Dept of Justice virus Ransomware Money Pak scam

moonshadow · November 18, 2014

Sure, I understand that part no problem. As long as HD goes last, which it is in Default mode, and you're not using more than one drive, default should be OK for the most part. That is, we were using either USB or CD at any one time but never simultaneously and since HD always goes last, we should be OK in default.

But I thought we were going through some procedures where we DON'T want HD to kick in so there were times when I selected just one of the drives. Presumably, by selecting only one drive (CD or USB), that will prevent HD form turning on. Otherwise, there's doesn't seem to be a reason for being told to reset the bios. Was that the wrong thing to do?

For instance on the last procedure, we wanted the software downloaded to the stick to work on its own and see its results. I didn't think we wanted Windows to interrupt the process in any way so I just selected USB alone to prevent the HD form starting up at some inopportune time (say, right after the diagnosis was done).

Same line of logic for when we worked off the CD previously. Was it Ok for HD to run or should it have been limited to just CD.

For the XP Repair disc, are we ok in default? The default order is Diskette Drive, USB, CD/DVD, Internal HDD. Again, since we're not using the USB simultaneously with the CD and IF we're OK that the HDD is free to run, there should be no concern for the resetting the bios right?

Before we start this though, in your opinion, could there be other alternatives that could be explored by another MBAM expert? If so, would it possible to transfer this case along with this background thread? Or is it better to try the XP repair now? How will it affect my system? Even if I don't lose any data, will I have to reset my apps again for instance?

No offense intended as you've been very patient and we've explored many avenues with an extremely uncooperative computer. I truly thank you for that.

moonshadow · November 19, 2014

Oops, just saw your instruction: "So for the repair/install to happen the CD option must be first in Boot order"

Since there's nothing in the USB, the CD will boot before the HDD by default. I don't need to manually rearrange the sequence and put CD at the top of the boot order, yes? I think is semantics.

moonshadow · November 19, 2014

Kevin: Would you mind referring this case to Mr.Charlie? I'd like to get his thoughts.

Thank you,

moonshadow

kevinf80 · November 19, 2014

Yes you`re correct, if the boot order is as you list the CD will take priority over anything following as long as there is a bootable CD in the tray...

Also yes regarding Mr.C, i`ve sent a PM....

Kevin....

moonshadow · November 21, 2014

Ran MBAM and quarantined 2 PUP.Optional.Spigot.A (file and folder). I'm unfamiliar with this version of MBAM Premium 2.0.3.1025 and cannot find the log to copy and send to you. On the Scan page, clicked on View Detailed Log and only saw a Scanning History Log summary in table format. Where do I find the log?

kevinf80 · November 21, 2014

MBAM scan logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 8: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Protection Logs are saved to:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd
-- Vista, Windows 7, 8: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Thanks,

Kevin...

kevinf80 · November 23, 2014

Any progress?

moonshadow · November 24, 2014

FYI, recently upon going to MBAM Forum website, keep getting certificate error message. Recommends closing this website but chose option to continue to website (not recommended).

Upon clicking on MBAM scan logs and protection logs get message showing:

"IE restricted this website from running scripts or ActiveX controls that could access your computer. Click here for options." I skipped this part.

Logs appear under All Users, not my username (sshiigi). I've never seen logs in color before.

MBAM Scan Log:

<?xml version="1.0" encoding="UTF-16" ?>

- <mbam-log>

- <header>

</header>

- <engine>

<malware-database>v2014.11.21.05</malware-database>

<rootkit-database>v2014.11.18.01</rootkit-database>

<license>premium</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

- <system>

<osversion>Windows XP Service Pack 3</osversion>

<username>sshiigi</username>

</system>

- <summary>

<type>threat</type>

<result>completed</result>

</summary>

- <options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

- <items>

- <folder>

<path>C:\Documents and Settings\All Users\Application Data\Search Protection</path>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>success</action>

</folder>

- <file>

<path>C:\Documents and Settings\All Users\Application Data\Search Protection\uninstall.exe</path>

<vendor>PUP.Optional.Spigot.A</vendor>

<action>success</action>

</file>

</items>

</mbam-log>

======================

MBAM Protection Log:

<?xml version="1.0" encoding="UTF-8" ?>

- <logs>

</logs>

I WILL RUN FARBAR NOW.

