Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG keeps spamming rpcss.dll virus warning. What do I do?


  • This topic is locked This topic is locked
25 replies to this topic

#1 MariGoddy

MariGoddy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 03 February 2014 - 03:00 PM

I tried reading through possible solutions prior to posting but I'm not certain they exactly fit my issues. There seem to be two things on my machine that cannot be detected nor removed by AVG:

 

1) A remnant of what I think is a blaster worm that keeps popping up a countdown to shutdown my PC, citing NT Authority failure. Running "shutdown -a" stops the countdown but it does not remove the cause of the issue.

 

2) A virus warning from AVG which sources rpcss.dll...then any other program I open. 

 

My problems started with an itunes update, and while I believe the adware is gone, I'm currently unsure what else can be done.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 03 February 2014 - 03:59 PM





Hello MariGoddy

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 03 February 2014 - 08:25 PM

I ran the Farbar tool and this is what showed up in the  FRST.txt log. I am not sure what happened to the addition log since my screen did flood with AVG warnings (again for rpcss.dll) while running the tool. Trying to figure out if it may have been quarantined by mistake.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Mari Goddy (administrator) on MARI-PC on 03-02-2014 20:19:04
Running from C:\Documents and Settings\Mari Goddy\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
ATTENTION: If processes are not listed WMI should be repaired.
 
