Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.LameShield and Trojan.Agent.RVGen0X


  • This topic is locked This topic is locked
46 replies to this topic

#1 spud888

spud888

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 01 September 2013 - 07:42 PM

Good Morning

 

I noticed my PC running a lot slower than usual so ran a scan using Malwarebytes.  It came up with various things including the 2 Trojans listed.

 

I'm running Windows XP SP3 with all the latest windows updates.  I've noticed more spam emails lately with zip files attached. I always delete these straight away but it is possible my son may have unknowingly opened one of the zip files.

 

I've run the dds scan and attached the requested files.

 

Looking forward to your assistance.

 

thankyou

 

Lyn

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Lyn at 10:20:52 on 2013-09-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.946 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com.au/
uProxyServer = proxynsw-na.ffx.jfh.com.au:8080
uProxyOverride = <local>;*.local
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\documents and settings\lyn\local settings\application data\toparcadehits\Toparcadehits.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lyn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SmileboxTray] "c:\documents and settings\lyn\application data\smilebox\SmileboxTray.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Spotify Web Helper] "c:\documents and settings\lyn\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatijje.exe /ept "epltarget\P0000000000000000" /M "WF-3520 Series"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\lyn\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341868535984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370872286920
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1095C3D9-36EF-4373-A2D1-7F2ED0FF68D3} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs=   
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 211560]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-7-28 122000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-2 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-2 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-2 22856]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-2 32808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-10 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-1-9 20032]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2010-3-19 1120752]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-10 181344]
.
=============== Created Last 30 ================
.
2013-09-01 23:39:02 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1725892d-2fe2-4df7-a0ab-4326afda387b}\offreg.dll
2013-09-01 23:21:51 -------- d-----w- c:\documents and settings\lyn\application data\Malwarebytes
2013-09-01 23:21:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-09-01 23:21:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-01 23:21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-01 22:55:48 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1725892d-2fe2-4df7-a0ab-4326afda387b}\mpengine.dll
2013-09-01 04:04:36 -------- d-----w- c:\program files\MyPC Backup
2013-09-01 04:02:33 -------- d-----w- c:\documents and settings\lyn\local settings\application data\TopArcadeHits
2013-08-31 11:40:26 7166848 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-27 12:38:01 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-21 10:54:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 10:54:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-21 10:54:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-21 10:54:24 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-18 11:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!! 
.
============= FINISH: 10:22:04.17 ===============
 

 


thanks

 

Lyn


BC AdBot (Login to Remove)

 


#2 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 05 September 2013 - 05:46 AM

Just an update.  I also have the following showing in the Malwarebytes scan;

 

PUP.Datamngr

PUP Optional.DataMngr

Adware.GameVance

PUP.Optional.TopArcadeHits.A

 

None of these were prompted to be removed in the scan results, so I haven't as yet.  I am also getting pop ups now.  Any help would be greatly appreciated.

 

thanks

 

Lyn.  


thanks

 

Lyn


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 8,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 06 September 2013 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506404 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 07 September 2013 - 05:53 AM

Hello and thankyou for your response.  Yes I do still require assistance.  Since my initial post my son has installed something called Snap.do accidentally which was redirecting my chrome browser.  I found a post regarding this on bleeping computer and followed the instructions to run AdwCleaner.  This seemed to fix the issue, but I think it may have started happening again.  I have included the AdwCleaner log below.

 

I have also re-run DDS and included the log below.  I have had problems working out how to attach the zipped attach file for some reason (had no problem in the initial post), so I haven't included this as yet.

 

thankyou

 

Lyn

 

# AdwCleaner v3.002 - Report created 07/09/2013 at 15:32:10
# Updated 01/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Lyn - HOME
# Running from : C:\Documents and Settings\Lyn\Desktop\Bleeping computer sep 13\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\lucky leap
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\Lyn\Application Data\searchresultstb
[!] Folder Deleted : C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Product Deleted : Google Update Helper

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3896 octets] - [07/09/2013 15:26:48]
AdwCleaner[S0].txt - [3480 octets] - [07/09/2013 15:32:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3540 octets] ##########

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Lyn at 20:23:39 on 2013-09-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1066 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\EscSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uProxyServer = proxynsw-na.ffx.jfh.com.au:8080
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lyn\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SmileboxTray] "c:\documents and settings\lyn\application data\smilebox\SmileboxTray.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Spotify Web Helper] "c:\documents and settings\lyn\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [EPLTarget\P0000000000000000] c:\windows\system32\spool\drivers\w32x86\3\e_tatijje.exe /ept "epltarget\P0000000000000000" /M "WF-3520 Series"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341868535984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370872286920
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1095C3D9-36EF-4373-A2D1-7F2ED0FF68D3} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 211560]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2013-7-28 122000]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-2 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-2 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-9-2 22856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-10 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-1-9 20032]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2010-3-19 1120752]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-10 181344]
.
=============== Created Last 30 ================
.
2013-09-07 05:44:10 -------- d-----w- c:\program files\ESET
2013-09-07 05:26:42 -------- d-----w- C:\AdwCleaner
2013-09-07 02:31:48 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-09-06 22:54:20 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef1b3bbd-8d04-46f3-88c3-2a4a7759f0a4}\mpengine.dll
2013-09-05 21:45:04 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-09-02 07:41:30 -------- d-----w- c:\windows\system32\appmgmt
2013-09-02 04:14:50 -------- d-----w- c:\windows\pss
2013-09-01 23:21:51 -------- d-----w- c:\documents and settings\lyn\application data\Malwarebytes
2013-09-01 23:21:33 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-09-01 23:21:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-01 23:21:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-27 12:38:01 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ------w- c:\windows\system32\html.iec
2013-07-21 10:54:28 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 10:54:25 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-21 10:54:24 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-21 10:54:24 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-18 11:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
user != kernel MBR !!!
.
============= FINISH: 20:24:56.84 ===============
 


thanks

 

Lyn


#5 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 11 September 2013 - 07:49 AM

Hello again.

 

Just confirming again that I still require assistance.  It's now been 9 days from my initial post and I can't use my computer for internet banking etc as it isn't secure at the moment.  Any help would be greatly appreciated.

