Jump to content

Recommended Posts

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Thanks for your assistance.  Here are the first two.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by paul.smith (administrator) on PAULSOFFICE on 26-01-2015 12:20:29
Running from \\SBS01\Users\Paul.Smith\Downloads
Loaded Profiles: paul.smith (Available profiles: Administrator & paul.smith & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-01-13] (Brother Industries, Ltd.)
HKLM\...\Run: [brStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [1300792 2014-04-10] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\...\Policies\Explorer: [DisablePersonalDirChange] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5090116
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-2072321966-259001148-2609447416-1136\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
URLSearchHook: HKU\S-1-5-21-2072321966-259001148-2609447416-1136 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2072321966-259001148-2609447416-1136 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264540604700
DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} http://192.168.1.148/vcredist_x86.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A444A75B-D0C1-4440-B830-4F8206ADE1F5} http://203.254.221.27:7000/ems/download/ezPDFLauncherX2.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @alternatiff.com/AlternaTIFF -> C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX OVS Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kingsfot.com/npkws -> c:\program files\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2072321966-259001148-2609447416-1136: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\PAUL~1.SMI\APPLIC~1\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\paul.smith\Application Data\Mozilla\Firefox\Profiles\z5x3mr44.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-19]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-01-21]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-01-21]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\paul.smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2010-12-08]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2010-12-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-22] (Oracle Corporation)
S2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [347448 2014-04-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 kxescore; "c:\program files\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation) [File not signed]
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [46296 2014-04-11] ()
R0 KAVBootC; C:\WINDOWS\System32\Drivers\KAVBootC.sys [31592 2014-12-01] (Kingsoft Corporation)
R2 kisknl; C:\WINDOWS\system32\drivers\kisknl.sys [237880 2014-12-01] (Kingsoft Corporation)
S3 ksapi; C:\WINDOWS\system32\drivers\ksapi.sys [80744 2014-12-01] (Kingsoft Corporation)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [35392 2011-09-22] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-26] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
S3 TIEHDUSB; C:\WINDOWS\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated) [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30208 2011-01-15] (Elaborate Bytes AG) [File not signed]
S1 KDHacker; \??\c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [X]
S3 usbkey; system32\DRIVERS\USBKey.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 17:27 - 2015-01-25 17:27 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Application Data\CrashRpt
2015-01-25 16:33 - 2015-01-26 10:11 - 00000440 _____ () C:\WINDOWS\Tasks\SMupdate3.job
2015-01-25 16:33 - 2015-01-26 10:11 - 00000440 _____ () C:\WINDOWS\Tasks\SMupdate2.job
2015-01-25 16:33 - 2015-01-26 10:11 - 00000440 _____ () C:\WINDOWS\Tasks\SMupdate1.job
2015-01-25 16:31 - 2015-01-25 16:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SearchModulePlus
2015-01-20 16:44 - 2015-01-20 16:52 - 00000000 ____D () C:\Program Files\nLite
2015-01-20 16:44 - 2015-01-20 16:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\nLite
2015-01-20 10:26 - 2015-01-20 10:59 - 00000000 ____D () C:\RAID
2015-01-20 09:39 - 2015-01-20 09:39 - 00000740 _____ () C:\Documents and Settings\All Users\Desktop\Win32DiskImager.lnk
2015-01-20 09:39 - 2015-01-20 09:39 - 00000000 ____D () C:\Program Files\ImageWriter
2015-01-20 09:39 - 2015-01-20 09:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Image Writer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 12:20 - 2014-07-21 15:33 - 00000000 ____D () C:\FRST
2015-01-26 12:20 - 2009-03-27 12:51 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Temp