moonshadow · November 24, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by sshiigi (administrator) on DFB69GJ1 on 23-11-2014 15:20:13
Running from C:\Documents and Settings\sshiigi\Desktop
Loaded Profile: sshiigi (Available profiles: sshiigi & Kazuyo & Jason & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(IDT, Inc.) C:\drivers\audio\R205445\stacsv.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
(Dell, Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Smith Micro Software, Inc.) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Memeo) C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Memeo Inc.) C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(Axentra Corporation) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [200704 2008-10-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-01] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [471040 2008-12-01] (Andrea Electronics Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [WavXMgr] => C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [105472 2008-05-14] (Wave Systems Corp.)
HKLM\...\Run: [secureUpgrade] => C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [243000 2008-06-24] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] => C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [79160 2008-06-24] (Wave Systems Corp.)
HKLM\...\Run: [DellControlPoint] => C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [598016 2008-08-18] (Dell, Inc.)
HKLM\...\Run: [DCPstrApp] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe [6656 2008-08-04] (Broadcom Corporation)
HKLM\...\Run: [DellConnectionManager] => C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1454080 2008-10-01] (Smith Micro Software, Inc.)
HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1351680 2008-07-10] (Intel® Corporation)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1191936 2008-07-10] (Intel® Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2009-03-07] (Apple Computer, Inc.)
HKLM\...\Run: [iMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [iMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [44032 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [brStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-12-10] (Memeo Inc.)
HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [73728 2011-11-03] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [7670592 2014-10-15] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-796845957-1383384898-839522115-4640\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-06] (Google Inc.)
HKU\S-1-5-18\...\Policies\Explorer: [NoSetActiveDesktop] 0
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\sshiigi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {661963C1-99A1-44e7-A671-1CF3768AE9D4} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-796845957-1383384898-839522115-4640\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-796845957-1383384898-839522115-4640\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-796845957-1383384898-839522115-4640\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40CE66590286CF01
HKU\S-1-5-21-796845957-1383384898-839522115-4640\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,ja-JP;q=0.5
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [s-1-5-21-796845957-1383384898-839522115-4640] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKU\S-1-5-21-796845957-1383384898-839522115-4640 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1383384898-839522115-4640\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-796845957-1383384898-839522115-4640 -> {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKU\S-1-5-21-796845957-1383384898-839522115-4640 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1383384898-839522115-4640 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1383384898-839522115-4640 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-796845957-1383384898-839522115-4640 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://monitor.bbirdmsp.com/inc/kaxRemote.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-15]
FF Extension: IE Tab - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-03-14]
FF Extension: Ad-Aware Security Toolbar - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-28]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-21]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 6.5) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-06]
CHR Extension: (Google Wallet) - C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-04-19] (Intel Corporation)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [406808 2008-09-04] (Dell Inc.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [808296 2008-11-11] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [20840 2008-11-11] (Broadcom Corporation)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [451872 2008-11-11] (Dell Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-07-10] (Intel® Corporation) [File not signed]
S2 gupdate1c99ecddb6280e6; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [656376 2014-10-15] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-12-10] (Memeo)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-07-10] (Intel® Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [901120 2008-07-10] (Intel® Corporation) [File not signed]
R2 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [8704 2011-11-03] (Memeo) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [638976 2008-04-25] (Wave Systems Corp.) [File not signed]
R2 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [90112 2008-10-01] (Smith Micro Software, Inc.) [File not signed]
R2 STacSV; c:\drivers\audio\r205445\stacsv.exe [241746 2008-12-01] (IDT, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1249280 2008-03-10] () [File not signed]
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [786432 2008-06-12] (Wave Systems Corp.) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [352256 2008-07-10] (Intel® Corporation) [File not signed]
S2 HitmanPro37CrusaderBoot; "G:\HitmanPro.exe" /crusader:boot [X]
S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112128 2008-12-01] (Andrea Electronics Corporation)
S3 AsfAlrt; C:\WINDOWS\system32\Drivers\AsfAlrt.sys [42832 2007-04-19] (Intel Corporation)
R3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534440 2008-08-18] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-08-18] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991016 2008-08-18] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2008-08-18] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-08-18] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-08-18] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CCIDFILTER; C:\WINDOWS\System32\DRIVERS\ccidflt.sys [12840 2008-11-11] (Broadcom Corporation)
R3 cvusbdrv; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [32808 2008-11-11] (Broadcom Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [244368 2008-06-30] (Intel Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2008-04-14] (Microsoft Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-04-30] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-07-06] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-07-06] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-07-06] (HP)
R3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42264 2013-05-22] (Logitech, Inc.)
R3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [10136 2013-05-22] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-23] (Malwarebytes Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [30816 2008-02-20] (Intel Corporation )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-08-06] (Intel Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [281472 2010-01-28] (Creative Technology Ltd.)