 
==================== Processes (Whitelisted) ===================
 
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [lxduamon] - C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2008-09-10] ()
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065896 2012-03-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-11-01] (RealNetworks, Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15711008 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [209184 2013-11-11] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-11-11] ()
HKLM\...\Run: [NvBackend] - C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - D:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {3FF656B9-1EE7-4B18-99A1-5BBB8C3F492D} URL = http://search.conduit.com/Results.aspx?ctid=CT3300033&SearchSource=45&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://my.yahoo.com/index.html#
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Screen Capture Plugin) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.1_0\plugins/screen_capture.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - D:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Raidcall plugin) - C:\Documents and Settings\Mari Goddy\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (BitTorrent DNA Plug-in) - C:\Program Files\BitTorrent_DNA\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File
CHR Plugin: (DivX® Content Upload Plugin) - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (iTunes Application Detector) - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-01-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18]
CHR Extension: (Google Search) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18]
CHR Extension: (AT_MEcko) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk [2010-12-08]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-13]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files\DefaultTab\DefaultTab.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx [2013-08-14]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-07-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-07-19] (Logitech Inc.)
S2 lxduCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2008-05-23] (Lexmark International, Inc.)
R2 lxdu_device; C:\WINDOWS\system32\lxducoms.exe [594600 2008-05-23] ( )
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [648488 2008-09-14] (Cisco Systems, Inc.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SkypeUpdate; D:\Program Files\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)
S3 usnjsvc; C:\Program Files\Windows Live\Messenger\usnsvc.exe [98328 2007-10-18] (Microsoft Corporation)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4019072 2006-09-20] (Realtek Semiconductor Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [610816 2007-06-26] (Broadcom Corporation)
S3 BEFCMV3XP; C:\WINDOWS\System32\DRIVERS\BEFCM3XP.sys [14336 2003-04-29] (Linksys Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-07-26] (Logitech Inc.)
S3 LHidUsbK; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [36736 2006-05-10] (Logitech, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109592 2007-07-19] (Logitech Inc.)
R3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-07-19] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2007-07-18] ()
R3 lvselsus; C:\WINDOWS\System32\DRIVERS\lvselsus.sys [66456 2008-07-26] (Logitech Inc.)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-10] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [23992 2008-09-14] (Pure Networks, Inc.)
R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [25272 2008-09-14] (Pure Networks, Inc.)
S3 RT80x86; C:\WINDOWS\System32\DRIVERS\RT2860.sys [1323040 2010-02-04] (Ralink Technology, Corp.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA))
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [685816 2007-09-22] ()
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-22] (VIA Technologies, Inc.)
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2005-01-05] (VIA Technologies, Inc.)
S3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [11264 2004-11-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-22] (VIA Technologies,Inc)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GTNDIS5; \??\C:\PROGRA~1\LINKSY~1\GTNDIS5.SYS [X]
S4 IntelIde; No ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 WinRing0_1_2_0; \??\D:\Program Files\Game Booster 3\Driver\WinRing0.sys [X]
U3 apqyo8xf; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-03 20:19 - 2014-02-03 20:19 - 00021448 _____ () C:\Documents and Settings\Mari Goddy\Desktop\FRST.txt
2014-02-03 20:18 - 2014-02-03 20:18 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Desktop\FRST-OlderVersion
2014-01-31 19:39 - 2014-01-31 19:39 - 00030328 _____ () C:\ComboFix.txt
2014-01-31 19:27 - 2014-01-31 19:27 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00008192 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-31 19:19 - 2014-01-31 19:19 - 00000000 _RSHD () C:\cmdcons
2014-01-31 19:19 - 2012-11-12 18:58 - 00000211 _____ () C:\Boot.bak
2014-01-31 19:19 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-01-31 19:17 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-01-31 19:17 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-01-31 19:17 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-01-31 19:17 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-01-31 19:16 - 2014-01-31 19:40 - 00000000 ____D () C:\Qoobox
2014-01-31 19:16 - 2014-01-31 19:37 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-31 19:13 - 2014-01-31 19:13 - 05177551 ____R (Swearware) C:\Documents and Settings\Mari Goddy\Desktop\ComboFix.exe
2014-01-31 19:07 - 2014-02-03 20:19 - 00000000 ____D () C:\FRST
2014-01-31 19:07 - 2014-02-03 20:18 - 01137152 _____ (Farbar) C:\Documents and Settings\Mari Goddy\Desktop\FRST.exe
2014-01-24 16:00 - 2014-01-24 16:00 - 00000000 ____D () C:\Program Files\DolbyAxon
2014-01-24 16:00 - 2014-01-24 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dolby Axon
2014-01-24 16:00 - 2013-08-02 14:05 - 02262960 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.CommandBars.v13.0.0.ocx
2014-01-24 16:00 - 2013-08-02 14:05 - 00571312 _____ (Codejock Software) C:\WINDOWS\system32\Codejock.SkinFramework.Unicode.v13.0.0.ocx
2014-01-24 15:03 - 2014-01-24 15:07 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Firestorm
2014-01-24 14:59 - 2014-01-24 14:59 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
2014-01-24 14:59 - 2014-01-24 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta
2014-01-23 12:24 - 2014-01-31 19:31 - 00000000 ____D () C:\Avenger
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Malwarebytes
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-23 11:53 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-22 13:06 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-22 13:06 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-22 13:06 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-22 13:06 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-22 13:05 - 2014-01-22 13:06 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-15 20:08 - 2014-01-15 20:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 20:08 - 2014-01-15 20:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 20:07 - 2014-01-15 20:08 - 00006549 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 13:27 - 2014-01-15 13:27 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\Second Life Viewer.lnk
2014-01-15 13:27 - 2014-01-15 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Second Life Viewer
2014-01-14 09:09 - 2014-01-25 01:16 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Filter Forge 4
2014-01-14 09:05 - 2014-01-25 01:22 - 00000618 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Filter Forge 4.lnk
2014-01-14 09:05 - 2014-01-25 01:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Filter Forge 4
2014-01-14 09:05 - 2006-11-10 17:41 - 01030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp-xfw.dll
2014-01-12 07:06 - 2014-01-12 07:06 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-01-12 05:08 - 2014-01-12 05:08 - 00000798 _____ () C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-01-12 05:08 - 2014-01-12 05:08 - 00000733 _____ () C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-01-11 02:59 - 2014-01-11 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
2014-01-10 11:00 - 2014-01-12 10:38 - 00445546 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-10 11:00 - 2014-01-12 10:38 - 00445546 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-839522115-1363534659-1004-0.dat
2014-01-08 18:07 - 2014-01-08 18:07 - 00000000 ____D () C:\$AVG-SHREDDER-TMP-9b43316a-107a-4301-be7e-b804a8c5196f
2014-01-06 03:00 - 2014-01-06 03:02 - 00012349 _____ () C:\WINDOWS\KB2898785-IE8.log