 

thankyou

 

Lyn


thanks

 

Lyn


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 8,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 AM

Posted 11 September 2013 - 07:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#7 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 12 September 2013 - 10:05 AM

Greetings Lyn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure what happened to cause such a lengthy delay but hold on tight because we will be attacking it now!

Please allow me some time to review the information you have provided and I will reply as soon as possible.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 12 September 2013 - 11:21 AM

Hi Lyn,

I want to thank you again for your long suffering patience!

Did you set this Proxy or does it look familiar to you?

uProxyServer = proxynsw-na.ffx.jfh.com.au:8080


Please run these programs for me.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the Proxy Server?
  • Combofix log
  • Farbar logs (2)

Edited by Oh My, 12 September 2013 - 11:22 AM.

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 13 September 2013 - 08:02 AM

Good Morning Gary!  It's a pleasure to meet you.

 

Thank you for your response.  Yes I do recognise the proxy.  This computer is imaged from a work build so that is why that is there.

 

Please find the logs requested below;

 

ComboFix 13-09-13.01 - Lyn 13/09/2013  22:26:42.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1398 [GMT 10:00]
Running from: c:\documents and settings\Lyn\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\windows\TEMP\logishrd\LVPrcInj01.dll
F:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-13 to 2013-09-13  )))))))))))))))))))))))))))))))
.
.
2013-09-12 04:12 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E965A3F-D767-4BF7-A484-C5C5CD8C32D1}\mpengine.dll
2013-09-09 22:04 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-07 11:08 . 2013-09-07 11:08 -------- d-----w- c:\documents and settings\Lyn\Application Data\MPC
2013-09-07 11:06 . 2013-09-07 11:06 -------- d-----w- c:\documents and settings\Lyn\.JxBrowser
2013-09-07 11:06 . 2013-09-07 11:06 -------- d-----w- c:\documents and settings\Lyn\.digilabs
2013-09-07 11:05 . 2013-09-07 11:05 -------- d-----w- c:\program files\Holding Stock
2013-09-07 05:44 . 2013-09-07 05:44 -------- d-----w- c:\program files\ESET
2013-09-07 05:26 . 2013-09-07 05:32 -------- d-----w- C:\AdwCleaner
2013-09-07 02:31 . 2013-09-07 02:31 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-09-01 23:21 . 2013-09-01 23:21 -------- d-----w- c:\documents and settings\Lyn\Application Data\Malwarebytes
2013-09-01 23:21 . 2013-09-01 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-01 23:21 . 2013-04-04 04:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-01 23:21 . 2013-09-01 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-27 12:38 . 2013-08-27 12:41 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 02:47 . 2004-08-12 13:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-12 13:21 43520 ------w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-12 13:19 385024 ------w- c:\windows\system32\html.iec
2013-07-21 10:54 . 2013-07-21 10:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 10:54 . 2013-07-21 10:54 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-07-21 10:54 . 2013-05-22 11:29 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-21 10:54 . 2013-05-22 11:29 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-10 10:37 . 2004-08-12 13:31 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-12 13:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-18 11:50 . 2012-03-20 10:44 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileboxTray"="c:\documents and settings\Lyn\Application Data\Smilebox\SmileboxTray.exe" [2013-09-03 309544]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"Spotify Web Helper"="c:\documents and settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-07-08 1104384]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE" [2012-02-26 249440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-07-09 502952]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-07-09 863400]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-04-02 1058912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2013-3-21 49254]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\Lyn\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Epson Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [28/07/2013 4:19 PM 122000]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/09/2013 9:21 AM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/09/2013 9:21 AM 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [10/01/2013 10:29 PM 83168]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [9/01/2013 7:52 PM 20032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/09/2013 9:21 AM 22856]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [19/03/2010 10:46 PM 1120752]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [10/01/2013 10:29 PM 181344]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003Core.job
- c:\documents and settings\Lyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-06 06:22]
.
2013-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003UA.job
- c:\documents and settings\Lyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-06 06:22]
.
2013-09-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 08:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = proxynsw-na.ffx.jfh.com.au:8080
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-13 22:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
c:\program files\TechSmith\SnagIt 8\SnagPriv.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-09-13  22:41:38 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-13 12:41
.
Pre-Run: 17,598,205,952 bytes free
Post-Run: 19,609,366,528 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3D6E999B5FAEB1F26052A571A4AE036A
5C616939100B85E558DA92B899A0FC36
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013
Ran by Lyn (administrator) on HOME on 13-09-2013 22:50:29
Running from C:\Documents and Settings\Lyn\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Smilebox, Inc.) C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Spotify Ltd) C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
() C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2009-08-03] (Analog Devices, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [StatusClient 2.6] - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2003-10-04] (Hewlett-Packard)
HKLM\...\Run: [TomcatStartup 2.5] - C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [184320 2004-04-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [SmileboxTray] - C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe [309544 2013-09-03] (Smilebox, Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION)
HKCU\...\Policies\Explorer: [NoDrives] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: proxynsw-na.ffx.jfh.com.au:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {8A1A3D3F-EE22-452D-A3B7-FA61458E57BC} URL = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\DOCUME~1\Lyn\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 
========================== Services (Whitelisted) =================
 