2015-01-26 12:13 - 2012-12-19 17:03 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-26 12:06 - 2008-04-25 04:17 - 00000000 ____D () C:\WINDOWS\security
2015-01-26 12:05 - 2014-09-25 07:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-26 12:03 - 2009-03-27 12:44 - 00000152 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2015-01-26 12:00 - 2008-04-25 16:28 - 01764166 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-26 11:25 - 2014-02-04 14:44 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 10:20 - 2013-08-04 13:50 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-01-26 10:11 - 2014-05-05 08:16 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 10:11 - 2014-02-04 14:44 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 10:10 - 2012-02-07 10:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-26 10:10 - 2012-02-07 10:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-26 10:10 - 2008-04-25 16:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-26 10:10 - 2008-04-25 11:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-26 10:09 - 2009-03-27 12:51 - 00000278 ___SH () C:\Documents and Settings\paul.smith\ntuser.ini
2015-01-26 10:09 - 2008-04-25 16:32 - 00032170 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-25 23:02 - 2008-04-25 16:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-01-25 17:27 - 2011-01-21 10:20 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-25 16:33 - 2008-04-25 16:27 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-25 16:32 - 2014-02-04 14:45 - 00002001 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-25 16:32 - 2010-02-26 14:40 - 00000912 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-25 06:13 - 2012-11-17 12:49 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-25 06:13 - 2012-11-17 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-23 11:11 - 2012-02-27 18:07 - 00247959 _____ () C:\WINDOWS\setupapi.log
2015-01-23 11:11 - 2012-01-12 03:00 - 00001415 _____ () C:\WINDOWS\setupact.log
2015-01-21 18:50 - 2009-03-27 19:00 - 00009746 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-01-20 15:32 - 2012-04-25 12:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-19 19:35 - 2008-04-25 16:32 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-01-16 00:30 - 2008-04-25 16:26 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-13 21:39 - 2010-09-01 09:50 - 00000039 _____ () C:\MLSETUP.LOG
2015-01-13 21:39 - 2009-06-17 17:25 - 00003634 _____ () C:\kl2log.htm
2015-01-13 21:37 - 2008-04-25 16:26 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-13 21:35 - 2009-03-31 21:30 - 00000000 ____D () C:\Program Files\asystV10 Dealer Management
2015-01-12 12:16 - 2014-06-24 16:07 - 00000000 ____D () C:\Documents and Settings\paul.smith\Local Settings\Application Data\Adobe
2015-01-12 12:13 - 2014-05-08 09:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-12 12:13 - 2012-05-12 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-12-31 06:13 - 2011-01-15 13:11 - 00249488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-12-08 15:27 - 2011-12-08 18:46 - 0000040 _____ () C:\Documents and Settings\paul.smith\Application Data\cdr.ini
2011-10-03 12:33 - 2011-10-03 12:33 - 0087608 _____ () C:\Documents and Settings\paul.smith\Application Data\inst.exe
2006-02-14 19:44 - 2006-02-14 19:44 - 0000015 ____H () C:\Documents and Settings\paul.smith\Application Data\paul.smithlog.dat
2011-10-03 12:33 - 2011-10-03 12:33 - 0007887 _____ () C:\Documents and Settings\paul.smith\Application Data\pcouffin.cat
2011-10-03 12:33 - 2011-10-03 12:33 - 0001144 _____ () C:\Documents and Settings\paul.smith\Application Data\pcouffin.inf
2011-10-03 12:33 - 2011-10-03 12:33 - 0000055 _____ () C:\Documents and Settings\paul.smith\Application Data\pcouffin.log
2011-10-03 12:33 - 2011-10-03 12:33 - 0047360 _____ (VSO Software) C:\Documents and Settings\paul.smith\Application Data\pcouffin.sys
2011-01-26 09:46 - 2011-02-03 19:18 - 0001189 ____H () C:\Documents and Settings\paul.smith\Application Data\vso_ts_preview.xml
2013-11-23 09:42 - 2013-11-23 09:42 - 0893239 _____ () C:\Documents and Settings\paul.smith\Local Settings\Application Data\a.zip
2013-11-23 09:42 - 2013-11-23 09:42 - 2162416 _____ (Catalina Marketing Corp) C:\Documents and Settings\paul.smith\Local Settings\Application Data\BcsKtYcHW.dll
2009-11-13 17:55 - 2013-10-12 08:32 - 0024576 _____ () C:\Documents and Settings\paul.smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-07-13 17:33 - 2009-07-13 17:33 - 0000133 _____ () C:\Documents and Settings\paul.smith\Local Settings\Application Data\fusioncache.dat
2010-04-22 11:27 - 2011-01-15 11:08 - 0000000 _____ () C:\Documents and Settings\paul.smith\Local Settings\Application Data\prvlcl.dat