2014-01-06 00:11 - 2013-10-29 02:57 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-01-06 00:11 - 2013-10-29 02:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-01-05 09:30 - 2014-01-05 09:30 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\PCHealth
2014-01-05 04:35 - 2014-01-05 04:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-01-05 04:28 - 2014-01-05 04:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-01-05 04:26 - 2014-01-05 04:26 - 00140837 _____ () C:\WINDOWS\KB2659262.log
2014-01-05 04:26 - 2014-01-05 04:26 - 00139024 _____ () C:\WINDOWS\KB2564958.log
2014-01-05 04:26 - 2014-01-05 04:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-01-05 04:26 - 2014-01-05 04:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-01-05 04:22 - 2014-01-05 04:22 - 00140174 _____ () C:\WINDOWS\KB2536276-v2.log
2014-01-05 04:22 - 2014-01-05 04:22 - 00137362 _____ () C:\WINDOWS\KB2834886.log
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-01-05 04:21 - 2014-01-05 04:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-01-05 04:21 - 2014-01-05 04:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-01-05 04:18 - 2014-01-05 04:18 - 00136352 _____ () C:\WINDOWS\KB2900986.log
2014-01-05 04:18 - 2014-01-05 04:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-01-05 04:14 - 2014-01-05 04:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-01-05 03:42 - 2014-01-05 03:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-01-05 03:42 - 2014-01-05 03:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-01-05 03:41 - 2014-01-05 03:41 - 00136644 _____ () C:\WINDOWS\KB2686509.log
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-01-05 03:40 - 2014-01-05 03:41 - 00136206 _____ () C:\WINDOWS\KB2862335.log
2014-01-05 03:39 - 2014-01-05 03:39 - 00133248 _____ () C:\WINDOWS\KB2834904-v2.log
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-01-05 03:37 - 2014-01-05 03:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-05 03:37 - 2014-01-05 03:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-01-05 03:36 - 2014-01-05 03:37 - 00134261 _____ () C:\WINDOWS\KB2904266.log
2014-01-05 03:36 - 2014-01-05 03:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-01-05 03:29 - 2014-01-05 03:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-01-05 03:28 - 2014-01-05 03:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-01-05 03:27 - 2014-01-05 03:27 - 00016105 _____ () C:\WINDOWS\KB2592799.log
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-01-05 03:25 - 2014-01-05 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-01-05 03:24 - 2014-01-05 03:24 - 00015552 _____ () C:\WINDOWS\KB2807986.log
2014-01-05 03:24 - 2014-01-05 03:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-01-05 03:24 - 2014-01-05 03:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-01-05 03:21 - 2014-01-05 03:21 - 00016820 _____ () C:\Documents and Settings\Mari Goddy\Desktop\Worm refence.odt
2014-01-05 03:19 - 2014-01-05 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-01-05 03:18 - 2014-01-05 03:19 - 00014130 _____ () C:\WINDOWS\KB2868038.log
2014-01-05 03:18 - 2014-01-05 03:18 - 00014057 _____ () C:\WINDOWS\KB2603381.log
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-01-05 03:17 - 2014-01-06 03:02 - 00011176 _____ () C:\WINDOWS\updspapi.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00014511 _____ () C:\WINDOWS\KB2698365.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00012471 _____ () C:\WINDOWS\KB2723135-v2.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-01-05 03:16 - 2014-01-05 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-01-05 03:16 - 2014-01-05 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-01-05 03:02 - 2014-01-05 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-01-05 03:01 - 2014-01-15 20:08 - 00365643 _____ () C:\WINDOWS\iis6.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00346247 _____ () C:\WINDOWS\FaxSetup.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00165536 _____ () C:\WINDOWS\ocgen.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00157976 _____ () C:\WINDOWS\tsoc.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00114778 _____ () C:\WINDOWS\comsetup.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00102958 _____ () C:\WINDOWS\msmqinst.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00069567 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00060648 _____ () C:\WINDOWS\netfxocm.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00023800 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00019152 _____ () C:\WINDOWS\ocmsn.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00017416 _____ () C:\WINDOWS\tabletoc.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00017304 _____ () C:\WINDOWS\msgsocm.log
2014-01-05 03:01 - 2014-01-15 20:08 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-05 03:01 - 2014-01-06 03:02 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-01-05 03:01 - 2014-01-05 03:02 - 00011491 _____ () C:\WINDOWS\KB2661637.log
2014-01-05 03:01 - 2014-01-05 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-01-05 03:01 - 2014-01-05 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-01-04 22:19 - 2014-01-05 04:35 - 00151363 _____ () C:\WINDOWS\KB2868626.log
2014-01-04 22:19 - 2014-01-05 04:29 - 00152962 _____ () C:\WINDOWS\KB2712808.log
2014-01-04 22:15 - 2014-01-05 04:22 - 00149867 _____ () C:\WINDOWS\KB2758857.log
2014-01-04 22:13 - 2014-01-05 04:22 - 00149767 _____ () C:\WINDOWS\KB2544893-v2.log
2014-01-04 22:13 - 2014-01-05 04:22 - 00149231 _____ () C:\WINDOWS\KB2585542.log
2014-01-04 22:10 - 2014-01-05 04:21 - 00148630 _____ () C:\WINDOWS\KB2691442.log
2014-01-04 22:09 - 2014-01-05 04:21 - 00148163 _____ () C:\WINDOWS\KB2631813.log
2014-01-04 22:09 - 2014-01-05 03:25 - 00022120 _____ () C:\WINDOWS\KB2876331.log
2014-01-04 22:09 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-01-04 22:08 - 2014-01-05 03:39 - 00145249 _____ () C:\WINDOWS\KB2780091.log
2014-01-04 22:08 - 2014-01-05 03:29 - 00142540 _____ () C:\WINDOWS\KB2864063.log
2014-01-04 22:06 - 2014-01-05 04:14 - 00146683 _____ () C:\WINDOWS\KB2847311.log
2014-01-04 22:06 - 2014-01-05 03:25 - 00022877 _____ () C:\WINDOWS\KB2859537.log
2014-01-04 22:05 - 2014-01-05 03:36 - 00143045 _____ () C:\WINDOWS\KB2876217.log
2014-01-04 22:04 - 2014-01-05 03:41 - 00144232 _____ () C:\WINDOWS\KB2898715.log
2014-01-04 22:04 - 2014-01-05 03:37 - 00142650 _____ () C:\WINDOWS\KB2845187.log
2014-01-04 22:04 - 2014-01-05 03:27 - 00022465 _____ () C:\WINDOWS\KB2850869.log
2014-01-04 22:03 - 2014-01-05 03:42 - 00146702 _____ () C:\WINDOWS\KB2802968.log
2014-01-04 22:01 - 2014-01-05 03:42 - 00147225 _____ () C:\WINDOWS\KB2655992.log
2014-01-04 22:01 - 2014-01-05 03:41 - 00145548 _____ () C:\WINDOWS\KB2598479.log
2014-01-04 22:00 - 2014-01-05 03:39 - 00144624 _____ () C:\WINDOWS\KB2507938.log
2014-01-04 22:00 - 2014-01-05 03:28 - 00024922 _____ () C:\WINDOWS\KB2719985.log
2014-01-04 21:59 - 2014-01-05 03:27 - 00021701 _____ () C:\WINDOWS\KB2862152.log
2014-01-04 21:47 - 2014-01-05 03:18 - 00023019 _____ () C:\WINDOWS\KB2820917.log
2014-01-04 21:47 - 2014-01-05 03:18 - 00022542 _____ () C:\WINDOWS\KB2653956.log
2014-01-04 21:47 - 2014-01-05 03:18 - 00022206 _____ () C:\WINDOWS\KB2757638.log
2014-01-04 21:47 - 2014-01-05 03:18 - 00020209 _____ () C:\WINDOWS\KB2893294.log
2014-01-04 21:46 - 2014-01-05 03:17 - 00022142 _____ () C:\WINDOWS\KB2749655.log
2014-01-04 21:46 - 2014-01-05 03:17 - 00020628 _____ () C:\WINDOWS\KB2619339.log
2014-01-04 21:46 - 2014-01-05 03:17 - 00020084 _____ () C:\WINDOWS\KB2893984.log
2014-01-04 21:46 - 2014-01-05 03:17 - 00018992 _____ () C:\WINDOWS\KB2892075.log
2014-01-04 21:45 - 2014-01-05 03:17 - 00021265 _____ () C:\WINDOWS\KB2705219-v2.log
2014-01-04 21:45 - 2014-01-05 03:17 - 00019582 _____ () C:\WINDOWS\KB2727528.log
2014-01-04 21:45 - 2014-01-05 03:16 - 00021023 _____ () C:\WINDOWS\KB2813345.log
2014-01-04 21:45 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-01-04 21:45 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-01-04 21:45 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-01-04 21:44 - 2014-01-05 03:16 - 00023578 _____ () C:\WINDOWS\KB2676562.log
2014-01-04 21:35 - 2014-01-05 03:02 - 00019414 _____ () C:\WINDOWS\KB2620712.log
2014-01-04 21:35 - 2012-01-11 14:06 - 00003072 ____N () C:\WINDOWS\system32\iacenc.dll
2014-01-04 21:35 - 2012-01-11 14:06 - 00003072 ____C () C:\WINDOWS\system32\dllcache\iacenc.dll
2014-01-04 21:33 - 2014-01-05 03:01 - 00018927 _____ () C:\WINDOWS\KB2584146.log
2014-01-04 20:41 - 2014-01-06 08:12 - 00001549 _____ () C:\WINDOWS\xpsp1hfm.log
2014-01-04 18:12 - 2014-01-04 18:12 - 00028672 _____ () C:\WINDOWS\system32\cmdy.bzt
2014-01-04 18:02 - 2014-02-03 15:53 - 00000080 _____ () C:\WINDOWS\system32\shreewc.yhw
2014-01-04 09:50 - 2014-01-04 18:12 - 00000095 _____ () C:\WINDOWS\system32\cntmue.uko
2014-01-04 09:50 - 2014-01-04 09:50 - 00000064 _____ () C:\WINDOWS\system32\ozplu.jet
2014-01-04 09:34 - 2014-01-04 09:34 - 00101213 ____S () C:\WINDOWS\system32\bcdwfv.twm
 