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-06-29] ()
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-06-06] (Broadcom Corporation)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-05-01] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-05-01] (Logitech Inc.)
R3 catchme; \??\C:\DOCUME~1\Lyn\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\Lyn\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-13 22:50 - 2013-09-13 22:50 - 00000000 ____D C:\FRST
2013-09-13 22:49 - 2013-09-13 22:49 - 01082459 _____ (Farbar) C:\Documents and Settings\Lyn\Desktop\FRST.exe
2013-09-13 22:41 - 2013-09-13 22:41 - 00013983 _____ C:\ComboFix.txt
2013-09-13 22:23 - 2013-09-13 22:23 - 00000000 _RSHD C:\cmdcons
2013-09-13 22:23 - 2013-09-02 15:25 - 00000211 _____ C:\Boot.bak
2013-09-13 22:23 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-09-13 22:21 - 2013-09-13 22:41 - 00000000 ____D C:\Qoobox
2013-09-13 22:21 - 2013-09-13 22:40 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-13 22:21 - 2011-06-26 16:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-13 22:21 - 2010-11-08 03:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-13 22:21 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-13 22:21 - 2000-08-31 10:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-13 22:17 - 2013-09-13 22:18 - 05125578 ____R (Swearware) C:\Documents and Settings\Lyn\Desktop\ComboFix.exe
2013-09-09 21:24 - 2013-09-09 21:30 - 00000000 ____D C:\Documents and Settings\Lyn\Desktop\usa holiday
2013-09-07 21:08 - 2013-09-07 21:08 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\MPC
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Documents and Settings\Lyn\.JxBrowser
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Documents and Settings\Lyn\.digilabs
2013-09-07 21:05 - 2013-09-07 21:05 - 00001713 _____ C:\Documents and Settings\All Users\Desktop\Holding Stock.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 ____D C:\Program Files\Holding Stock
2013-09-07 20:39 - 2013-09-07 20:39 - 00004741 _____ C:\Documents and Settings\Lyn\Desktop\attach.zip
2013-09-07 15:44 - 2013-09-07 15:44 - 00000000 ____D C:\Program Files\ESET
2013-09-07 15:26 - 2013-09-07 15:32 - 00000000 ____D C:\AdwCleaner
2013-09-07 12:31 - 2013-09-07 12:31 - 00000884 __RSH C:\Documents and Settings\Lyn\ntuser.pol
2013-09-07 12:31 - 2013-09-07 12:31 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-02 17:41 - 2013-09-02 17:41 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-02 14:14 - 2013-09-02 14:15 - 00000000 ____D C:\WINDOWS\pss
2013-09-02 14:09 - 2013-09-02 14:10 - 00054872 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-09-02 10:22 - 2013-09-07 20:25 - 00020827 _____ C:\Documents and Settings\Lyn\Desktop\attach.txt
2013-09-02 10:22 - 2013-09-07 20:24 - 00011482 _____ C:\Documents and Settings\Lyn\Desktop\dds.txt
2013-09-02 10:22 - 2013-09-07 20:22 - 00000000 ____D C:\Documents and Settings\Lyn\Desktop\Bleeping computer sep 13
2013-09-02 09:21 - 2013-09-02 09:21 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Malwarebytes
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-02 09:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-01 14:03 - 2013-09-01 14:03 - 00000819 _____ C:\Documents and Settings\Lyn\Desktop\Install NET Traffic Meter.lnk
2013-09-01 14:02 - 2013-09-01 14:02 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Mozilla
2013-08-27 22:41 - 2013-08-27 22:41 - 00012369 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-27 22:38 - 2013-08-27 22:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-27 22:37 - 2013-08-27 22:37 - 00005796 _____ C:\WINDOWS\KB2863058.log
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-27 22:36 - 2013-08-27 22:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-27 09:45 - 2013-08-27 22:37 - 00011979 _____ C:\WINDOWS\KB2859537.log
2013-08-27 09:45 - 2013-08-27 22:37 - 00010378 _____ C:\WINDOWS\KB2850869.log
2013-08-19 12:26 - 2013-09-13 22:43 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
 
