EAT:Addr] (explorer.exe) MSImg32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x751c76f9
[EAT:Addr] (explorer.exe) MSImg32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x751dc646
[EAT:Addr] (explorer.exe) MSImg32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x751dca90
[EAT:Addr] (explorer.exe) MSImg32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x751dc30f
[EAT:Addr] (explorer.exe) MSImg32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x751c6da8
[EAT:Addr] (explorer.exe) MSImg32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x751dc19d
[EAT:Addr] (explorer.exe) MSImg32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x751cdc66
[EAT:Addr] (explorer.exe) MSImg32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x751dc06b
[EAT:Addr] (explorer.exe) MSImg32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751d1cb5
[EAT:Addr] (explorer.exe) MSImg32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x751dcb05
[EAT:Addr] (explorer.exe) MSImg32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x751d705d
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x751dc527
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x751c7083
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x751d2d45
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x751dbe6f
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x751cce28
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x751dc5ba
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751c7135
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x751c2d8e
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x751c540a
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x751dbfbb
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x751dbd35
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x751dbbe9
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x751dc3ca
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x751d232c
[EAT:Addr] (explorer.exe) MSImg32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x751cc94f
[EAT:Addr] (explorer.exe) MSImg32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x751cf459
[EAT:Addr] (explorer.exe) MSImg32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x751db6c3
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x751dcbea
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x751c2c3b
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x751dce45
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x751cfaf7
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x751dcd46
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x751dccd2
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x751dcc5e
[EAT:Addr] (explorer.exe) MSImg32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x751db82e
[EAT:Addr] (explorer.exe) MSImg32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x751dc933
[EAT:Addr] (explorer.exe) MSImg32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x751db8be
[EAT:Addr] (explorer.exe) MSImg32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x751ce373
[EAT:Addr] (explorer.exe) MSImg32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x751c3de5
[EAT:Addr] (explorer.exe) MSImg32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x751dba7f
[EAT:Addr] (explorer.exe) MSImg32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x751db56c
[EAT:Addr] (explorer.exe) MSImg32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x751d121d
[EAT:Addr] (explorer.exe) MSImg32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x751dcdbc
[EAT:Addr] (explorer.exe) MSImg32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x751d3861
[EAT:Addr] (explorer.exe) MSImg32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x751db710
[EAT:Addr] (explorer.exe) MSImg32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x751db75e
[EAT:Addr] (explorer.exe) MSImg32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x751dc8b0
[EAT:Addr] (explorer.exe) MSImg32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x751dca1c
[EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751c7ba3
[EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x751dc149
[EAT:Addr] (explorer.exe) MSImg32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751c7d5d
[EAT:Addr] (explorer.exe) MSImg32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x751dc21a
[EAT:Addr] (explorer.exe) MSImg32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751d0dee
[EAT:Addr] (explorer.exe) MSImg32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x751dcb82
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x751d2c09
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x751dbf0a
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x751dbb47
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x751d2149
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x751ccebb
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x751d3188
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x751c5a70
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x751dc45d
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x751c55f8
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751d1284
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x751c5305
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x751ce857
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x751dbdc9
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x751dbc84
[EAT:Addr] (explorer.exe) MSImg32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x751c4c48
[EAT:Addr] (explorer.exe) MSImg32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x751db93f
[EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x751dc171
[EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x751dc149
[EAT:Addr] (explorer.exe) MSImg32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x751dc2e3
[EAT:Addr] (explorer.exe) MSImg32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x751db83a
[EAT:Addr] (explorer.exe) MSImg32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x751db84a
[EAT:Addr] (explorer.exe) MSImg32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x751db85a
[EAT:Addr] (explorer.exe) MSImg32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x751db86a
[EAT:Addr] (explorer.exe) MSImg32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x751dcd78
[EAT:Addr] (explorer.exe) MSImg32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x751db7ac

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] eb10963c1068a3fd05c05d2592bbc153
[bSP] 55f4a8051d76fff8df8b38c3dbbec0bb : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 139222 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 288200704 | Size: 6124 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 300742656 | Size: 5780 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: hp v165w USB Device +++++
--- User ---
[MBR] ef26607f6cedcb4db5fe7f0b339e8ead
[bSP] 60cc13eef2a40af9423be6e65d4a3604 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29774 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_10032014_132856.log - RKreport_SCN_10032014_132802.log - RKreport_SCN_10032014_133704.log

Link to post
Share on other sites

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • [color-red]Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    =====================================

    Make sure you have created that system restore point before you continue!