==================== One Month Modified Files and Folders =======
 
2014-02-03 20:19 - 2014-02-03 20:19 - 00021448 _____ () C:\Documents and Settings\Mari Goddy\Desktop\FRST.txt
2014-02-03 20:19 - 2014-01-31 19:07 - 00000000 ____D () C:\FRST
2014-02-03 20:18 - 2014-02-03 20:18 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Desktop\FRST-OlderVersion
2014-02-03 20:18 - 2014-01-31 19:07 - 01137152 _____ (Farbar) C:\Documents and Settings\Mari Goddy\Desktop\FRST.exe
2014-02-03 20:17 - 2010-03-10 00:19 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-839522115-1363534659-1004UA.job
2014-02-03 20:03 - 2012-09-10 20:29 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-03 19:30 - 2010-01-29 09:33 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 18:46 - 2007-09-22 15:12 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Adobe
2014-02-03 18:42 - 2011-10-16 15:10 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Firestorm
2014-02-03 18:33 - 2013-09-23 13:24 - 00009994 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-02-03 17:18 - 2012-11-10 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-02-03 16:30 - 2010-01-29 09:33 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 15:53 - 2014-01-04 18:02 - 00000080 _____ () C:\WINDOWS\system32\shreewc.yhw
2014-02-03 15:52 - 2010-02-24 19:55 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-03 15:18 - 2007-09-22 09:50 - 01640030 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-03 15:07 - 2012-07-21 20:35 - 01127560 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-02-03 15:07 - 2012-07-21 20:35 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-02-03 14:44 - 2013-01-13 16:07 - 00000310 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-02-03 14:43 - 2013-01-13 16:07 - 00000318 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-02-03 14:42 - 2013-01-10 22:11 - 00000288 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-02-03 14:42 - 2012-01-08 13:16 - 00000288 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-02-03 14:42 - 2007-09-22 05:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-03 14:42 - 2007-09-22 05:36 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-02-03 14:41 - 2007-09-22 09:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-03 14:40 - 2008-09-15 12:36 - 00000000 ____C () C:\WINDOWS\system32\Drivers\logiflt.iad
2014-02-03 14:40 - 2008-07-14 22:55 - 00000000 ____C () C:\WINDOWS\system32\Drivers\lvuvc.hs
2014-02-03 04:45 - 2007-09-22 13:41 - 00000278 ___SH () C:\Documents and Settings\Mari Goddy\ntuser.ini
2014-02-03 04:45 - 2007-09-22 09:54 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-03 02:30 - 2012-07-21 20:35 - 01127560 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-02-03 02:17 - 2010-03-10 00:19 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-839522115-1363534659-1004Core.job
2014-02-02 20:12 - 2013-01-10 22:11 - 00000296 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-02-02 20:09 - 2004-08-04 07:00 - 00001374 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-01 17:54 - 2013-07-03 15:08 - 00431809 _____ () C:\WINDOWS\setupapi.log
2014-02-01 12:59 - 2007-09-22 13:41 - 00000000 ____D () C:\Documents and Settings\Mari Goddy
2014-01-31 19:43 - 2007-09-22 09:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-01-31 19:40 - 2014-01-31 19:16 - 00000000 ____D () C:\Qoobox
2014-01-31 19:40 - 2007-09-22 09:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-01-31 19:39 - 2014-01-31 19:39 - 00030328 _____ () C:\ComboFix.txt
2014-01-31 19:37 - 2014-01-31 19:16 - 00000000 ____D () C:\WINDOWS\erdnt
2014-01-31 19:31 - 2014-01-23 12:24 - 00000000 ____D () C:\Avenger
2014-01-31 19:31 - 2004-08-04 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-01-31 19:28 - 2007-09-22 05:31 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-01-31 19:28 - 2007-09-22 05:31 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-01-31 19:28 - 2007-09-22 05:30 - 49283072 _____ () C:\WINDOWS\system32\config\software.bak
2014-01-31 19:28 - 2007-09-22 05:30 - 17301504 _____ () C:\WINDOWS\system32\config\system.bak
2014-01-31 19:28 - 2007-09-22 05:30 - 01048576 _____ () C:\WINDOWS\system32\config\default.bak
2014-01-31 19:27 - 2014-01-31 19:27 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00008192 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-01-31 19:27 - 2014-01-31 19:27 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-31 19:19 - 2014-01-31 19:19 - 00000000 _RSHD () C:\cmdcons
2014-01-31 19:19 - 2007-09-22 05:30 - 00000327 __RSH () C:\boot.ini
2014-01-31 19:13 - 2014-01-31 19:13 - 05177551 ____R (Swearware) C:\Documents and Settings\Mari Goddy\Desktop\ComboFix.exe
2014-01-31 13:08 - 2012-08-09 00:01 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-31 13:08 - 2011-07-26 16:29 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-31 13:08 - 2007-09-22 15:13 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Adobe
2014-01-30 22:01 - 2010-08-13 22:52 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-01-29 20:36 - 2013-07-29 15:43 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\vlc
2014-01-29 18:05 - 2011-01-17 15:50 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\SecondLife
2014-01-29 03:20 - 2013-01-13 16:07 - 00000336 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job
2014-01-27 17:14 - 2007-09-22 14:05 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Skype
2014-01-26 01:29 - 2007-09-29 15:48 - 00244736 _____ () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-25 01:22 - 2014-01-14 09:05 - 00000618 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Filter Forge 4.lnk
2014-01-25 01:22 - 2014-01-14 09:05 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Filter Forge 4
2014-01-25 01:16 - 2014-01-14 09:09 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Filter Forge 4
2014-01-24 16:00 - 2014-01-24 16:00 - 00000000 ____D () C:\Program Files\DolbyAxon
2014-01-24 16:00 - 2014-01-24 16:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dolby Axon
2014-01-24 15:07 - 2014-01-24 15:03 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Firestorm
2014-01-24 14:59 - 2014-01-24 14:59 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Firestorm-Beta.lnk
2014-01-24 14:59 - 2014-01-24 14:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Firestorm-Beta
2014-01-23 12:24 - 2013-11-04 08:04 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\defaulttab
2014-01-23 12:24 - 2007-09-22 05:24 - 00000000 ____D () C:\WINDOWS\dell
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\Malwarebytes