Some content of TEMP:
====================
C:\Documents and Settings\paul.smith\Local Settings\Temp\applnch.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\DPInst64.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\hellow.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\install_flashplayer16x32au_mssd_aaa_aih.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\regini.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\sbs 2011 standard iso__10924_i1457177435_il2443938.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\System.Data.SQLite.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\System.Data.SQLite60f82232-5250-4ef5-88f5-77b4dfeda636.dll
C:\Documents and Settings\paul.smith\Local Settings\Temp\tu17p84.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\VOPackage.exe
C:\Documents and Settings\paul.smith\Local Settings\Temp\ytdkiemon_amodk_setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by paul.smith at 2015-01-26 12:21:20
Running from \\SBS01\Users\Paul.Smith\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 新毒霸铠甲防御 (Disabled - Up to date) {B3DDB456-E18B-4D81-9EB0-E23ABB4D2B12}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
asyst Dealer Management for Microsoft Office v10 (HKLM\...\asyst Dealer Management for Microsoft Office v10) (Version: 10 - United Systems Technology, Inc.)
Belarc Advisor 8.1 (HKLM\...\Belarc Advisor) (Version:  - )
Blue Iris ActiveX Control (HKLM\...\InstallShield_{7106E079-28CA-4FEC-A083-6577EB674526}) (Version: 3.0.0.8 - Perspective Software)
Blue Iris ActiveX Control (Version: 3.0.0.8 - Perspective Software) Hidden
Brother MFL-Pro Suite MFC-8950DW (HKLM\...\{37372D85-4945-4B6B-AC87-7BC5D1AB9F5C}) (Version: 1.0.6.0 - Brother Industries, Ltd.)
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
DSX System Administrator (HKLM\...\{A3D1AF62-A77F-43C6-B476-663194599655}) (Version: 2.21 - NEC Infrontia, Inc.)
Easy Duplicate Finder v. 3.1 (HKLM\...\Easy Duplicate Finder_is1) (Version:  - WebMinds, Inc.)
Elevated Installer (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
EOSInfo (HKLM\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
EPS File Viewer (HKLM\...\{35B4B5ED-41DE-4CAB-A757-F967474819DC}_is1) (Version:  - epsfileviewer.com)
Firebird SQL Server - MAGIX Edition (HKLM\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Free Audio CD to MP3 Converter version 1.3.11.908 (HKLM\...\Free Audio CD to MP3 Converter_is1) (Version:  - DVDVideoSoft Ltd.)
Garmin Express (HKLM\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Harley-Davidson Super Tuner VCI Drivers (Driver Removal) (HKLM\...\HDVCCOMM&125E&1802) (Version:  - )
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
LAN-Fax Utilities (HKLM\...\LAN-Fax Utilities) (Version:  - )
Malwarebytes Anti-Exploit version 0.10.3.0100 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.3.0100 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Access 2002 Runtime (HKLM\...\{901C0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
nLite 1.4.9.3 (HKLM\...\nLite_is1) (Version: 1.4.9.3 - Dino Nuhagic (nuhi))
Power Vision Software (HKLM\...\{C665EE1E-47D7-4169-80E2-6F7077BB4184}) (Version: 1.0.68.1180 - Dynojet Research Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
RPM Control Center Version 1.0.0.4 (HKLM\...\{13185BE4-096D-4857-B62B-057056AB572C}_is1) (Version:  - Rinehart Racing)
Screamin Eagle Pro Super Tuner (HKLM\...\{BC317EDD-5E0D-4CF0-A619-8B1EA798BA89}) (Version: 6.000.0006 - Harley-Davidson)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Serif PhotoPlus Starter Edition 3 (HKLM\...\{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}) (Version: 3.0.0.008 - Serif (Europe) Ltd)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600211) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{FD1408CA-47E3-45C8-B7CB-75AEB8F98DA1}) (Version: 2.13.0273 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{D3D2A5FF-55C2-4A5A-BDAC-A502A66E6B8D}) (Version: 2.13.0246 - Samsung Electronics Co., Ltd.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VolID 4.0.1 Demo (HKLM\...\VolID_is1) (Version:  - SoftRM)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinPEP 7 (HKLM\...\InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}) (Version: 7.5.1.14 - Dynojet Research Inc.)
WinPEP 7 (Version: 7.5.1.14 - Dynojet Research Inc.) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\paul.smith\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{2 (the data entry has 55 more characters).
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\paul.smith\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{6 (the data entry has 61 more characters).
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{2A235D7E-0358-40E2-B51A-DE22F8F5C50D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\paul.smith\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{1 (the data entry has 56 more characters).
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{672CDBDB-0270-4EB9-83EC-216377522D21}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\paul.smith\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{2 (the data entry has 55 more characters).
CustomCLSID: HKU\S-1-5-21-2072321966-259001148-2609447416-1136_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path