==================== One Month Modified Files and Folders =======
 
2013-09-13 22:50 - 2013-09-13 22:50 - 00000000 ____D C:\FRST
2013-09-13 22:49 - 2013-09-13 22:49 - 01082459 _____ (Farbar) C:\Documents and Settings\Lyn\Desktop\FRST.exe
2013-09-13 22:48 - 2012-07-09 14:38 - 01932675 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-13 22:43 - 2013-08-19 12:26 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-09-13 22:41 - 2013-09-13 22:41 - 00013983 _____ C:\ComboFix.txt
2013-09-13 22:41 - 2013-09-13 22:21 - 00000000 ____D C:\Qoobox
2013-09-13 22:40 - 2013-09-13 22:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-13 22:34 - 2004-08-12 23:34 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-13 22:34 - 2004-08-12 23:30 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-13 22:33 - 2012-10-08 16:38 - 00000000 ____D C:\MDT
2013-09-13 22:33 - 2012-07-10 00:23 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-13 22:33 - 2012-07-10 00:23 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-13 22:33 - 2012-07-09 14:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-13 22:32 - 2012-07-09 14:48 - 00000278 ___SH C:\Documents and Settings\Lyn\ntuser.ini
2013-09-13 22:23 - 2013-09-13 22:23 - 00000000 _RSHD C:\cmdcons
2013-09-13 22:23 - 2012-07-10 00:17 - 00000327 __RSH C:\boot.ini
2013-09-13 22:21 - 2012-07-09 14:42 - 00032616 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-13 22:18 - 2013-09-13 22:17 - 05125578 ____R (Swearware) C:\Documents and Settings\Lyn\Desktop\ComboFix.exe
2013-09-13 21:52 - 2012-09-06 16:22 - 00000970 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003UA.job
2013-09-13 18:52 - 2012-09-06 16:22 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003Core.job
2013-09-13 05:30 - 2012-07-09 15:19 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-09-10 15:32 - 2012-07-09 14:48 - 00000000 ____D C:\Documents and Settings\Lyn
2013-09-09 21:30 - 2013-09-09 21:24 - 00000000 ____D C:\Documents and Settings\Lyn\Desktop\usa holiday
2013-09-09 14:13 - 2012-10-28 16:21 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Smilebox
2013-09-07 22:12 - 2013-03-20 21:17 - 00010752 _____ C:\Documents and Settings\Lyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-07 21:17 - 2012-07-09 14:36 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-09-07 21:08 - 2013-09-07 21:08 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\MPC
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Documents and Settings\Lyn\.JxBrowser
2013-09-07 21:06 - 2013-09-07 21:06 - 00000000 ____D C:\Documents and Settings\Lyn\.digilabs
2013-09-07 21:05 - 2013-09-07 21:05 - 00001713 _____ C:\Documents and Settings\All Users\Desktop\Holding Stock.lnk
2013-09-07 21:05 - 2013-09-07 21:05 - 00000000 ____D C:\Program Files\Holding Stock
2013-09-07 20:39 - 2013-09-07 20:39 - 00004741 _____ C:\Documents and Settings\Lyn\Desktop\attach.zip
2013-09-07 20:25 - 2013-09-02 10:22 - 00020827 _____ C:\Documents and Settings\Lyn\Desktop\attach.txt
2013-09-07 20:24 - 2013-09-02 10:22 - 00011482 _____ C:\Documents and Settings\Lyn\Desktop\dds.txt
2013-09-07 20:22 - 2013-09-02 10:22 - 00000000 ____D C:\Documents and Settings\Lyn\Desktop\Bleeping computer sep 13
2013-09-07 18:53 - 2013-02-18 20:15 - 00303291 _____ C:\WINDOWS\setupapi.log
2013-09-07 15:44 - 2013-09-07 15:44 - 00000000 ____D C:\Program Files\ESET
2013-09-07 15:32 - 2013-09-07 15:26 - 00000000 ____D C:\AdwCleaner
2013-09-07 14:41 - 2012-07-10 00:10 - 00000000 ____D C:\WINDOWS\system
2013-09-07 12:47 - 2013-07-16 17:38 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\.minecraft
2013-09-07 12:33 - 2013-07-16 17:39 - 00000065 _____ C:\moduleName.txt
2013-09-07 12:31 - 2013-09-07 12:31 - 00000884 __RSH C:\Documents and Settings\Lyn\ntuser.pol
2013-09-07 12:31 - 2013-09-07 12:31 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-06 08:22 - 2013-08-06 22:19 - 00000000 ____D C:\Documents and Settings\Lyn\My Documents\Medical
2013-09-05 17:56 - 2012-09-06 16:24 - 00002268 _____ C:\Documents and Settings\Lyn\Desktop\Google Chrome.lnk
2013-09-02 17:41 - 2013-09-02 17:41 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-09-02 17:41 - 2012-09-06 19:35 - 00000000 ____D C:\Program Files\Hewlett-Packard
2013-09-02 17:40 - 2012-09-24 19:25 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-02 17:37 - 2012-10-20 16:55 - 00000000 ____D C:\Documents and Settings\Lyn\My Documents\Recipes
2013-09-02 15:25 - 2013-09-13 22:23 - 00000211 _____ C:\Boot.bak
2013-09-02 15:25 - 2004-08-12 23:33 - 00000603 _____ C:\WINDOWS\win.ini
2013-09-02 15:11 - 2012-10-11 22:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2756822$
2013-09-02 14:15 - 2013-09-02 14:14 - 00000000 ____D C:\WINDOWS\pss
2013-09-02 14:10 - 2013-09-02 14:09 - 00054872 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-09-02 09:21 - 2013-09-02 09:21 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Malwarebytes
2013-09-02 09:21 - 2013-09-02 09:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-09-01 14:03 - 2013-09-01 14:03 - 00000819 _____ C:\Documents and Settings\Lyn\Desktop\Install NET Traffic Meter.lnk
2013-09-01 14:02 - 2013-09-01 14:02 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Mozilla
2013-09-01 14:01 - 2012-07-10 00:10 - 00000000 ____D C:\WINDOWS\Resources
2013-08-28 14:56 - 2013-03-21 19:50 - 00000000 ____D C:\Documents and Settings\Lyn\My Documents\Aeroskin
2013-08-28 05:54 - 2012-07-10 14:27 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-27 22:41 - 2013-08-27 22:41 - 00012369 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-27 22:41 - 2013-08-27 22:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-27 22:41 - 2012-07-10 00:20 - 01266342 _____ C:\WINDOWS\iis6.log
2013-08-27 22:41 - 2012-07-10 00:20 - 01155376 _____ C:\WINDOWS\FaxSetup.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00561501 _____ C:\WINDOWS\ocgen.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00531101 _____ C:\WINDOWS\tsoc.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00395072 _____ C:\WINDOWS\comsetup.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00356308 _____ C:\WINDOWS\msmqinst.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00237395 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00202819 _____ C:\WINDOWS\netfxocm.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00080634 _____ C:\WINDOWS\MedCtrOC.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00063885 _____ C:\WINDOWS\ocmsn.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00058946 _____ C:\WINDOWS\tabletoc.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00057880 _____ C:\WINDOWS\msgsocm.log
2013-08-27 22:41 - 2012-07-10 00:20 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-27 22:41 - 2012-07-09 14:54 - 00161080 _____ C:\WINDOWS\updspapi.log
2013-08-27 22:37 - 2013-08-27 22:37 - 00005796 _____ C:\WINDOWS\KB2863058.log
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-27 22:37 - 2013-08-27 22:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-27 22:37 - 2013-08-27 09:45 - 00011979 _____ C:\WINDOWS\KB2859537.log
2013-08-27 22:37 - 2013-08-27 09:45 - 00010378 _____ C:\WINDOWS\KB2850869.log
2013-08-27 22:37 - 2012-07-10 09:14 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-27 22:37 - 2012-07-10 09:13 - 00023532 _____ C:\WINDOWS\system32\TZLog.log
2013-08-27 22:37 - 2012-07-10 00:20 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-27 22:36 - 2013-08-27 22:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-27 22:35 - 2012-07-10 00:20 - 00492720 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-25 17:30 - 2013-07-28 16:20 - 00000000 ____D C:\Documents and Settings\Lyn\Application Data\Epson
2013-08-19 12:16 - 2012-07-10 10:37 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2013-08-19 12:16 - 2012-07-10 10:36 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-15 07:56 - 2012-09-06 19:31 - 00000000 ____D C:\Installs
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013
Ran by Lyn at 2013-09-13 22:51:23
Running from C:\Documents and Settings\Lyn\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
Adobe Acrobat 5.0 (Version: 5.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Display Driver (Version: 8.391-070626a1-049709C-ATI)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Canon MP Navigator EX 1.0
CanoScan 8800F
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Dell Resource CD (Version: 1.00.0000)
DirectX 9 Runtime (Version: 1.00.0000)
Epson Connect Printer Setup (Version: 1.1.1)
Epson Event Manager (Version: 3.01.0007)
Epson FAX Utility (Version: 1.31.00)
Epson Network Guide WF-3520 Series
Epson PC-FAX Driver
EPSON Scan
Epson User's Guide WF-3520 Series
EPSON WF-3520 Series Printer Uninstall
EpsonNet Print (Version: 2.6.0)
ESET Online Scanner v3
Google Chrome (HKCU Version: 29.0.1547.66)
Holding Stock (Version: 8.3.2556)
hp LaserJet-all-in-one
iTunes (Version: 10.7.0.21)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
LaserAIO (Version: 1.00.0000)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Player Codec Pack 4.2.2 (Version: 4.2.2)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Office Outlook 2003 (Version: 11.0.8173.0)
Microsoft Office XP Standard (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
PowerDVD (Version: 7.0)
QFolder (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3.56.24)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.349)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Scan (Version: 3.5.0.0)
Smilebox (HKCU Version: 1.1.1.1)
SnagIt 8 (Version: 8.2.3)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SoundMAX (Version: 5.10.01.7265)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
 