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-23 11:53 - 2014-01-23 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-01-22 13:06 - 2014-01-22 13:05 - 00005134 _____ () C:\WINDOWS\system32\jupdate-1.7.0_51-b13.log
2014-01-22 13:06 - 2007-09-22 12:19 - 00000000 ____D () C:\Program Files\Java
2014-01-16 09:09 - 2007-09-26 12:44 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-15 20:11 - 2014-01-15 20:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 20:08 - 2014-01-15 20:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 20:08 - 2014-01-15 20:07 - 00006549 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00365643 _____ () C:\WINDOWS\iis6.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00346247 _____ () C:\WINDOWS\FaxSetup.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00165536 _____ () C:\WINDOWS\ocgen.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00157976 _____ () C:\WINDOWS\tsoc.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00114778 _____ () C:\WINDOWS\comsetup.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00102958 _____ () C:\WINDOWS\msmqinst.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00069567 _____ () C:\WINDOWS\ntdtcsetup.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00060648 _____ () C:\WINDOWS\netfxocm.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00023800 _____ () C:\WINDOWS\MedCtrOC.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00019152 _____ () C:\WINDOWS\ocmsn.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00017416 _____ () C:\WINDOWS\tabletoc.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00017304 _____ () C:\WINDOWS\msgsocm.log
2014-01-15 20:08 - 2014-01-05 03:01 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-01-15 20:08 - 2007-09-22 17:44 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 15:04 - 2013-06-26 00:28 - 00012060 _____ () C:\WINDOWS\wmsetup.log
2014-01-15 13:27 - 2014-01-15 13:27 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\Second Life Viewer.lnk
2014-01-15 13:27 - 2014-01-15 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Second Life Viewer
2014-01-15 11:54 - 2012-01-08 13:49 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-14 11:30 - 2008-03-25 15:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Downloaders
2014-01-12 10:38 - 2014-01-10 11:00 - 00445546 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-12 10:38 - 2014-01-10 11:00 - 00445546 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-839522115-1363534659-1004-0.dat
2014-01-12 07:06 - 2014-01-12 07:06 - 00010498 _____ () C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-01-12 05:09 - 2013-05-11 22:06 - 00001377 _____ () C:\Documents and Settings\Mari Goddy\Desktop\DivX Movies.lnk
2014-01-12 05:09 - 2013-01-25 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DivX
2014-01-12 05:09 - 2007-09-25 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-01-12 05:08 - 2014-01-12 05:08 - 00000798 _____ () C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-01-12 05:08 - 2014-01-12 05:08 - 00000733 _____ () C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-01-12 05:08 - 2013-01-28 01:28 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-01-12 05:08 - 2013-01-28 01:27 - 00000000 ____D () C:\Program Files\DivX
2014-01-12 05:08 - 2007-09-26 00:29 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Application Data\DivX
2014-01-11 14:08 - 2012-06-30 11:13 - 00000058 ___HC () C:\WINDOWS\popcreg.dat
2014-01-11 14:08 - 2012-06-30 11:13 - 00000020 ____C () C:\WINDOWS\popcinfot.dat
2014-01-11 13:31 - 2009-09-20 10:39 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Desktop\Wriitten stuff
2014-01-11 13:29 - 2009-04-02 13:21 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Desktop\Three Color
2014-01-11 02:59 - 2014-01-11 02:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
2014-01-08 18:07 - 2014-01-08 18:07 - 00000000 ____D () C:\$AVG-SHREDDER-TMP-9b43316a-107a-4301-be7e-b804a8c5196f
2014-01-06 08:12 - 2014-01-04 20:41 - 00001549 _____ () C:\WINDOWS\xpsp1hfm.log
2014-01-06 04:21 - 2008-12-14 01:05 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-01-06 03:02 - 2014-01-06 03:00 - 00012349 _____ () C:\WINDOWS\KB2898785-IE8.log
2014-01-06 03:02 - 2014-01-05 03:17 - 00011176 _____ () C:\WINDOWS\updspapi.log
2014-01-06 03:02 - 2014-01-05 03:01 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-01-06 03:02 - 2009-08-30 21:16 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-01-05 15:13 - 2007-09-22 05:33 - 00674932 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-05 09:30 - 2014-01-05 09:30 - 00000000 ____D () C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\PCHealth
2014-01-05 09:25 - 2008-07-23 09:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-05 09:25 - 2007-09-22 05:31 - 01662208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-05 04:35 - 2014-01-05 04:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-01-05 04:35 - 2014-01-04 22:19 - 00151363 _____ () C:\WINDOWS\KB2868626.log
2014-01-05 04:29 - 2014-01-04 22:19 - 00152962 _____ () C:\WINDOWS\KB2712808.log
2014-01-05 04:28 - 2014-01-05 04:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2014-01-05 04:26 - 2014-01-05 04:26 - 00140837 _____ () C:\WINDOWS\KB2659262.log
2014-01-05 04:26 - 2014-01-05 04:26 - 00139024 _____ () C:\WINDOWS\KB2564958.log
2014-01-05 04:26 - 2014-01-05 04:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2014-01-05 04:26 - 2014-01-05 04:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2014-01-05 04:22 - 2014-01-05 04:22 - 00140174 _____ () C:\WINDOWS\KB2536276-v2.log
2014-01-05 04:22 - 2014-01-05 04:22 - 00137362 _____ () C:\WINDOWS\KB2834886.log
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2758857$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2585542$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-01-05 04:22 - 2014-01-05 04:22 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-01-05 04:22 - 2014-01-04 22:15 - 00149867 _____ () C:\WINDOWS\KB2758857.log
2014-01-05 04:22 - 2014-01-04 22:13 - 00149767 _____ () C:\WINDOWS\KB2544893-v2.log
2014-01-05 04:22 - 2014-01-04 22:13 - 00149231 _____ () C:\WINDOWS\KB2585542.log
2014-01-05 04:22 - 2007-09-22 15:17 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-01-05 04:21 - 2014-01-05 04:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2014-01-05 04:21 - 2014-01-05 04:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2014-01-05 04:21 - 2014-01-04 22:10 - 00148630 _____ () C:\WINDOWS\KB2691442.log
2014-01-05 04:21 - 2014-01-04 22:09 - 00148163 _____ () C:\WINDOWS\KB2631813.log
2014-01-05 04:18 - 2014-01-05 04:18 - 00136352 _____ () C:\WINDOWS\KB2900986.log