==================== Restore Points  =========================

28-10-2014 21:44:52 Software Distribution Service 3.0
29-10-2014 08:07:12 Software Distribution Service 3.0
29-10-2014 21:44:22 Software Distribution Service 3.0
30-10-2014 08:07:27 Software Distribution Service 3.0
30-10-2014 21:44:46 Software Distribution Service 3.0
31-10-2014 08:07:16 Software Distribution Service 3.0
31-10-2014 21:45:06 Software Distribution Service 3.0
01-11-2014 08:07:07 Software Distribution Service 3.0
01-11-2014 21:44:59 Software Distribution Service 3.0
02-11-2014 08:07:04 Software Distribution Service 3.0
02-11-2014 22:44:45 Software Distribution Service 3.0
03-11-2014 08:07:04 Software Distribution Service 3.0
03-11-2014 22:44:22 Software Distribution Service 3.0
04-11-2014 08:07:02 Software Distribution Service 3.0
04-11-2014 22:45:13 Software Distribution Service 3.0
05-11-2014 08:07:00 Software Distribution Service 3.0
05-11-2014 22:45:15 Software Distribution Service 3.0
06-11-2014 08:06:58 Software Distribution Service 3.0
06-11-2014 22:44:43 Software Distribution Service 3.0
07-11-2014 08:06:57 Software Distribution Service 3.0
07-11-2014 22:45:06 Software Distribution Service 3.0
08-11-2014 08:06:55 Software Distribution Service 3.0
08-11-2014 22:44:51 Software Distribution Service 3.0
09-11-2014 08:06:54 Software Distribution Service 3.0
09-11-2014 22:44:24 Software Distribution Service 3.0
10-11-2014 08:06:52 Software Distribution Service 3.0
10-11-2014 22:45:10 Software Distribution Service 3.0
11-11-2014 08:06:59 Software Distribution Service 3.0
11-11-2014 22:44:38 Software Distribution Service 3.0
12-11-2014 08:07:10 Software Distribution Service 3.0
12-11-2014 22:53:20 Software Distribution Service 3.0
13-11-2014 09:25:07 Software Distribution Service 3.0
13-11-2014 22:53:18 Software Distribution Service 3.0
14-11-2014 09:25:02 Software Distribution Service 3.0
14-11-2014 22:53:37 Software Distribution Service 3.0
15-11-2014 09:25:13 Software Distribution Service 3.0
15-11-2014 22:52:49 Software Distribution Service 3.0
16-11-2014 09:24:55 Software Distribution Service 3.0
16-11-2014 22:52:40 Software Distribution Service 3.0
17-11-2014 09:24:56 Software Distribution Service 3.0
17-11-2014 22:52:59 Software Distribution Service 3.0
18-11-2014 09:24:15 Software Distribution Service 3.0
18-11-2014 22:53:20 Software Distribution Service 3.0
19-11-2014 09:24:12 Software Distribution Service 3.0
19-11-2014 22:53:11 Software Distribution Service 3.0
20-11-2014 09:24:10 Software Distribution Service 3.0
20-11-2014 22:53:42 Software Distribution Service 3.0
21-11-2014 09:22:31 Software Distribution Service 3.0
21-11-2014 22:52:59 Software Distribution Service 3.0
22-11-2014 09:21:38 Software Distribution Service 3.0
22-11-2014 11:54:20 Installed QuickTime 7
22-11-2014 22:39:40 Software Distribution Service 3.0
23-11-2014 12:57:33 Software Distribution Service 3.0
23-11-2014 22:39:16 Software Distribution Service 3.0
24-11-2014 12:57:38 Software Distribution Service 3.0
24-11-2014 22:39:46 Software Distribution Service 3.0
25-11-2014 12:57:28 Software Distribution Service 3.0
25-11-2014 22:39:44 Software Distribution Service 3.0
26-11-2014 12:57:33 Software Distribution Service 3.0
26-11-2014 22:40:05 Software Distribution Service 3.0
27-11-2014 12:56:48 Software Distribution Service 3.0
27-11-2014 22:39:50 Software Distribution Service 3.0
28-11-2014 22:40:18 Software Distribution Service 3.0
29-11-2014 12:34:33 Software Distribution Service 3.0
29-11-2014 23:07:19 Software Distribution Service 3.0
30-11-2014 15:07:20 Software Distribution Service 3.0
30-11-2014 23:06:47 Software Distribution Service 3.0
01-12-2014 14:13:50 Installed AnyCAD SkpViewer 5.0
01-12-2014 14:16:51 Revo Uninstaller's restore point - 新毒霸(悟空)