R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [11904 2008-04-18] (Intel Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2009-05-26] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-05-26] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2009-08-09] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1392819 2008-12-01] (IDT, Inc.)
U3 TrueSight; C:\WINDOWS\system32\TrueSight.sys [26624 2014-03-14] () [File not signed]
S3 Trufos; C:\WINDOWS\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [172344 2008-06-24] (Wave Systems Corp.)
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 15:20 - 2014-11-23 15:21 - 00033571 _____ () C:\Documents and Settings\sshiigi\Desktop\FRST.txt
2014-11-23 15:19 - 2014-11-23 15:20 - 00000000 ____D () C:\FRST
2014-11-23 15:17 - 2014-11-23 15:18 - 01110016 _____ (Farbar) C:\Documents and Settings\sshiigi\Desktop\FRST.exe
2014-11-14 07:11 - 2014-11-14 07:11 - 00000000 ____D () C:\WINDOWS\Microsoft Antimalware
2014-11-12 01:40 - 2014-11-13 05:51 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-11-07 21:10 - 2014-11-07 21:10 - 00005214 _____ () C:\HitmanPro_20141107_2108.log
2014-11-07 20:01 - 2014-11-07 21:16 - 00001612 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-11-07 20:01 - 2014-11-07 20:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-11-07 19:59 - 2014-11-07 21:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-07 19:06 - 2014-11-07 19:06 - 00001926 _____ () C:\WINDOWS\system32\.crusader
2014-11-07 12:27 - 2014-11-07 12:27 - 00000000 ____D () C:\Documents and Settings\Kazuyo\Application Data\Apple Computer
2014-11-07 12:00 - 2014-11-07 12:00 - 00000000 ____D () C:\Documents and Settings\Jason\Application Data\Apple Computer
2014-11-04 10:44 - 2014-11-07 18:09 - 00000000 ___RD () C:\Documents and Settings\sshiigi\My Documents\Dropbox
2014-11-04 10:44 - 2014-11-04 10:44 - 00001004 _____ () C:\Documents and Settings\sshiigi\Desktop\Dropbox scHRR-kn4.lnk
2014-11-04 10:42 - 2014-11-04 10:42 - 00000000 ____D () C:\Program Files\Dropbox
2014-11-04 10:42 - 2014-11-04 10:42 - 00000000 ____D () C:\Documents and Settings\sshiigi\Start Menu\Programs\Dropbox
2014-11-04 10:41 - 2014-11-07 18:09 - 00000000 ____D () C:\Documents and Settings\sshiigi\Application Data\Dropbox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-23 15:21 - 2014-03-13 14:53 - 00000000 ____D () C:\Documents and Settings\sshiigi\Local Settings\Temp
2014-11-23 15:18 - 2010-03-05 23:33 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job
2014-11-23 15:07 - 2009-06-30 07:38 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 14:28 - 2011-02-22 00:02 - 00000336 _____ () C:\WINDOWS\BRCALIB.INI
2014-11-23 14:12 - 2008-04-24 23:22 - 00006938 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-23 14:08 - 2008-04-25 11:28 - 01778736 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-23 14:07 - 2014-10-15 07:07 - 00002030 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-11-23 14:07 - 2014-05-20 10:49 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 14:07 - 2009-03-06 16:42 - 00000000 _____ () C:\Documents and Settings\sshiigi\Local Settings\Application Data\WavXMapDrive.bat
2014-11-23 14:06 - 2009-02-27 15:15 - 00190150 _____ () C:\WINDOWS\system32\nvapps.xml
2014-11-23 14:06 - 2009-02-27 09:17 - 00140049 _____ () C:\WINDOWS\system32\nvModes.001
2014-11-23 14:06 - 2008-04-25 06:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-23 14:06 - 2008-04-24 23:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-11-23 14:05 - 2014-03-17 13:15 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-11-23 14:05 - 2009-06-30 07:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 14:05 - 2008-04-25 11:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-23 14:05 - 2008-04-24 23:25 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-23 14:04 - 2008-04-25 11:32 - 00032542 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-23 13:59 - 2009-02-27 09:17 - 00140049 _____ () C:\WINDOWS\system32\nvModes.dat
2014-11-23 13:29 - 2013-03-30 17:09 - 00276092 _____ () C:\WINDOWS\setupapi.log
2014-11-22 11:57 - 2009-03-08 00:14 - 00002521 _____ () C:\Documents and Settings\sshiigi\Desktop\Outlook 2003.lnk
2014-11-22 10:01 - 2010-12-27 23:21 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2296199$
2014-11-21 14:22 - 2009-03-08 14:52 - 00000000 ____D () C:\Documents and Settings\sshiigi\Local Settings\Application Data\CutePDF Writer
2014-11-21 14:20 - 2009-03-08 14:49 - 00000000 ____D () C:\Documents and Settings\sshiigi\My Documents\2Scott Home
2014-11-21 04:10 - 2010-02-21 20:10 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-11-15 11:59 - 2009-03-06 16:09 - 00000000 __SHD () C:\WINDOWS\CSC
2014-11-15 11:45 - 2013-10-16 06:38 - 00000000 ____D () C:\Documents and Settings\Jason\Local Settings\temp
2014-11-15 11:34 - 2009-03-11 19:51 - 00000000 ____C () C:\Documents and Settings\Jason\Local Settings\Application Data\WavXMapDrive.bat
2014-11-14 07:11 - 2009-03-11 19:51 - 00000000 ____D () C:\Documents and Settings\Jason
2014-11-14 07:11 - 2009-03-11 16:27 - 00000000 ____D () C:\Documents and Settings\Kazuyo
2014-11-14 07:11 - 2009-03-06 16:42 - 00000000 ____D () C:\Documents and Settings\sshiigi
2014-11-14 07:11 - 2009-03-06 16:24 - 00000000 ____D () C:\Documents and Settings\administrator.CBCI
2014-11-14 07:11 - 2009-03-06 15:54 - 00000000 ____D () C:\Documents and Settings\Scott
2014-11-14 07:11 - 2008-04-25 11:32 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-11-14 07:11 - 2008-04-25 11:32 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-11-14 07:11 - 2008-04-25 11:32 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-11-13 16:08 - 2013-11-21 06:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-13 15:59 - 2009-03-08 17:59 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-13 15:57 - 2010-08-14 05:52 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-11-11 15:55 - 2012-05-15 15:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
2014-11-11 15:53 - 2014-03-17 13:15 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-11-07 22:20 - 2008-04-25 11:26 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-07 19:06 - 2014-03-14 13:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-11-07 18:03 - 2009-03-06 16:42 - 00000278 ___SH () C:\Documents and Settings\sshiigi\ntuser.ini
2014-11-07 12:28 - 2013-10-16 06:38 - 00000000 ____D () C:\Documents and Settings\Kazuyo\Local Settings\temp
2014-11-07 12:28 - 2009-03-22 23:35 - 00000000 ____D () C:\Documents and Settings\Kazuyo\Tracing
2014-11-07 12:28 - 2009-03-11 16:27 - 00093408 _____ () C:\Documents and Settings\Kazuyo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-07 12:27 - 2013-05-15 00:39 - 00000000 ____D () C:\Documents and Settings\Kazuyo\Local Settings\Application Data\adawarebp
2014-11-07 12:27 - 2012-01-01 21:25 - 00001324 _____ () C:\Documents and Settings\Kazuyo\Local Settings\Application Data\d3d9caps.tmp
2014-11-07 12:27 - 2009-03-11 16:27 - 00000000 ____C () C:\Documents and Settings\Kazuyo\Local Settings\Application Data\WavXMapDrive.bat
2014-11-07 12:01 - 2009-03-11 19:51 - 00000278 ___SH () C:\Documents and Settings\Jason\ntuser.ini
2014-11-07 12:00 - 2013-09-19 19:28 - 00000000 ____D () C:\Documents and Settings\Jason\Local Settings\Application Data\adawarebp
2014-11-07 12:00 - 2009-03-11 19:51 - 00093408 _____ () C:\Documents and Settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-11-07 11:38 - 2008-04-25 11:27 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-11-04 13:55 - 2013-10-30 08:43 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-11-04 11:19 - 2009-03-08 03:12 - 00153600 _____ () C:\Documents and Settings\sshiigi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 21:29 - 2014-06-18 15:33 - 00000472 _____ () C:\Documents and Settings\sshiigi\Desktop\eBay MY yoko72 - kn4.url
2014-10-31 15:43 - 2010-11-02 23:39 - 00000000 ____D () C:\Documents and Settings\sshiigi\My Documents\5Tyler
2014-10-27 11:00 - 2013-04-30 13:08 - 00006396 _____ () C:\WINDOWS\wmsetup.log