2014-01-05 04:18 - 2014-01-05 04:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-01-05 04:14 - 2014-01-05 04:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-01-05 04:14 - 2014-01-04 22:06 - 00146683 _____ () C:\WINDOWS\KB2847311.log
2014-01-05 03:42 - 2014-01-05 03:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2802968$
2014-01-05 03:42 - 2014-01-05 03:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2655992$
2014-01-05 03:42 - 2014-01-04 22:03 - 00146702 _____ () C:\WINDOWS\KB2802968.log
2014-01-05 03:42 - 2014-01-04 22:01 - 00147225 _____ () C:\WINDOWS\KB2655992.log
2014-01-05 03:41 - 2014-01-05 03:41 - 00136644 _____ () C:\WINDOWS\KB2686509.log
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2014-01-05 03:41 - 2014-01-05 03:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2014-01-05 03:41 - 2014-01-05 03:40 - 00136206 _____ () C:\WINDOWS\KB2862335.log
2014-01-05 03:41 - 2014-01-04 22:04 - 00144232 _____ () C:\WINDOWS\KB2898715.log
2014-01-05 03:41 - 2014-01-04 22:01 - 00145548 _____ () C:\WINDOWS\KB2598479.log
2014-01-05 03:41 - 2009-04-06 02:31 - 00008567 _____ () C:\WINDOWS\system32\lvcoinst.log
2014-01-05 03:39 - 2014-01-05 03:39 - 00133248 _____ () C:\WINDOWS\KB2834904-v2.log
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2014-01-05 03:39 - 2014-01-05 03:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2014-01-05 03:39 - 2014-01-04 22:08 - 00145249 _____ () C:\WINDOWS\KB2780091.log
2014-01-05 03:39 - 2014-01-04 22:00 - 00144624 _____ () C:\WINDOWS\KB2507938.log
2014-01-05 03:37 - 2014-01-05 03:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-05 03:37 - 2014-01-05 03:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2845187$
2014-01-05 03:37 - 2014-01-05 03:36 - 00134261 _____ () C:\WINDOWS\KB2904266.log
2014-01-05 03:37 - 2014-01-04 22:04 - 00142650 _____ () C:\WINDOWS\KB2845187.log
2014-01-05 03:37 - 2007-09-22 19:04 - 00503398 _____ () C:\WINDOWS\system32\TZLog.log
2014-01-05 03:36 - 2014-01-05 03:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-01-05 03:36 - 2014-01-04 22:05 - 00143045 _____ () C:\WINDOWS\KB2876217.log
2014-01-05 03:29 - 2014-01-05 03:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-01-05 03:29 - 2014-01-04 22:08 - 00142540 _____ () C:\WINDOWS\KB2864063.log
2014-01-05 03:28 - 2014-01-05 03:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2719985$
2014-01-05 03:28 - 2014-01-04 22:00 - 00024922 _____ () C:\WINDOWS\KB2719985.log
2014-01-05 03:28 - 2010-08-03 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-01-05 03:27 - 2014-01-05 03:27 - 00016105 _____ () C:\WINDOWS\KB2592799.log
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2014-01-05 03:27 - 2014-01-05 03:27 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2592799$
2014-01-05 03:27 - 2014-01-04 22:04 - 00022465 _____ () C:\WINDOWS\KB2850869.log
2014-01-05 03:27 - 2014-01-04 21:59 - 00021701 _____ () C:\WINDOWS\KB2862152.log
2014-01-05 03:25 - 2014-01-05 03:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-01-05 03:25 - 2014-01-04 22:09 - 00022120 _____ () C:\WINDOWS\KB2876331.log
2014-01-05 03:25 - 2014-01-04 22:06 - 00022877 _____ () C:\WINDOWS\KB2859537.log
2014-01-05 03:24 - 2014-01-05 03:24 - 00015552 _____ () C:\WINDOWS\KB2807986.log
2014-01-05 03:24 - 2014-01-05 03:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-01-05 03:24 - 2014-01-05 03:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2014-01-05 03:21 - 2014-01-05 03:21 - 00016820 _____ () C:\Documents and Settings\Mari Goddy\Desktop\Worm refence.odt
2014-01-05 03:19 - 2014-01-05 03:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-01-05 03:19 - 2014-01-05 03:18 - 00014130 _____ () C:\WINDOWS\KB2868038.log
2014-01-05 03:18 - 2014-01-05 03:18 - 00014057 _____ () C:\WINDOWS\KB2603381.log
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2757638$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2014-01-05 03:18 - 2014-01-05 03:18 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2014-01-05 03:18 - 2014-01-04 21:47 - 00023019 _____ () C:\WINDOWS\KB2820917.log
2014-01-05 03:18 - 2014-01-04 21:47 - 00022542 _____ () C:\WINDOWS\KB2653956.log
2014-01-05 03:18 - 2014-01-04 21:47 - 00022206 _____ () C:\WINDOWS\KB2757638.log
2014-01-05 03:18 - 2014-01-04 21:47 - 00020209 _____ () C:\WINDOWS\KB2893294.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00014511 _____ () C:\WINDOWS\KB2698365.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00012471 _____ () C:\WINDOWS\KB2723135-v2.log
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893984$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2014-01-05 03:17 - 2014-01-05 03:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2619339$
2014-01-05 03:17 - 2014-01-04 21:46 - 00022142 _____ () C:\WINDOWS\KB2749655.log
2014-01-05 03:17 - 2014-01-04 21:46 - 00020628 _____ () C:\WINDOWS\KB2619339.log
2014-01-05 03:17 - 2014-01-04 21:46 - 00020084 _____ () C:\WINDOWS\KB2893984.log
2014-01-05 03:17 - 2014-01-04 21:46 - 00018992 _____ () C:\WINDOWS\KB2892075.log
2014-01-05 03:17 - 2014-01-04 21:45 - 00021265 _____ () C:\WINDOWS\KB2705219-v2.log
2014-01-05 03:17 - 2014-01-04 21:45 - 00019582 _____ () C:\WINDOWS\KB2727528.log
2014-01-05 03:16 - 2014-01-05 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-01-05 03:16 - 2014-01-05 03:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-01-05 03:16 - 2014-01-04 21:45 - 00021023 _____ () C:\WINDOWS\KB2813345.log
2014-01-05 03:16 - 2014-01-04 21:44 - 00023578 _____ () C:\WINDOWS\KB2676562.log
2014-01-05 03:13 - 2010-04-04 23:09 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-01-05 03:02 - 2014-01-05 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2014-01-05 03:02 - 2014-01-05 03:01 - 00011491 _____ () C:\WINDOWS\KB2661637.log
2014-01-05 03:02 - 2014-01-04 21:35 - 00019414 _____ () C:\WINDOWS\KB2620712.log
2014-01-05 03:01 - 2014-01-05 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2661637$
2014-01-05 03:01 - 2014-01-05 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2014-01-05 03:01 - 2014-01-04 21:33 - 00018927 _____ () C:\WINDOWS\KB2584146.log
2014-01-04 20:34 - 2007-09-22 05:24 - 00000000 ____D () C:\WINDOWS\Help
2014-01-04 18:12 - 2014-01-04 18:12 - 00028672 _____ () C:\WINDOWS\system32\cmdy.bzt
2014-01-04 18:12 - 2014-01-04 09:50 - 00000095 _____ () C:\WINDOWS\system32\cntmue.uko
2014-01-04 09:50 - 2014-01-04 09:50 - 00000064 _____ () C:\WINDOWS\system32\ozplu.jet
2014-01-04 09:34 - 2014-01-04 09:34 - 00101213 ____S () C:\WINDOWS\system32\bcdwfv.twm
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 07:00] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) ecdb4b1c245729d12be731000c7fe38a 
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================