==================== Restore Points  =========================
 
07-09-2013 23:43:26 Software Distribution Service 3.0
08-09-2013 23:57:21 System Checkpoint
09-09-2013 22:04:19 Software Distribution Service 3.0
10-09-2013 22:07:25 System Checkpoint
12-09-2013 04:12:02 Software Distribution Service 3.0
13-09-2013 04:34:40 System Checkpoint
13-09-2013 12:48:05 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2004-08-12 23:19 - 2013-09-13 22:33 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003Core.job => C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003UA.job => C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Loaded Modules (whitelisted) =============
 
2004-08-12 23:22 - 2008-04-14 05:40 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2013-09-13 22:48 - 2013-08-06 17:28 - 07166848 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{65C958A9-8B0A-4A46-B7D3-D0D8D88A392F}\mpengine.dll
2013-07-28 16:08 - 2011-04-19 04:03 - 00095232 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TLBJJE.DLL
2013-07-28 16:19 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2013-07-28 16:19 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2003-11-17 17:12 - 2003-11-17 17:12 - 00073728 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppcappm.dll
2002-04-10 09:19 - 2002-04-10 09:19 - 00392192 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTKRN11n.dll
2002-04-10 09:19 - 2002-04-10 09:19 - 00118784 _____ (LEAD Technologies, Inc.) C:\WINDOWS\system32\LTFIL11n.DLL
2002-08-19 22:50 - 2002-08-19 22:50 - 00040960 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPBMMON.DLL
2002-05-03 15:40 - 2002-05-03 15:40 - 00058368 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpdomon.dll
2002-05-03 15:40 - 2002-05-03 15:40 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2013-03-21 22:21 - 2001-03-15 04:18 - 00020584 ____N (Adobe Systems Incorporated.) C:\WINDOWS\system32\pdfports.dll
2013-03-21 22:21 - 2001-03-15 04:18 - 00065536 ____N () C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
2003-07-24 17:15 - 2003-07-24 17:15 - 00063488 _____ (Hewlett-Packard Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL
2012-09-06 16:21 - 2008-07-06 22:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00073064 _____ (Apple Inc.) C:\WINDOWS\system32\dnssd.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 17:40 - 2012-12-20 17:40 - 00250368 _____ (Windows ® Codename Longhorn DDK provider) C:\Program Files\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00241664 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Library\FUDRVUTL.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00262144 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FULEPP.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00022016 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00303104 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUSVCCLT.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00085504 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\EbpD4Fax.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00335872 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Library\FUPRBDEV.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00786432 _____ (SEIKO EPSON) C:\Program Files\Epson Software\FAX Utility\Library\ENCM.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00299008 _____ (SEIKO EPSON) C:\Program Files\Epson Software\FAX Utility\Library\ENUTIL.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00278528 _____ (SEIKO EPSON) C:\Program Files\Epson Software\FAX Utility\Library\ENNW.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Library\FUDEVCOM.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00229376 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Library\FUSNMPUT.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUUSBHLP.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00385024 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXLDB.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00278528 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXCFG.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00438272 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXCSR.DLL
2013-07-28 16:20 - 2012-07-09 01:00 - 00421888 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUIMGCDC.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00212992 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUADRFIL.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUSTMMSG.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00253952 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUVERDLG.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00090112 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2013-07-28 16:20 - 2012-07-09 01:00 - 00536576 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXTIF.dll
2013-07-28 16:20 - 2012-07-09 02:00 - 00106496 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 00291328 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\LcMgr.dll
2011-04-14 09:16 - 2011-04-14 09:16 - 00136704 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\ScanEngine30.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00055808 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ScnMgr10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00206336 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ScnCom10.dll
2011-04-14 09:25 - 2011-04-14 09:25 - 00082944 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ScnEps25.dll
2012-04-02 11:15 - 2012-04-02 11:15 - 00110080 _____ (SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\epnsm.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 00049152 _____ (SEIKO EPSON CORP.) C:\Program Files\Epson Software\Event Manager\ESPSUTL.dll
2013-07-28 16:19 - 2011-12-12 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2012-09-06 17:26 - 2012-09-06 17:26 - 09639624 ____R (Adobe Systems, Inc.) C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx
2012-12-20 11:31 - 2012-12-20 11:31 - 00081408 _____ (Samsung) C:\Program Files\Samsung\Kies\Common\Kies.Common.Util.dll
2012-12-18 09:35 - 2012-12-18 09:35 - 00034816 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2012-12-20 17:41 - 2012-12-20 17:41 - 12976640 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2012-12-20 11:31 - 2012-12-20 11:31 - 00572416 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2012-12-18 09:35 - 2012-12-18 09:35 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2012-12-18 09:35 - 2012-12-18 09:35 - 00378880 _____ (MSC) C:\Program Files\Samsung\Kies\Common\Kies.Interface.dll
2012-12-20 07:59 - 2012-12-20 07:59 - 01018880 _____ (MSC) C:\Program Files\Samsung\Kies\Locale\Kies.Locale.dll
2012-12-20 11:33 - 2012-12-20 11:33 - 00169472 _____ (Samsung) C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.DeviceManagement.dll
2012-12-18 09:08 - 2012-12-18 09:08 - 00307200 _____ ( MarkAny.) C:\Program Files\Samsung\Kies\External\MACSSDK.dll
2012-12-18 09:07 - 2012-12-18 09:07 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2013-07-28 16:16 - 2011-12-21 02:00 - 00100864 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TAUDJJE.DLL
2013-07-28 16:16 - 2012-06-25 02:00 - 00183808 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TMAIJJE.DLL
2013-07-28 16:16 - 2012-07-05 03:00 - 01367040 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TUICJJE.DLL
2012-09-06 19:35 - 2012-09-06 19:35 - 00802901 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
2012-09-06 19:35 - 2012-09-06 19:35 - 00028776 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
2012-09-06 19:35 - 2012-09-06 19:35 - 00053342 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll
2012-09-06 19:35 - 2012-09-06 19:35 - 00094308 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll
2012-09-06 19:35 - 2012-09-06 19:35 - 00053349 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll
2012-09-06 19:35 - 2012-09-06 19:35 - 00032864 _____ () C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll
2012-09-06 19:36 - 2003-06-17 07:52 - 00074752 _____ () C:\WINDOWS\system32\jst.dll
2013-09-05 17:56 - 2013-09-03 06:34 - 47074256 _____ (Google Inc.) C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-05 17:56 - 2013-09-03 06:35 - 09962960 _____ (The ICU Project) C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-05 17:56 - 2013-09-03 06:35 - 04053456 _____ () C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 17:56 - 2013-09-03 06:35 - 00410576 _____ () C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 17:56 - 2013-09-03 06:35 - 02110928 _____ (Google Inc.) C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-05 17:56 - 2013-09-03 06:35 - 01604560 _____ () C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2013 10:19:23 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (09/07/2013 07:32:03 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/07/2013 00:59:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/06/2013 09:57:12 PM) (Source: Microsoft Office 11) (User: )
Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a62000193ad2
 