Some content of TEMP:
====================
C:\Documents and Settings\sshiigi\Local Settings\Temp\5e468798-8a98-453d-9768-617ddbd7f51d.exe
C:\Documents and Settings\sshiigi\Local Settings\Temp\8v1dawuz.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbksw9o.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\foft6zyp.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\fw1g_zju.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\henusa-5.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\java-installer.exe
C:\Documents and Settings\sshiigi\Local Settings\Temp\n3t0azp3.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\niguungz.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\sshiigi\Local Settings\Temp\w6log5lc.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

ADDITIONAL

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2014
Ran by sshiigi at 2014-11-23 15:22:14
Running from C:\Documents and Settings\sshiigi\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Up to date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7300 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7300_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7300Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware Antivirus (HKLM\...\{8EEFB640-A25D-448E-9F84-3CADF173CAE4}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 3.9.0.23 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
All Day Battery Life Configuration (HKLM\...\{2220CF3A-EBD6-4070-94D0-0C7337B537A7}) (Version: 1.1.0 - Dell Inc.)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
AnswerWorks 5.0 English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 008.000.0003 - Vantage Linguistics)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
biolsp patch (Version: 01.00.02.0005 - Wave Systems Corp) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom USH Host Components (Version: 1.6.8.12 - Broadcom Corporation) Hidden
Brother MFL-Pro Suite MFC-9970CDW (HKLM\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Dell Control Point (Version: 1.2.4 - Broadcom Corporation) Hidden
Dell ControlPoint Connection Manager (HKLM\...\{4D523D94-C637-4C49-89FD-5B8FFB071D76}) (Version: 1.1.1 - Dell Inc.)
Dell ControlPoint Security Manager (HKLM\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.2.4 - Broadcom Corporation)
Dell ControlPoint System Manager (HKLM\...\{F74B95DF-A68C-4A99-98AA-E98698341F21}) (Version: 1.1.00000 - Dell Inc.)
Dell Embassy Trust Suite by Wave Systems (Version: 03.00.01.003 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.01.30 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.215 - Alps Electric)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.01.04 - Creative Technology Ltd)
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Document Manager Lite (Version: 06.07.00.104 - Your Company Name) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-796845957-1383384898-839522115-4640\...\Dropbox) (Version: 2.10.41 - Dropbox, Inc.)
EMBASSY Security Center (Version: 03.07.00.074 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 03.07.00.057 - Wave Systems Corp) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
ESC Home Page Plugin (Version: 03.02.00.028 - Wave Systems Corp) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Gemalto (Version: 01.00.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-796845957-1383384898-839522115-4640\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version: - HP)
HP Software Update (HKLM\...\{64FC0C98-B035-4530-B15D-3D30610B6DF1}) (Version: 3.0.2.991 - HEWLET~1|Hewlett-Packard)
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Integrated Webcam Driver (1.08.01.0129) (HKLM\...\Creative OA001) (Version: 1.08.01.0129 - Creative Technology Ltd.)
Intel® Network Connections 13.0.42.0 (HKLM\...\{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}) (Version: 13.0.42.0 - Dell)
Intel® PRO Alerting Agent (HKLM\...\{6EA8A52B-8EA1-4A59-85AB-48132299061A}) (Version: 12.0.3 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}) (Version: 12.00.4000 - Intel® Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
join.me (HKU\S-1-5-21-796845957-1383384898-839522115-4640\...\JoinMe) (Version: 1.3.1.426 - LogMeIn, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7876 - Memeo Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2742597) (HKLM\...\M2742597) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95120000-0122-0409-0000-0000000FF1CE}) (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.27 - NTRU Cryptosystems) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Pearson VUE Real Estate Broker CompuCram (HKLM\...\Pearson VUE Real Estate Broker CompuCram) (Version: - )
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Preboot Manager (Version: 2.4.0.244 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.02.00.053 - Your Company Name) Hidden
ProductContext (Version: 47.0.1.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quicken 2008 (HKLM\...\{3B0F52AC-EF5C-4831-B221-06C782E41280}) (Version: 17.1.4.11 - Intuit)
QuickTime (HKLM\...\QuickTime) (Version: - )
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (Version: - ) Hidden
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1548 - Memeo Inc.)
Secure Update (Version: 05.05.00.015 - Your Company Name) Hidden
Security Wizards (Version: 01.05.00.039 - Your Company Name) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.26.0.1004 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Trusted Drive Manager (Version: 2.4.0.276 - Wave Systems Corp.) Hidden
tsp patch (Version: 01.00.00.0000 - Wave Systems Corp) Hidden
TurboTax 2008 (HKLM\...\TurboTax 2008) (Version: - )
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax Home & Business 2007 (HKLM\...\TurboTax Home & Business 2007) (Version: - )
Type to Learn 4 (HKLM\...\Type to Learn 4) (Version: - )
U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 06.00.34.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.08.00.052 - Wave Systems Corp) Hidden
WD Diagnostics (HKLM\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.3208 - Dell)
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (HKLM\...\9D57DE505B6D8C710EF3B74BE638DBB936EED8A3) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - )
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{3032BC7D-E713-452D-AAF7-F5ED073226C8}) (Version: 6.1.7900.1 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\880\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\sshiigi\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-11-2014 21:39:20 System Checkpoint
07-11-2014 22:04:22 Software Distribution Service 3.0
08-11-2014 04:25:41 Checkpoint by HitmanPro
08-11-2014 05:05:59 Checkpoint by HitmanPro
12-11-2014 01:56:03 Software Distribution Service 3.0
14-11-2014 01:59:22 Software Distribution Service 3.0
15-11-2014 13:41:02 Software Distribution Service 3.0
15-11-2014 22:07:26 Software Distribution Service 3.0
20-11-2014 06:30:38 System Checkpoint
20-11-2014 17:07:45 Software Distribution Service 3.0
20-11-2014 22:51:32 Software Distribution Service 3.0
21-11-2014 13:00:22 Software Distribution Service 3.0
22-11-2014 20:03:46 Software Distribution Service 3.0
23-11-2014 23:24:44 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-25 06:16 - 2013-10-16 06:34 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FA4994F7-D9D9-49BE-BF8A-1123A84B76A0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-07-10 16:15 - 2008-07-10 16:15 - 00200704 ____N () C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL
2009-03-06 16:31 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2008-10-01 00:26 - 2008-10-01 00:26 - 00495616 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMMessages.dll
2008-10-01 00:28 - 2008-10-01 00:28 - 00438272 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMPROFILEMANAGER.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-05 23:55 - 2009-04-05 23:55 - 00755712 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2009-04-05 23:58 - 2009-04-05 23:58 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2010-04-14 08:59 - 2010-04-14 08:59 - 00854016 ____N () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2010-04-14 08:59 - 2010-04-14 08:59 - 00471040 ____N () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-04-08 11:59 - 2014-04-08 11:59 - 00476520 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-10-15 13:56 - 2014-10-15 13:56 - 00656376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 14:06 - 2014-10-15 14:06 - 00087896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00107872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 10343760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00638296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 01658200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00642376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00105280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00754520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00693096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00868680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00209224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00780120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00870736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 01003328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00769368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00856408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00669008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 02363216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 02613584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00834896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00286536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 02124120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00998720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 14:05 - 2014-10-15 14:05 - 00760136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00926568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00123712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2007-07-23 11:04 - 2007-07-23 11:04 - 00068080 ____N () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2014-10-15 14:06 - 2014-10-15 14:06 - 02560336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2008-05-14 13:40 - 2008-05-14 13:40 - 00262144 ____N () C:\WINDOWS\system32\wxvault.dll
2011-02-22 00:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2008-08-15 04:46 - 2008-08-15 04:46 - 02854912 ____N () C:\WINDOWS\system32\btwicons.dll
2008-07-10 16:25 - 2008-07-10 16:25 - 00057344 ____N () C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
2008-08-18 07:12 - 2008-08-18 07:12 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\SmithMicro.Common.dll
2008-08-18 07:12 - 2008-08-18 07:12 - 00016384 ____N () C:\Program Files\Dell\Dell ControlPoint\Dell.DcpPlugin.dll
2008-07-28 14:03 - 2008-07-28 14:03 - 00010752 ____N () C:\WINDOWS\system32\Wavx_ESC_Logging.dll
2008-03-10 11:47 - 2008-03-10 11:47 - 00004608 ____N () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2008-10-01 00:29 - 2008-10-01 00:29 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\UCMPlugin\SmithMicro.Common.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00098304 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Common.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00200704 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Application.dll
2008-10-01 00:26 - 2008-10-01 00:26 - 03567616 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.SharedUI.dll
2008-10-01 00:24 - 2008-10-01 00:24 - 00077824 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00028672 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.VpnController.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00040960 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\VpnWrapper.dll
2008-10-01 00:25 - 2008-10-01 00:25 - 00028672 ____N () C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SmithMicro.AsyncOperations.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 07670592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 14:06 - 2014-10-15 14:06 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 01626432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 14:06 - 2014-10-15 14:06 - 00641344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2011-11-03 08:09 - 2011-11-03 08:09 - 00102912 _____ () C:\Program Files\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00025600 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00015360 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll
2011-11-03 08:10 - 2011-11-03 08:10 - 00014848 _____ () C:\Program Files\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll
2010-12-10 15:49 - 2010-12-10 15:49 - 00324320 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2010-12-10 15:50 - 2010-12-10 15:50 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
2010-12-10 15:50 - 2010-12-10 15:50 - 00026848 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 12:59 - 2010-03-22 12:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e97e1748\mscorlib.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_041cb938\system.windows.forms.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6ece45b0\system.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f841a956\system.drawing.dll
2013-03-17 16:02 - 2013-03-17 16:02 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_8c229c00\system.xml.dll
2010-04-20 07:22 - 2010-04-20 07:22 - 00241664 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2010-04-20 07:22 - 2010-04-20 07:22 - 00971776 _____ () C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ChangeTPMAuth => C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: HP Software Update => "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: RoxioDragToDisc => C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-988371609-370694437-2419706928-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-988371609-370694437-2419706928-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-988371609-370694437-2419706928-1004 - Limited - Disabled)
Jason (S-1-5-21-988371609-370694437-2419706928-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Jason
Kazuyo (S-1-5-21-988371609-370694437-2419706928-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Kazuyo
SUPPORT_388945a0 (S-1-5-21-988371609-370694437-2419706928-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 02:11:59 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/23/2014 02:11:59 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/23/2014 02:05:46 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (11/23/2014 02:05:45 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (11/23/2014 01:27:58 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (11/23/2014 01:27:54 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log(NULL)