    Please read the directions carefully so you don't end up deleting something that is good!!

    If in doubt about an entry....please ask or choose Skip!!!!

    Don't Delete anything unless instructed to!

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    If a suspicious object is detected, the default action will be Skip, click on Continue

    Please note that TDSSKiller can be run in safe mode if needed.

    Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

      tds2.jpg

    • Put a checkmark beside loaded modules.

      13040712472913819.png

    • A reboot will be needed to apply the changes. Do it.
    • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
    • Then click on Change parameters in TDSSKiller.
    • Check all boxes then click OK.

      clip.jpg

    • Click the Start Scan button.

      tds2.jpg

    • The scan should take no longer than 2 minutes.
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      tdsskiller_guide_5.gif

      Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

      If in doubt about an entry....please ask or choose Skip

    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

      tdsskiller_guide_3.gif

      Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
    • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    Here's a summary of what to do if you would like to print it out:

    If in doubt about an entry....please ask or choose Skip

    Don't Delete anything unless instructed to!

    If a suspicious object is detected, the default action will be Skip, click on Continue

    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    ~~~~~~~~~~~~~~~~~~~~

    You can attach the logs if they're too long:

    Bottom right corner of this page.

    reply1.jpg

    New window that comes up.

    replyer1.jpg

    Then...........

    Please download and run ComboFix.

    The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

    Please visit this webpage for download links, and instructions for running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

    Please make sure you click download buttons that look similar to this, not "sponsored ad links":

    bleep-crop.jpg

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Information on disabling your malware programs can be found Here.

    Make sure you run ComboFix from your desktop.

    Give it at least 30-45 minutes to finish if needed.

    Please include the C:\ComboFix.txt in your next reply for further review.

    ---------->NOTE<----------

    If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

    MrC

Link to post
Share on other sites

Thanks for the help, I'll get started here shortly.  Just wanted you to know that there are no restore points, and I was unable to create one.  I get error "The Restore point could not be created for the following reason:  The shadow copy provider had an error.  Please see the system and application event logs for more information.  (0x80042306)  Please try again

Link to post
Share on other sites

RKill log....

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/04/2014 11:24:29 AM in x86 mode.
Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 10/04/2014 11:29:03 AM
Execution time: 0 hours(s), 4 minute(s), and 34 seconds(s)
 

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked: (check all the boxes)
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
MrC
Link to post
Share on other sites

Farbar Service Scanner Version: 21-07-2014
Ran by Morag (administrator) on 04-10-2014 at 11:55:43
Running from "C:\Users\Morag\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Looks pretty good so far.......

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next.........

Please run a Threat Scan (Malwarebytes)

Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine All that's found

MrC

Link to post
Share on other sites

ADW Log.  I'm pretty sure all of this can go, but just wanted to make sure.....  Thanks!

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 16:02:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Morag - MORAG-PC
# Running from : F:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Morag\daemonprocess.txt
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Morag\AppData\Local\Mobogenie
Folder Found : C:\Users\Morag\Documents\Optimizer Pro

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\alot
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16575


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Morag\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Link to post
Share on other sites

JRT Log.....  (Running MBAM NOW) do I check off look for rootkits?)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.8 (10.04.2014:1)
OS: Windows Vista Home Premium x86
Ran by Morag on 04/10/2014 at 17:59:29.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F492F68F-652D-46D4-A957-9E3E31873D74}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Morag\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Program Files\alot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/10/2014 at 18:08:33.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

I forgot to mention this before:

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Please permanently disable Windows Defender, you have AVAST running and having two anti-virus programs running on a system only causes poor performance, conflicts and spotty protection.

How to Disable Defender

Dangers of running 2 anti-virus programs

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.