Error: (07/25/2013 08:23:12 PM) (Source: Microsoft Office 11) (User: )
Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a620001966c3
 
Error: (07/24/2013 05:29:25 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (07/16/2013 08:14:07 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (07/15/2013 06:13:05 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (07/07/2013 09:09:21 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/03/2013 08:20:42 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
System errors:
=============
Error: (09/13/2013 10:33:52 PM) (Source: 0) (User: )
Description: 
 
Error: (09/13/2013 10:21:30 PM) (Source: Service Control Manager) (User: )
Description: The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/13/2013 09:29:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 09:29:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 08:29:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 08:29:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 07:29:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 07:29:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 06:29:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942403
 
Error: (09/13/2013 06:29:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942403
 
 
Microsoft Office Sessions:
=========================
Error: (09/13/2013 10:19:23 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.215.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (09/07/2013 07:32:03 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (09/07/2013 00:59:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/06/2013 09:57:12 PM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a62000193ad2
 
Error: (07/25/2013 08:23:12 PM) (Source: Microsoft Office 11)(User: )
Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a620001966c3
 
Error: (07/24/2013 05:29:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23487001568a1
 
Error: (07/16/2013 08:14:07 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23487001568a1
 
Error: (07/15/2013 06:13:05 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23487001568a1
 
Error: (07/07/2013 09:09:21 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (07/03/2013 08:20:42 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 46%
Total physical RAM: 2045.54 MB
Available physical RAM: 1096.15 MB
Total Pagefile: 3938.27 MB
Available Pagefile: 3201.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.47 GB) (Free:18.18 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (DATAPART1) (Fixed) (Total:74.5 GB) (Free:74.34 GB) NTFS
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:21.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: AA07AA07)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 75 GB) (Disk ID: 9F6C99F4)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 000C9D58)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 


thanks

 

Lyn


#10 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 13 September 2013 - 08:09 AM

Hi again

 

Just noticed the following in my the bottom of my chrome window;

 

FRST.exe

Failed - Virus scan failed

 

Thought I'd let you know.  Not sure if this is a problem.

 

thanks

 

Lyn

 


thanks

 

Lyn


#11 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 13 September 2013 - 08:51 AM

Hi Lyn,

Thanks for all the information. Please do these things for me.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Type the following in the Search Field
At*.job
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • How is your computer running?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 14 September 2013 - 12:31 AM

Hi Gary

 

I've run the search in FRST and log is below.  I also downloaded and ran TFC.  Unfortunately it hung at;

 

Getting user folders.

Stopping running processes.

 

I left it for over 4 hours and it didn't respond.  I had to hard boot the PC to get it running again.  I haven't tried running TFC again until I was advised to do so.

 

thanks

 

Lyn

 

 

 

 

Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04
Ran by Lyn at 2013-09-14 09:27:15
Running from C:\Documents and Settings\Lyn\Desktop
Boot Mode: Normal
 
================== Search: "At*.job" ===================
 
=== End Of Search ===

 


thanks

 

Lyn


#13 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 14 September 2013 - 03:22 PM

Hi Lyn,

Let's run another scan please.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL log
  • Extra log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 spud888

spud888
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 14 September 2013 - 06:48 PM

Hi Gary

 

Here are the requested logs;

 