Error: (11/23/2014 01:27:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/23/2014 01:27:19 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/23/2014 01:27:19 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

System errors:
=============
Error: (11/23/2014 02:51:13 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 60 minutes.
NtpClient has no source of accurate time.

Error: (11/23/2014 02:21:01 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (11/23/2014 02:07:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (11/23/2014 02:05:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Yahoo! Updater service failed to start due to the following error:
%%3

Error: (11/23/2014 02:05:55 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (11/23/2014 02:05:55 PM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (11/23/2014 02:05:45 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain CBCI due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (11/23/2014 02:05:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%3

Error: (11/23/2014 02:04:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (11/23/2014 02:04:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/23/2014 02:11:59 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (11/23/2014 02:11:59 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance

Error: (11/23/2014 02:05:46 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (11/23/2014 02:05:45 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (11/23/2014 01:27:58 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (11/23/2014 01:27:54 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log(NULL)

Error: (11/23/2014 01:27:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)

Error: (11/23/2014 01:27:19 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl

Error: (11/23/2014 01:27:19 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 2035.83 MB
Available physical RAM: 604.52 MB
Total Pagefile: 3927.79 MB
Available Pagefile: 2337.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.75 GB) (Free:143.07 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: FC02FC02)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

kevinf80 · November 24, 2014

Thanks for the logs, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Complete a fresh install of Malwarebytes as follows:

Download and save mbam-clean.exe and save to your desktop from the following:

http://www.malwarebytes.org/mbam-clean.exe

Now do the following:

Click on Start and select Control Panel
Open Uninstall a Program for XP use Add/Remove Programs
Uninstall Malwarebytes' Anti-Malware
Restart your computer, very important to do that!!
Run mbam-clean.exe
It will ask to restart your computer, please allow it to do so, very important!!

Next,

D/L and install Malwarebytes again and update as follows :-

Download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
- Now select > Scan > Threat scan > Scan now
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
- After the restart (If applicable) once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the scan log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Next,

Download AdwCleaner by Xplode onto your Desktop.
Double click on Adwcleaner.exe to run the tool.

Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

Next,

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

Kevin...

Fixlist.txt

moonshadow · November 24, 2014

I have MBAM Premium installed. How will the uninstall and reinstall process impact that?

kevinf80 · November 24, 2014

As long as you have your licence details saved it will make no difference, the following links gives better information for clean install:

https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/

moonshadow · November 24, 2014

The MBAM Clean Removal Process 2x described in the link appears more detailed. Since I have MBAM Premium 2.0.3.1025, do I follow these instructions in lieu of yours for uninstall / reinstall segment of MBAM? (i.e. Method 1 —— Paid PRO / PREMIUM version (clean reinstall/upgrade)). Not sure what you want me to do.

kevinf80 · November 24, 2014

I want you to uninstall, run the cleaner tool and then re-install. Make sure to update, then run a threat scan with the settings I quoted...

moonshadow · November 29, 2014

Kevin:

The prolonged delay started with a sudden message on 11/23 that my username or password was incorrect during the normal course of signing into the MBAM forum. I don't know why this happened but after several attempts, I chose the "forgot password" link. I got an automatic response that instructions will be sent to my email to reset password but nothing happened. There was no email follow-up.

Since I could not log-in, I could not send a personal message to you or the administrator. Even though the help info says to contact the administrator, there seems to be no avenue to do so without access to an email address.

On 11/25, I emailed support@malwarebytes.org . After several days, the assigned agent responded but did not address the issue at hand (to reset password). While awaiting to get back on track, I tried the "forgot password" link once again today. This time it worked and I got the standard email followup to reset password. Still don't know how this occured in the first place.

I noted to you on 11/23 that when I now go to the MBAM forum, the URL address window turns pink.