#4 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 03 February 2014 - 08:41 PM

Update! I was able to find the addition.txt log as well. The initial one was branded a virus and removed, but after running the program again, it was created with no issue.

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Mari Goddy at 2014-02-03 20:40:51
Running from C:\Documents and Settings\Mari Goddy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta (Version:  - )
AC3Filter 2.6.0b (Version: 2.6.0b - Alexander Vigovsky)
Add or Remove Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional (Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2 - Adobe Systems, Inc) Hidden
Adobe After Effects CS3 (Version: 8 - Adobe Systems Incorporated) Hidden
Adobe After Effects CS3 Presets (Version: 8 - Adobe Systems Incorporated) Hidden
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.004 - Adobe Systems)
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS3 (Version: 4.1 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Master Collection (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Encore CS3 Codecs (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Functional Content (Version: 8 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro CS3 Third Party Content (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (Version: 11.6.3.633 - Adobe Systems, Inc.)
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Soundbooth CS3 Codecs (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.8 - Adobe Systems) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe Video Profiles (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP DVA Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ASUSUpdate (Version:  - )
Autodesk Backburner 2008.1 (Version: 2008.1.1 - Autodesk, Inc.)
Autodesk FBX Plugin 2009.4 - 3ds Max 2010 (Version:  - Autodesk)
AVG 2014 (Version: 14.0.3684 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bamboo (Version: 5.2.5-5 - Wacom Technology Corp.)
Bejeweled 3 (Version:  - PopCap Games)
BitTorrent (HKCU Version: 6.0.0 - )
BitTorrent (Version: 7.7.0.27987 - BitTorrent Inc.)
Blender (Version: 2.69 - Blender Foundation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
butt (Version:  - )
CCleaner (Version: 2.30 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Combined Community Codec Pack 2013-11-27 (Version: 2013.11.27.0 - CCCP Project)
Content (Version: 1.00.0000 - Your Company Name) Hidden
Corel Painter 11 - ICA (Version: 11.0 - Corel Corporation) Hidden
Corel Painter 11 - IPM (Version: 11.2 - Corel Corporation) Hidden
Corel Painter 11 (Version:  - Corel Corporation)
Corel Painter 11 (Version: 11.2 - Corel Corporation) Hidden
Corel Painter Essentials 3 (Version: 3.0 - Corel Corporation)
DivX Content Uploader (Version: 1.2.1 - DivX, Inc.)
DivX Converter (Version: 6.5.1 - DivX, Inc.)
DivX Setup (Version: 2.6.1.90 - DivX, LLC)
Dolby Axon - 1.5.1.1 (Version: 1.5.1.1 - Dolby Laboratories)
DriverAgent by eSupport.com (Version:  - )
FBX Plugin 2006.08 for Max 9.0 (Version:  - )
ffdshow [rev 3154] [2009-12-09] (Version: 1.0 - )
Filter Forge 4.009 (Version:  - Filter Forge, Inc.)
Firestorm-Beta (remove only) (Version: 4.5.1.38838 - The Phoenix Firestorm Project, Inc.)
Fluttershy_NO SOUND (Version:  - )
Fluttershy_Sound (Version:  - )
Fraps (remove only) (Version:  - )
Free DVD Video Converter version 2.0.14.628 (Version: 2.0.14.628 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.28.827 (Version: 5.0.28.827 - DVDVideoSoft Ltd.)
FVR (Version: 1.00.0000 - Flash Video Recorder)
Google Chrome (HKCU Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPL MPEG-1/2 DirectShow Decoder Filter (Version: 0.1.2 - Peter Wimmer)
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Japanese Language Support (Version:  - )
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 2 (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java™ 6 Update 22 (Version: 6.0.220 - Oracle)
Java™ 6 Update 3 (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 32 (Version: 6.0.320 - Oracle)
Java™ 6 Update 4 (Version: 1.6.0.40 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
KhalSetup (Version: 3.0.101 - Logitech) Hidden
Langauge (Version: 1.2 - Your Company Name) Hidden
Lexmark 5600-6600 Series (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (Version: 1.0.0.0 - )
Lexmark Tools for Office (Version: 1.24.0.0 - )
Linksys BEFCMU10 EtherFast Cable Modem (Version:  - )
Logitech High Quality Video (Version: 11.80.1065 - Logitech, Inc.) Hidden
Logitech Legacy USB Camera Driver Package (Version:  - )
Logitech QuickCam (Version: 11.10.2030 - Logitech Inc.)
Logitech QuickCam Driver Package (Version:  - )
Logitech SetPoint (Version: 4.60 - Logitech)
Logitech Updater (Version: 1.70 - Logitech, Inc.)
Macromedia Dreamweaver MX (Version: 6.1 - Macromedia)
Macromedia Extension Manager (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Manga Studio EX 4.0 (Version:  - )
MiceOnABeam (Version: 1.0.3 - 1110976 Ontario Ltd.)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (Version: 1.2.4 - Thorvald Natvig)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA nView 140.84 (Version: 140.84 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice 4.0.0 (Version: 4.00.9702 - Apache Software Foundation)
PayPal Plug-In (Version: 2.2.1.25 - PayPal) Hidden
PayPal Plug-In (Version: 2.2.3.0 - PayPal) Hidden
PC Connectivity Solution (Version: 6.43.14.0 - Nokia)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (Version: 1.21 - VIA Technologies, Inc.) Hidden
Pure Networks Platform (Version: 11.0.8322.1 - Pure Networks) Hidden
Python 3.0 (Version: 3.0.150 - Python Software Foundation)
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (Version: 1.5.7.0 - Ralink)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
Realtek AC'97 Audio (Version: 5.28 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (Version: 5.10.0.6602 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sandlot Games Client Services (Version:  - Sandlot Games)
SecondLifeViewer (remove only) (Version:  - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Star Wars: The Old Republic (Version: 1.00 - Electronic Arts, Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab (Version:  - )
System Requirements Lab CYRI (Version: 6.0.8.0 - Husdawg, LLC)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (Version: 3.0.8 - Flagship Industries, Inc.)
VIA Platform Device Manager (Version: 1.21 - VIA Technologies, Inc.)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebEx Support Manager for Internet Explorer (Version: 6.5.47 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebTablet FB Plugin (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (Version: 1.1.0.10 - Wacom Technology Corp.)
Winamp (Version: 5.621  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinAVIVideoConverter (Version:  - ZJ Computing, Inc.)
Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1) (Version: 03/19/2007 6.83.31.1 - Nokia)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live installer (Version: 12.0.1471.1025 - Microsoft Corporation)
Windows Live Messenger (Version: 8.5.1302.1018 - Microsoft Corporation)
Windows Live Sign-in Assistant (Version: 4.200.520.1 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.10 beta 1 (32-bit) (Version: 4.10.1 - win.rar GmbH)
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check WMI.
 
 
==================== Hosts content: ==========================
 
2004-08-04 07:00 - 2014-01-31 19:30 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-839522115-1363534659-1004Core.job => C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-839522115-1363534659-1004UA.job => C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-839522115-1363534659-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2014 03:09:11 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (02/01/2014 00:52:02 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (02/01/2014 02:32:50 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.
 
Error: (01/23/2014 01:57:22 PM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3: class vcfoundation::system::VCSysError: WriteFile() failed <109: The pipe has been ended.>
Trace: (null)
 
Error: (01/23/2014 01:57:22 PM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3: NComm error in thread "NCHost[<class vcbridge::Delegate 0X01ABA9F0> - 1]"
 
Error: (01/21/2014 08:58:13 PM) (Source: Application Error) (User: )
Description: Faulting application mpc-hc.exe, version 1.7.1.39, faulting module divxdech264.ax, version 9.0.2.158, fault address 0x00036699.
Processing media-specific event for [mpc-hc.exe!ws!]
 