01-12-2014 15:07:54 Software Distribution Service 3.0
01-12-2014 16:07:05 Restore Operation
01-12-2014 16:16:05 Revo Uninstaller's restore point - AnyCAD SkpViewer 5.0
01-12-2014 16:16:20 Removed AnyCAD SkpViewer 5.0
01-12-2014 22:56:27 Software Distribution Service 3.0
02-12-2014 16:40:48 Software Distribution Service 3.0
02-12-2014 22:55:24 Software Distribution Service 3.0
03-12-2014 16:40:47 Software Distribution Service 3.0
03-12-2014 22:55:51 Software Distribution Service 3.0
04-12-2014 22:55:40 Software Distribution Service 3.0
05-12-2014 16:29:05 Software Distribution Service 3.0
05-12-2014 22:55:26 Software Distribution Service 3.0
06-12-2014 16:29:06 Software Distribution Service 3.0
06-12-2014 22:55:29 Software Distribution Service 3.0
07-12-2014 16:28:58 Software Distribution Service 3.0
07-12-2014 22:55:21 Software Distribution Service 3.0
08-12-2014 16:28:54 Software Distribution Service 3.0
08-12-2014 22:55:54 Software Distribution Service 3.0
09-12-2014 16:29:02 Software Distribution Service 3.0
10-12-2014 16:28:48 Software Distribution Service 3.0
10-12-2014 22:55:37 Software Distribution Service 3.0
11-12-2014 16:29:11 Software Distribution Service 3.0
11-12-2014 22:55:41 Software Distribution Service 3.0
12-12-2014 16:28:36 Software Distribution Service 3.0
12-12-2014 22:56:09 Software Distribution Service 3.0
13-12-2014 16:28:30 Software Distribution Service 3.0
13-12-2014 22:55:25 Software Distribution Service 3.0
14-12-2014 16:28:30 Software Distribution Service 3.0
14-12-2014 22:55:56 Software Distribution Service 3.0
15-12-2014 16:29:18 Software Distribution Service 3.0
16-12-2014 16:27:48 Software Distribution Service 3.0
16-12-2014 22:55:50 Software Distribution Service 3.0
17-12-2014 16:27:46 Software Distribution Service 3.0
17-12-2014 22:56:28 Software Distribution Service 3.0
18-12-2014 16:28:15 Software Distribution Service 3.0
18-12-2014 22:55:25 Software Distribution Service 3.0
19-12-2014 16:27:36 Software Distribution Service 3.0
19-12-2014 22:56:29 Software Distribution Service 3.0
20-12-2014 16:27:30 Software Distribution Service 3.0
20-12-2014 22:55:51 Software Distribution Service 3.0
21-12-2014 16:27:23 Software Distribution Service 3.0
21-12-2014 22:56:16 Software Distribution Service 3.0
22-12-2014 16:27:29 Software Distribution Service 3.0
22-12-2014 22:55:29 Software Distribution Service 3.0
23-12-2014 16:27:26 Software Distribution Service 3.0
23-12-2014 22:56:26 Software Distribution Service 3.0
24-12-2014 16:27:14 Software Distribution Service 3.0
24-12-2014 22:56:23 Software Distribution Service 3.0
25-12-2014 16:27:16 Software Distribution Service 3.0
25-12-2014 22:55:21 Software Distribution Service 3.0
26-12-2014 16:27:15 Software Distribution Service 3.0
26-12-2014 22:55:57 Software Distribution Service 3.0
27-12-2014 16:27:11 Software Distribution Service 3.0
27-12-2014 22:56:41 Software Distribution Service 3.0
28-12-2014 16:27:11 Software Distribution Service 3.0
28-12-2014 22:56:03 Software Distribution Service 3.0
29-12-2014 16:27:13 Software Distribution Service 3.0
29-12-2014 22:56:09 Software Distribution Service 3.0
30-12-2014 16:27:14 Software Distribution Service 3.0
30-12-2014 22:55:56 Software Distribution Service 3.0
31-12-2014 16:27:43 Software Distribution Service 3.0
31-12-2014 22:55:56 Software Distribution Service 3.0
01-01-2015 16:27:06 Software Distribution Service 3.0
01-01-2015 22:55:17 Software Distribution Service 3.0
02-01-2015 16:27:08 Software Distribution Service 3.0
02-01-2015 22:55:42 Software Distribution Service 3.0
03-01-2015 16:27:19 Software Distribution Service 3.0
03-01-2015 22:55:59 Software Distribution Service 3.0
04-01-2015 16:27:13 Software Distribution Service 3.0