"There is a problem with this website's security certificate."

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

I've been opting to continue to the website and have not chosen to install the certificate that appears after clicking the Certificate Error button.

To continue where we last left off, I've successfully run all scans as instructed.

=========================================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014

Ran by sshiigi at 2014-11-24 11:13:16 Run:1

Running from C:\Documents and Settings\sshiigi\Desktop

Loaded Profile: sshiigi (Available profiles: sshiigi & Kazuyo & Jason & Administrator)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

start

URLSearchHook: [s-1-5-21-796845957-1383384898-839522115-4640] ATTENTION ==> Default URLSearchHook is missing.

URLSearchHook: HKU\S-1-5-21-796845957-1383384898-839522115-4640 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com"<======= ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-796845957-1383384898-839522115-4640\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM -> DefaultScope value is missing.

BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()

FF Extension: Ad-Aware Security Toolbar - C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2014-06-11]

S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]

C:\Documents and Settings\sshiigi\Local Settings\Temp\5e468798-8a98-453d-9768-617ddbd7f51d.exe

C:\Documents and Settings\sshiigi\Local Settings\Temp\8v1dawuz.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbksw9o.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\foft6zyp.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\fw1g_zju.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\henusa-5.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\java-installer.exe

C:\Documents and Settings\sshiigi\Local Settings\Temp\n3t0azp3.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\niguungz.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\ntdll_dump.dll

C:\Documents and Settings\sshiigi\Local Settings\Temp\w6log5lc.dll

CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

CustomCLSID: HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

EmptyTemp:

end

*****************

Error setting Default URLSearchHook.

HKU\S-1-5-21-796845957-1383384898-839522115-4640\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully.

"HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-796845957-1383384898-839522115-4640\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key deleted successfully.

"HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} => value deleted successfully.

"HKCR\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}" => Key not found.

C:\Documents and Settings\sshiigi\Application Data\Mozilla\Firefox\Profiles\fu2922xy.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} => Moved successfully.

SBRE => Service deleted successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\5e468798-8a98-453d-9768-617ddbd7f51d.exe => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\8v1dawuz.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbksw9o.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\foft6zyp.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\fw1g_zju.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\henusa-5.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\java-installer.exe => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\n3t0azp3.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\niguungz.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\ntdll_dump.dll => Moved successfully.

C:\Documents and Settings\sshiigi\Local Settings\Temp\w6log5lc.dll => Moved successfully.

"HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.

"HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.

"HKU\S-1-5-21-796845957-1383384898-839522115-4640_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.

EmptyTemp: => Removed 1.7 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/24/2014

Scan Time: 2:08:56 PM

Logfile: MBAM History Applica Logs Scan Log Copy to Clipbrd.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.24.11

Rootkit Database: v2014.11.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: sshiigi

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 583718

Time Elapsed: 36 min, 7 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

+++++++++++++++++

# AdwCleaner v4.102 - Report created 24/11/2014 at 15:06:20

# Updated 23/11/2014 by Xplode

# Database : 2014-11-23.7 [Local]

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : sshiigi - DFB69GJ1

# Running from : C:\Documents and Settings\sshiigi\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Toolbar Cleaner

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SecureSearch

Folder Deleted : C:\Documents and Settings\sshiigi\Application Data\adawaretb

Folder Deleted : C:\Documents and Settings\administrator.CBCI\Application Data\Mozilla\Firefox\Profiles\c4kbf8cm.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Folder Deleted : C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\e68jkvzq.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

Folder Deleted : C:\Documents and Settings\Kazuyo\Application Data\Mozilla\Firefox\Profiles\8l204eq6.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[!] Folder Deleted : C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

[!] Folder Deleted : C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

[!] Folder Deleted : C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}

Key Deleted : HKCU\Software\adawaretb

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

Key Deleted : HKLM\SOFTWARE\adawaretb

Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserSafeGuard

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v27.0.1 (en-US)

-\\ Google Chrome v39.0.2171.65

[C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://maxwebsearch.com/s?User_ID=7422831e-0807-41fe-a043-3fca7c644112&i_id=Browsersafeguard-ext&query={searchTerms}

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

[C:\Documents and Settings\Kazuyo\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : geggofhlfbcmanadhknllmlajiafopoh

[C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Documents and Settings\sshiigi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl

*************************

AdwCleaner[R0].txt - [5294 octets] - [24/11/2014 14:54:11]

AdwCleaner[s0].txt - [5297 octets] - [24/11/2014 15:06:20]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5357 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.9 (11.15.2014:2)

OS: Microsoft Windows XP x86

Ran by sshiigi on Mon 11/24/2014 at 15:19:32.73

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ad-aware browsing protection"

Successfully deleted: [Folder] "C:\Documents and Settings\sshiigi\Local Settings\Application Data\adawarebp"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 11/24/2014 at 15:30:31.10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+++++++++++++++++

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Thu Nov 21 06:16:15 2013

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 21 06:23:30 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)

Started On Mon Mar 17 13:03:02 2014

Engine: 1.1.10302.0

Signatures: 1.167.1001.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 17 13:07:54 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)

Started On Wed Sep 10 03:19:36 2014

Engine: 1.1.10904.0

Signatures: 1.183.882.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 10 03:27:42 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Wed Oct 15 06:52:41 2014

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 07:09:41 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Thu Nov 13 16:00:36 2014

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 16:08:41 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Mon Nov 24 16:14:47 2014

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 24 16:24:48 2014

Return code: 0 (0x0)

kevinf80 · November 30, 2014

Problem with forum password was down to the site being hacked, hence all passwords were blocked. There was an email issued to all members, (me included) with instructions to reset passwords...