Error: (01/21/2014 08:39:25 PM) (Source: Application Hang) (User: )
Description: Hanging application win_crash_logger.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/17/2014 07:05:34 PM) (Source: Application Hang) (User: )
Description: Hanging application mpc-hc.exe, version 1.7.1.39, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (01/16/2014 09:06:43 PM) (Source: Application Error) (User: )
Description: Faulting application secondlifeviewer.exe, version 3.6.13.22851, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f09.
Processing media-specific event for [secondlifeviewer.exe!ws!]
 
Error: (01/15/2014 04:15:34 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
Processing media-specific event for [wmplayer.exe!ws!]
 
 
System errors:
=============
Error: (02/03/2014 03:58:18 PM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/03/2014 03:58:18 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (02/03/2014 02:43:49 PM) (Source: Service Control Manager) (User: )
Description: The Pure Networks Platform Service service hung on starting.
 
Error: (02/03/2014 02:42:16 PM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
Error: (02/03/2014 02:42:16 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService service to connect.
 
Error: (02/03/2014 02:42:16 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
Error: (02/03/2014 02:42:16 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error: 
%%1053
 
Error: (02/03/2014 02:42:16 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.
 
Error: (02/02/2014 08:12:34 PM) (Source: Service Control Manager) (User: )
Description: The Pure Networks Platform Service service hung on starting.
 
Error: (02/02/2014 08:11:02 PM) (Source: Service Control Manager) (User: )
Description: The lxduCATSCustConnectService service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (11/15/2011 01:54:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: 10Microsoft Office Visio12.0.4518.101412.0.4518.101420801980
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 3326.48 MB
Available physical RAM: 1669.28 MB
Total Pagefile: 5163.67 MB
Available Pagefile: 2383.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.19 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:37.11 GB) (Free:6.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Applications) (Fixed) (Total:48.83 GB) (Free:19.88 GB) NTFS
Drive e: (Music) (Fixed) (Total:48.83 GB) (Free:38.2 GB) NTFS
Drive f: (Art) (Fixed) (Total:48.83 GB) (Free:17.8 GB) NTFS
Drive h: () (Fixed) (Total:19.53 GB) (Free:19.34 GB) NTFS
Drive i: () (Fixed) (Total:29.65 GB) (Free:29.26 GB) NTFS
Drive q: (THE GOODS) (Fixed) (Total:465.65 GB) (Free:33.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 01D701D7)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=196 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 134BF781)
Partition 1: (Active) - (Size=466 GB) - (Type=0B)
 
==================== End Of Log ============================


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 03 February 2014 - 09:51 PM





Hello MariGoddy

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 04 February 2014 - 04:31 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org
 
Database version: v2014.02.04.10
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: MARI-PC [administrator]
 
2/4/2014 3:40:31 PM
mbar-log-2014-02-04 (15-40-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 281425
Time elapsed: 9 minute(s), 42 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\system32\rpcss.dll (Trojan.Zekos.PatchedXP3) -> Replace on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

And from RougeKiller....it made two reports both titled "RKreport[0].

 

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Mari Goddy [Admin rights]
Mode : Scan -- Date : 02/04/2014 16:13:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\FLUTTE~1.SCR [-]) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500JS-22MHB0 +++++
--- User ---
[MBR] 80cbcb19210f2741166f821782712889
[BSP] a74729ef9e3842e1bc8ae2290c75138e : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 37997 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 77818860 | Size: 200467 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02042014_161312.txt >>
 
 
I did another reboot but the warnings continue that the machine is infected with the same Trojan.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 04 February 2014 - 09:13 PM

rerun MBAR for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 05 February 2014 - 02:14 AM

I reran MBAR but the Trojan just seems to return good as new on the reboot.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.02.05.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
 :: MARI-PC [administrator]
 
2/5/2014 1:47:32 AM
mbar-log-2014-02-05 (01-47-32).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 281929
Time elapsed: 13 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\system32\rpcss.dll (Trojan.Zekos.PatchedXP3) -> Replace on reboot.
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 05 February 2014 - 01:04 PM


Hello

I would like to run this next to search for some files on the computer.


SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
rpcss.dll 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 06 February 2014 - 01:13 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 01:09 on 06/02/2014 by Mari Goddy
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "rpcss.dll"
C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll --a--c- 396288 bytes [19:35 28/04/2005] [19:35 28/04/2005] DA383FB39A6F1C445F3AFC94B3EB1248
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll --a--c- 398336 bytes [04:20 26/07/2005] [04:20 26/07/2005] C369DF215D352B6F3A0B8C3469AA34F8
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll --a--c- 401408 bytes [22:59 18/10/2009] [10:56 09/02/2009] 9222562D44021B988B9F9F62207FB6F2
C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll -----c- 397824 bytes [17:22 27/08/2008] [04:39 26/07/2005] CE94A2BD25E3E9F4D46A7373FF455C6D
C:\WINDOWS\ServicePackFiles\i386\rpcss.dll -----c- 399360 bytes [17:16 27/08/2008] [00:12 14/04/2008] 2589FE6015A316C0F5D5112B4DA7B509
C:\WINDOWS\system32\rpcss.dll --a---- 401408 bytes [12:00 04/08/2004] [12:10 09/02/2009] ECDB4B1C245729D12BE731000C7FE38A
 
-= EOF =-


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 07 February 2014 - 12:37 PM


Hello MariGoddy

we are going to run this now to replace the infected files with good files

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe
  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll 

  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 07 February 2014 - 01:13 PM

BlitzBlank 1.0.0.32
 
File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\$hf_mig$\kb956572\sp3qfe\rpcss.dll", destinationFile = "\??\c:\windows\system32\rpcss.dll"
 
This is the first time I reboot the computer and didn't see any AVG warnings. I've done some more tests to see if the popups arise when I open certain programs, but I'm not seeing anything :)


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 07 February 2014 - 09:48 PM



Hello MariGoddy

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MariGoddy

MariGoddy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:09 AM

Posted 10 February 2014 - 02:30 AM

I had a bit of trouble with the Junkware Removal Tool, but here are the logs for both.

 

# AdwCleaner v3.018 - Report created 09/02/2014 at 02:49:54
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mari Goddy - MARI-PC
# Running from : C:\Documents and Settings\Mari Goddy\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\eSupport.com
Folder Deleted : C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Mari Goddy\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Mari Goddy\Application Data\registry mechanic
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Mari Goddy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2441 octets] - [09/02/2014 02:47:07]
AdwCleaner[S0].txt - [2428 octets] - [09/02/2014 02:49:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2488 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Mari Goddy on Mon 02/10/2014 at  2:23:54.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3FF656B9-1EE7-4B18-99A1-5BBB8C3F492D}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/10/2014 at  2:27:25.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:09 AM

Posted 10 February 2014 - 12:44 PM


Hello MariGoddy

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users