04-01-2015 22:55:38 Software Distribution Service 3.0
05-01-2015 16:22:27 Software Distribution Service 3.0
05-01-2015 22:55:19 Software Distribution Service 3.0
06-01-2015 16:22:21 Software Distribution Service 3.0
06-01-2015 23:09:07 Software Distribution Service 3.0
07-01-2015 16:22:45 Software Distribution Service 3.0
07-01-2015 23:11:17 Software Distribution Service 3.0
08-01-2015 16:22:32 Software Distribution Service 3.0
08-01-2015 22:55:27 Software Distribution Service 3.0
09-01-2015 16:22:36 Software Distribution Service 3.0
09-01-2015 22:55:48 Software Distribution Service 3.0
10-01-2015 11:18:20 Uniblue SpeedUpMyPC installation
10-01-2015 11:20:27 Revo Uninstaller's restore point - PowerISO
10-01-2015 11:23:23 Revo Uninstaller's restore point - SpeedUpMyPC
10-01-2015 16:22:27 Software Distribution Service 3.0
10-01-2015 22:56:45 Software Distribution Service 3.0
11-01-2015 16:22:25 Software Distribution Service 3.0
11-01-2015 22:55:56 Software Distribution Service 3.0
12-01-2015 23:10:24 Software Distribution Service 3.0
13-01-2015 12:23:47 Software Distribution Service 3.0
14-01-2015 12:23:51 Software Distribution Service 3.0
14-01-2015 23:10:30 Software Distribution Service 3.0
15-01-2015 12:23:57 Software Distribution Service 3.0
15-01-2015 23:09:22 Software Distribution Service 3.0
16-01-2015 12:25:33 Software Distribution Service 3.0
16-01-2015 23:10:35 Software Distribution Service 3.0
17-01-2015 12:23:38 Software Distribution Service 3.0
17-01-2015 23:09:30 Software Distribution Service 3.0
18-01-2015 12:23:37 Software Distribution Service 3.0
18-01-2015 23:09:25 Software Distribution Service 3.0
19-01-2015 12:23:45 Software Distribution Service 3.0
19-01-2015 23:10:11 Software Distribution Service 3.0
20-01-2015 12:23:29 Software Distribution Service 3.0
20-01-2015 22:49:49 Software Distribution Service 3.0
21-01-2015 23:27:31 Software Distribution Service 3.0
22-01-2015 11:10:59 Software Distribution Service 3.0
22-01-2015 23:26:56 Software Distribution Service 3.0
23-01-2015 11:10:50 Software Distribution Service 3.0
23-01-2015 23:27:33 Software Distribution Service 3.0
24-01-2015 11:11:03 Software Distribution Service 3.0
24-01-2015 23:27:02 Software Distribution Service 3.0
25-01-2015 11:10:46 Software Distribution Service 3.0
25-01-2015 16:33:53 Revo Uninstaller's restore point - PastaLeads
25-01-2015 16:36:47 Revo Uninstaller's restore point - YTDownloader
25-01-2015 16:38:57 Revo Uninstaller's restore point - PC Speed Up
25-01-2015 17:05:54 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
25-01-2015 17:10:45 Revo Uninstaller's restore point - moters
25-01-2015 17:10:56 Removed moters
25-01-2015 17:11:47 Revo Uninstaller's restore point - RocketTab:
25-01-2015 17:13:11 Revo Uninstaller's restore point - tricomfi
25-01-2015 17:13:19 Removed tricomfi
25-01-2015 17:25:09 Restore Operation
25-01-2015 17:28:41 Restore Operation
25-01-2015 17:35:54 Removed Apple Software Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-25 11:16 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DoxillionReminder.job => C:\Program Files\NCH Software\Doxillion\doxillion.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RegInOut Scheduled Scan - paul.smith.job => C:\Program Files\RegInOut\RegInOut.exe
Task: C:\WINDOWS\Tasks\SMupdate1.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate2.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMupdate3.job => C:\PROGRA~1\COMMON~1\System\SysMenu.dll <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2012-12-04 16:33 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2007-07-23 15:04 - 2007-07-23 15:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2014-09-25 07:57 - 2015-01-14 23:54 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:SummaryInformation