What is the current status of your system now, are there any remaining issues or concerns....

Thanks,

Kevin...

moonshadow · November 30, 2014

Strange, I never got the email warning to all members to change the password.

The only remaining issue is the message that appears on the MBAM Forum site "There is a problem with the security cerificate for this site," with the URL address window turning pink. By clicking on the Certificate Error box, the message says Cerifificate Invalid, with a link to View Certificate. When viewed it says, "This CA Root certificate is not trusted. To enable trust install the certificate in the trusted certificate authorities store. Issued to enterprise-ssl.envisionpower.com. The button allows you to Install Ceritificate.

Do I install certificate? So far, I've been opting to continue to the forum website but have not chosen to install.

Otherwise, my system is all good. Thanks you for all your patience.

moonshadow.

kevinf80 · November 30, 2014

Which browser gives the certificate issue? Can you try from another browser and see if you get the same certificate error..

Thanks,

Kevin...

moonshadow · November 30, 2014

I use Internet Explorer 8 with Windows XP. The certificate error does NOT show using Google Chrome. I continue to use IE 8 knowing that XP is no longer supported. Don't like Windows 8 and considering Windows 7 if it will let me update to IE 9.

Right now, the below Security Update message conitnually shows up. Although its downloaded and ready to install, it won't install. Assumed this is related to XP no longer being supported.

"Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941)."

Download size (total): 0 KB *

Estimated time at your connection speed: 0 minutes *

(*Downloaded; ready to install)

Some Updates were not installed. Failed installation.

kevinf80 · December 1, 2014

Yes I believe XP maybe is a problem for you, this version of Windows is dead in the water. Is your PC many years old, can you consider updating to Windows 7.

Have aread here: http://windows.microsoft.com/en-GB/windows7/upgrading-to-windows-7-faq is this helping you. A system that run XP will probably run Windows 7, not sure an upgrade to Windows 8 or 8.1 will be possible for you..

Can you tell me your options...

moonshadow · December 1, 2014

The Windows 7 Upgrade Advisor Report shows I have the minimum system requirements to upgrade to Windows 7 32bit or 64bit. Any recommendation on this choice?

Review of Windows 8.1 system requirements also shows a clean installation may be possible, depending on whether my processor supports PAE, NX, and SSE2. I would still need to check my BIOS to confrim this. An upgrade to 8.1 cannot be done from XP since an upgrade requires the system currently run Windows 7 or 8.

My Dell Latitude E6400 purchased in 3/2009 currently has:

2.4 GHz CPU (min. 1 GHz required)
2.0 GB RAM (min. 1 GB for 32 bit & 2 GB for 64 bit required)
148 GB free space on C: (min. 16 GB for 32 bit & 20 GB for 64 bit required)
Graphic adapter supports Windows Aero user interface

I will consider an upgrade to Windows 7. Would I also need to upgrade Office Pro XP?
I will also weigh in the benefits of transitioning to Mac instead. Do you know if I'll be able to transfer my existing data and settings fairly seemlessly? Compatibility no longer seems to be an issue and every Mac owner I know seems real happy they switched.
For the time being, with respect to the MBAM certificate error issue, is there a problem with installing the suggested certificate (per post yeserday at 12:30pm)?

kevinf80 · December 1, 2014

I do not see any problems installing the certificate you quote..

Regarding a "Mac" cannot help there, absolutely no experience whatsoever.

Upgrade to Windows 7 or Windows 8.1, I would upgrade to Windows 7, is the easiest option for you. I guess the determining factor would be the age of your system, maybe a new PC or laptop is a better option.

Regarding MS office, depends what version it is. I believe Office 2003 or above are supported by W7, have a read here: http://support.microsoft.com/kb/978592

Let me know what you intend to do. Do you have any remaining issues or concerns with the system as is of now...

Kevin...

moonshadow · December 2, 2014

My system is running fine for the most part but one additional item came up when I opened Google Chrome. MBAM detected a PUP called MySearchDial. It happens everytime I use GC and FireFox. Haven't used FireFox at all recently. I think its related to the toolbars. I thought the various series of scans would have picked up MySearchDial.

I noticed that the MBAM Forum address in IE8 was different than what showed in Google Chrome. I copied that address over to IE8 and that resolved the Certicate Error warning. Installing the referenced certificate did nothing.

Regarding updating from XP, I think I'll start exploring the Mac with the hope the transition won't be too painful. My thought is to direct the money and time I would otherwise spend on updating Windows. I've not made the leap before because of compatibility issues with my work environment that's always been PC oriented. Hopefully by now, the transition will be virtually seemless.

moonshadow

moonshadow · December 2, 2014

Spoke too soon. The Certificate Error showed up again.

kevinf80 · December 2, 2014

Go here: http://windows.microsoft.com/en-gb/windows-vista/reset-internet-explorer-8-settings scroll down to "To Reset Internet Explorer Settings Autmatically" expand that option and run the "Fixit" tool...

Next,

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7/8 accept UAC alert)

When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Close out all browsers and turn off Security.
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin.....

Dept of Justice virus Ransomware Money Pak scam

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information