OTL logfile created on: 15/09/2013 8:39:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Lyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.01% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.13 Gb Free Space | 24.35% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.34 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Lyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/09/15 08:36:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lyn\Desktop\OTL.exe
PRC - [2013/09/03 19:19:52 | 000,309,544 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe
PRC - [2013/09/03 06:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/07/21 20:54:26 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/09 08:03:04 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/20 17:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/12/20 17:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/09/06 19:35:53 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2012/07/09 17:01:12 | 000,863,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2012/07/09 17:01:10 | 000,502,952 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/04/02 15:44:14 | 001,058,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2012/02/27 08:02:02 | 000,249,440 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIJJE.EXE
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/01 11:12:10 | 000,075,336 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
PRC - [2007/05/01 11:12:10 | 000,058,952 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2007/05/01 11:11:48 | 006,395,464 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/10/20 17:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2003/10/04 03:52:50 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2001/03/15 04:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/09/03 06:35:56 | 000,410,576 | ---- | M] () -- C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/03 06:35:54 | 004,053,456 | ---- | M] () -- C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/03 06:35:01 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/28 05:55:51 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/27 22:41:15 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\14d1a28674a9f78c5759e7dcf74a13fd\System.Configuration.ni.dll
MOD - [2013/08/27 22:38:50 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/27 22:37:47 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\2bd89ed2dc0f585328fd1ac4c5a206dd\System.Core.ni.dll
MOD - [2013/08/27 22:37:24 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a283b4d76562af1ff279d465f5488d8c\PresentationFramework.ni.dll
MOD - [2013/08/27 22:36:55 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\6c1a100fe556c7d391f4d1681ab3c615\PresentationCore.ni.dll
MOD - [2013/08/27 22:36:34 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\64441cc39259974a2c3cdf0702a8beb3\WindowsBase.ni.dll
MOD - [2013/08/27 22:36:15 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/08/27 22:35:09 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/07/26 23:43:03 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/12/20 17:41:18 | 012,976,640 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/12/20 11:31:44 | 000,572,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/12/18 09:35:44 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/12/18 09:35:06 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/12/18 09:07:10 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2012/09/06 19:35:54 | 000,053,349 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\zip.dll
MOD - [2012/09/06 19:35:54 | 000,053,342 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\verify.dll
MOD - [2012/09/06 19:35:53 | 000,802,901 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hotspot\jvm.dll
MOD - [2012/09/06 19:35:53 | 000,094,308 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\java.dll
MOD - [2012/09/06 19:35:53 | 000,032,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\net.dll
MOD - [2012/09/06 19:35:53 | 000,028,776 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\hpi.dll
MOD - [2012/09/06 19:35:53 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/06/17 07:52:48 | 000,074,752 | ---- | M] () -- C:\WINDOWS\system32\jst.dll
MOD - [2002/05/03 15:40:32 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001/03/15 04:18:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/21 20:54:26 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2010/03/19 22:46:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Lyn\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/18 09:06:00 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/09/20 14:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/20 14:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 09:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 08:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/05/01 08:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/06/27 11:58:17 | 002,303,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\..\SearchScopes\{8A1A3D3F-EE22-452D-A3B7-FA61458E57BC}: "URL" = http://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxynsw-na.ffx.jfh.com.au:8080
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013/09/01 14:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lyn\Application Data\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Documents and Settings\Lyn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/09/13 22:33:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIJJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003..\Run: [SmileboxTray] C:\Documents and Settings\Lyn\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\Lyn\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341868535984 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1370872286920 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1095C3D9-36EF-4373-A2D1-7F2ED0FF68D3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/09 14:39:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/15 08:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lyn\Desktop\OTL.exe
[2013/09/14 15:27:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/14 09:30:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lyn\Desktop\TFC.exe
[2013/09/14 09:25:40 | 001,083,285 | ---- | C] (Farbar) -- C:\Documents and Settings\Lyn\Desktop\FRST.exe
[2013/09/13 22:50:24 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/13 22:23:34 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/13 22:21:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/13 22:21:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/13 22:21:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/13 22:21:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/13 22:21:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/13 22:21:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/13 22:17:40 | 005,125,578 | R--- | C] (Swearware) -- C:\Documents and Settings\Lyn\Desktop\ComboFix.exe
[2013/09/09 21:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\Desktop\usa holiday
[2013/09/07 21:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\Application Data\MPC
[2013/09/07 21:06:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\.JxBrowser
[2013/09/07 21:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\.digilabs
[2013/09/07 21:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Holding Stock
[2013/09/07 21:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Holding Stock
[2013/09/07 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/07 15:26:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/07 12:31:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/02 17:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/09/02 14:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/02 10:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\Desktop\Bleeping computer sep 13
[2013/09/02 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\Application Data\Malwarebytes
[2013/09/02 09:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/02 09:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/02 09:21:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/02 09:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/01 14:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lyn\Application Data\Mozilla
[2013/09/01 14:01:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Lyn\Start Menu\Programs\Administrative Tools
[2013/08/27 22:38:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/15 08:36:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lyn\Desktop\OTL.exe
[2013/09/15 08:18:48 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/15 08:09:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/15 08:08:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/14 20:52:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003UA.job
[2013/09/14 18:52:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1085031214-725345543-1003Core.job
[2013/09/14 17:08:50 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Lyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2013/09/14 15:23:35 | 000,007,480 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/14 09:30:47 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lyn\Desktop\TFC.exe
[2013/09/14 09:26:09 | 001,083,285 | ---- | M] (Farbar) -- C:\Documents and Settings\Lyn\Desktop\FRST.exe
[2013/09/13 22:33:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/13 22:23:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/13 22:18:59 | 005,125,578 | R--- | M] (Swearware) -- C:\Documents and Settings\Lyn\Desktop\ComboFix.exe
[2013/09/07 22:12:53 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Lyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/07 21:05:47 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Holding Stock.lnk
[2013/09/07 20:39:10 | 000,004,741 | ---- | M] () -- C:\Documents and Settings\Lyn\Desktop\attach.zip
[2013/09/07 12:31:50 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Lyn\ntuser.pol
[2013/09/05 17:56:32 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\Lyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/05 17:56:32 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\Lyn\Desktop\Google Chrome.lnk
[2013/09/02 15:25:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/09/02 09:44:53 | 000,373,897 | ---- | M] () -- C:\Documents and Settings\Lyn\Desktop\malwarebytes scan results 2sep13.jpg
[2013/09/02 09:21:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/01 14:03:43 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Lyn\Desktop\Install NET Traffic Meter.lnk
[2013/08/28 05:38:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Lyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/08/27 22:37:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/27 22:35:34 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/27 22:35:34 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/26 21:30:29 | 000,060,585 | ---- | M] () -- C:\Documents and Settings\Lyn\My Documents\Aeroskin drawing.pdf
[2013/08/25 17:32:39 | 000,165,272 | ---- | M] () -- C:\Documents and Settings\Lyn\My Documents\AIG Proposal Form - Aeroskin Pty Ltd.pdf
[2013/08/23 12:06:53 | 000,059,636 | ---- | M] () -- C:\Documents and Settings\Lyn\Desktop\outbind___3_.pdf
[2013/08/19 12:16:13 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/13 22:23:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/13 22:23:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/13 22:21:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/13 22:21:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/13 22:21:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/13 22:21:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/13 22:21:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/07 21:05:47 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Holding Stock.lnk
[2013/09/07 20:39:10 | 000,004,741 | ---- | C] () -- C:\Documents and Settings\Lyn\Desktop\attach.zip
[2013/09/07 12:31:50 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Lyn\ntuser.pol
[2013/09/02 09:44:52 | 000,373,897 | ---- | C] () -- C:\Documents and Settings\Lyn\Desktop\malwarebytes scan results 2sep13.jpg
[2013/09/02 09:21:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/01 14:03:43 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Lyn\Desktop\Install NET Traffic Meter.lnk
[2013/08/26 21:30:25 | 000,060,585 | ---- | C] () -- C:\Documents and Settings\Lyn\My Documents\Aeroskin drawing.pdf
[2013/08/25 17:32:35 | 000,165,272 | ---- | C] () -- C:\Documents and Settings\Lyn\My Documents\AIG Proposal Form - Aeroskin Pty Ltd.pdf
[2013/08/23 12:06:50 | 000,059,636 | ---- | C] () -- C:\Documents and Settings\Lyn\Desktop\outbind___3_.pdf
[2013/08/19 12:26:03 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/29 22:21:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/06/12 15:57:49 | 000,051,504 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/03/21 22:21:43 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2013/03/21 22:21:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2013/03/20 21:17:39 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Lyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/19 08:34:18 | 000,000,063 | ---- | C] () -- C:\WINDOWS\SYMGAMES.INI
[2012/12/18 09:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/12/18 09:06:06 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/12/18 09:06:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/12/18 09:06:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/12/18 09:06:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/09/06 19:36:16 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2012/09/06 19:36:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2012/09/06 19:34:22 | 000,013,438 | ---- | C] () -- C:\WINDOWS\hpbins01.dat
[2012/09/06 19:34:22 | 000,001,380 | ---- | C] () -- C:\WINDOWS\hpbmdl01.dat
[2012/09/06 19:34:21 | 000,000,768 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2012/09/06 19:33:18 | 000,011,974 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2012/09/06 17:32:51 | 000,038,461 | ---- | C] () -- C:\Documents and Settings\Lyn\Application Data\Comma Separated Values (DOS).ADR
[2012/08/21 13:15:22 | 003,978,240 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/08/21 13:14:04 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/08/21 13:12:48 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/08/21 13:12:34 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/08/21 13:12:32 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/08/21 13:12:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/08/21 13:12:28 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/08/21 13:12:28 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/08/21 13:12:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/08/21 13:12:24 | 000,330,240 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/07/20 04:56:08 | 000,172,544 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/07/20 04:56:02 | 006,894,331 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/07/20 04:56:02 | 001,111,581 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/07/20 04:56:02 | 000,401,685 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/07/20 04:56:02 | 000,232,895 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/07/20 04:56:02 | 000,162,743 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll
[2012/07/20 04:56:02 | 000,101,820 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-0.dll
[2012/07/10 15:39:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/07/10 14:36:31 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/07/10 07:57:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/10 00:20:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/10 00:18:20 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/09 15:19:06 | 000,007,480 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/09 14:40:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/09 14:36:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/06/18 07:15:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2012/06/18 07:14:58 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2012/06/18 07:14:42 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2012/05/13 08:42:16 | 001,272,320 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll
[2012/05/13 08:42:16 | 000,146,432 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll
[2011/12/08 05:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
 