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: ISUSPM => "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

========================= Accounts: ==========================

Administrator (S-1-5-21-1499386506-2569268707-940252211-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1499386506-2569268707-940252211-1007 - Limited - Enabled)
Guest (S-1-5-21-1499386506-2569268707-940252211-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1499386506-2569268707-940252211-1004 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1499386506-2569268707-940252211-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 05:35:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 35.0.0.5486, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2015 05:28:06 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/25/2015 05:28:06 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (01/25/2015 05:23:02 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/25/2015 05:23:02 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (01/25/2015 05:16:08 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.

Error: (01/25/2015 05:16:08 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (01/25/2015 05:04:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.0.5486, faulting module mozalloc.dll, version 35.0.0.5486, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/25/2015 05:04:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 35.0.0.5486, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/25/2015 04:40:50 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.


System errors:
=============
Error: (01/26/2015 10:10:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KDHacker

Error: (01/26/2015 10:10:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft Core Service service failed to start due to the following error:
%%2

Error: (01/25/2015 05:28:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KDHacker

Error: (01/25/2015 05:28:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft Core Service service failed to start due to the following error:
%%2

Error: (01/25/2015 05:28:06 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain TWINHILLSIRON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/25/2015 05:23:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KDHacker

Error: (01/25/2015 05:23:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft Core Service service failed to start due to the following error:
%%2

Error: (01/25/2015 05:23:02 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: No Domain Controller is available for domain TWINHILLSIRON due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (01/25/2015 05:16:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KDHacker

Error: (01/25/2015 05:16:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Kingsoft Core Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/25/2015 05:35:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5486hungapp0.0.0.000000000

Error: (01/25/2015 05:28:06 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:28:06 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:23:02 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:23:02 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:16:08 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:16:08 PM) (Source: Userenv) (EventID: 1054) (User: NT AUTHORITY)
Description: The specified domain either does not exist or could not be contacted.

Error: (01/25/2015 05:04:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.5486mozalloc.dll35.0.0.548600001425

Error: (01/25/2015 05:04:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe35.0.0.5486hungapp0.0.0.000000000

Error: (01/25/2015 04:40:50 PM) (Source: AutoEnrollment) (EventID: 15) (User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 3036.91 MB
Available physical RAM: 1903.41 MB
Total Pagefile: 4926.43 MB
Available Pagefile: 3977.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:73.85 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:148.95 GB) (Free:119.35 GB) NTFS
Drive h: () (Network) (Total:698.08 GB) (Free:621.33 GB)
Drive s: () (Network) (Total:698.08 GB) (Free:621.33 GB)
Drive u: () (Network) (Total:698.08 GB) (Free:621.33 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)

Link to post
Share on other sites

Uninstall Catalina Savings Printer
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Outlook is now corrupt. When I started it, Install wizard popped up. I hit cancel then received this;

 

Cannot start Microsoft Office Outlook. MAPI32.DLL is corrupt of the wrong version. This could have been caused by installing other messaging software. Please reinstall Outlook.

 

It worked correctly prior.

 

www-searching.com still comes up on Chrome, even though homepage is set to google.  Firefox opens two tabs. Let me close and see if it saves the homepage change.

Link to post
Share on other sites

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

As stated previously, it goes through the process and after the reboot it says it didn't work, nothing was changed. Tried it with and without protection. Tried it in Safe Mode also. No luck. Tried several different restore points. No luck.

 

I was able to get Outlook working. One of the folders had permissions wiped out. Had to reassign.

 

As for the other program, All i get s "Runtime Error" with no pointer as to what the cause may be.

 

As for my Web Browsers being locked to a www-searching.com, I found that the shortcut was in control of that via the command line.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.