========== ZeroAccess Check ==========
 
[2012/07/10 14:27:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/21 05:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 22:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >
 
OTL Extras logfile created on: 15/09/2013 8:39:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Lyn\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.01% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 18.13 Gb Free Space | 24.35% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 74.34 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: Lyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Documents and Settings\Lyn\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Lyn\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe" = C:\Program Files\Epson Software\ECPrinterSetup\ENPApp.exe:*:Enabled:Epson Connect Printer Setup -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4805" = CanoScan 8800F
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{32F39156-EDDB-4585-B49D-61B81E61F8E0}" = Holding Stock
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}" = Epson Event Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DD23CAA4-8872-4B95-B263-EA46FD82CF19}" = LaserAIO
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WF-3520 Series" = EPSON WF-3520 Series Printer Uninstall
"ESET Online Scanner" = ESET Online Scanner v3
"hp LaserJet-all-in-one" = hp LaserJet-all-in-one
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"WF-3520 Series Netg" = Epson Network Guide WF-3520 Series
"WF-3520 Series Useg" = Epson User's Guide WF-3520 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1644491937-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Smilebox" = Smilebox
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/07/2013 6:20:42 PM | Computer Name = HOME | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 6/07/2013 7:09:21 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 15/07/2013 4:13:05 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
 
Error - 16/07/2013 6:14:07 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
 
Error - 24/07/2013 3:29:25 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.23487, fault address 0x001568a1.
 
Error - 25/07/2013 6:23:12 AM | Computer Name = HOME | Source = Microsoft Office 11 | ID = 1000
Description = 
 
Error - 6/08/2013 7:57:12 AM | Computer Name = HOME | Source = Microsoft Office 11 | ID = 1000
Description = 
 
Error - 6/09/2013 10:59:19 PM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/09/2013 5:32:03 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 13/09/2013 8:19:23 AM | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
[ System Events ]
Error - 13/09/2013 7:32:32 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in 
15000 milliseconds: Restart the service.
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly.  It has done 
this 1 time(s).
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Epson Scanner Service service terminated unexpectedly.  It has
 done this 1 time(s).
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The MBAMScheduler service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly.  It has done 
this 1 time(s).
 
Error - 13/09/2013 7:32:34 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 14/09/2013 1:23:44 AM | Computer Name = HOME | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
 
Error - 14/09/2013 6:08:59 PM | Computer Name = HOME | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
 
 
< End of report >
 

thanks

 

Lyn


thanks

 

Lyn


#15 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:57 AM

Posted 14 September 2013 - 07:27 PM

Hi Lyn,

Please run this.

===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
:Commands
[emptytemp]
[emptyjava]
[emptyflash]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL log
  • How is your computer running. What are you experiencing?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users