Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft essntials wont update....


  • This topic is locked This topic is locked
14 replies to this topic

#1 Gone gray

Gone gray

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 06 February 2014 - 09:15 AM

I noticed the computer running slow a few days ago....

Yesterday IE wasnt showing pictures, aol was just text, no pics.

This was on my pc and my wifes who is on the same network.

Norton site warnings kept popping up for sites we have been to before...

Microsoft Essentials wont update, cant fint internet, yet Inet works ...

I would like to go through the system and see if we can find something wrong.

Can someone help?

Thanks

 

system info

Dell 8400

drive C with xp

drive F with windows 7

 

network runs through lynksys EA3500

running "Block the bad " app level 2( thats where the norton comes in)

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 11 February 2014 - 09:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523390 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 16 February 2014 - 09:25 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 17 February 2014 - 11:51 AM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 17 February 2014 - 11:51 AM





Hello Gone gray

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 19 February 2014 - 02:29 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Lou (administrator) on LOUXP on 19-02-2014 11:56:47
Running from C:\Documents and Settings\Lou\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Dokan\DokanLibrary\mounter.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(CANON INC.) C:\WINDOWS\system32\CAPM5RSK.EXE
(Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE
(AOL LLC) C:\Program Files\Common Files\AOL\1382618545\ee\AOLDesktop.exe
(AOL LLC) C:\Program Files\Common Files\AOL\1382618545\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [AOL Fast Start] - "C:\PROGRA~1\AOLDES~1.6\AOL.EXE" -b
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK
ShortcutTarget: Canon iC D800 Status Window.LNK -> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE (CANON INC.)
Startup: C:\Documents and Settings\Lou\Start Menu\Programs\Startup\AOL Desktop.lnk
ShortcutTarget: AOL Desktop.lnk -> C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
URLSearchHook: HKLM - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1361529270359
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblockauctions.com/container_repository/laiexec.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.153.192.50 198.153.194.50 192.168.1.1

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [25088 2012-06-26] ()
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2012-04-09] (Juniper Networks)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [167520 2011-11-01] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2011-11-01] (SEIKO EPSON CORPORATION)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [10240 2012-02-16] (Olof Lagerkvist)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 PhoneMountingService; C:\Program Files\PhoneStick\PhoneStickService.exe [18013496 2013-08-19] (Softorino Inc.)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [X]
S4 TomTomHOMEService; "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 ampa; C:\WINDOWS\system32\ampa.sys [10936 2011-12-26] ()
S3 AWEAlloc; C:\WINDOWS\System32\DRIVERS\awealloc.sys [16848 2012-02-16] (Olof Lagerkvist)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [91904 2012-06-26] (Windows ® Win 7 DDK provider)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2012-04-09] (Juniper Networks)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] ()
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R2 ImDisk; C:\WINDOWS\System32\DRIVERS\imdisk.sys [32600 2012-02-16] (Olof Lagerkvist)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2013-12-26] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
R2 RapidPortM5; C:\WINDOWS\system32\Drivers\CAPM5LP.SYS [23232 2004-04-19] (CANON INC.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [28216 2005-11-10] (SafeNet, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S0 dhaavep; System32\drivers\quhlechv.sys [X]
S1 gajsigcb; \??\C:\WINDOWS\system32\drivers\gajsigcb.sys [X]
S1 jkdsztsk; \??\C:\WINDOWS\system32\drivers\jkdsztsk.sys [X]
S1 kalbmdxq; \??\C:\WINDOWS\system32\drivers\kalbmdxq.sys [X]
S1 krlwazxe; \??\C:\WINDOWS\system32\drivers\krlwazxe.sys [X]
S1 lvtrzsou; \??\C:\WINDOWS\system32\drivers\lvtrzsou.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 11:56 - 2014-02-19 11:56 - 00015210 _____ () C:\Documents and Settings\Lou\Desktop\FRST.txt
2014-02-19 11:30 - 2014-02-19 11:56 - 00000000 ____D () C:\FRST
2014-02-19 11:29 - 2014-02-19 11:29 - 01141248 _____ (Farbar) C:\Documents and Settings\Lou\Desktop\FRST.exe
2014-02-17 11:19 - 2014-02-17 11:19 - 00000904 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS MobiSaver 4.0.lnk
2014-02-17 11:19 - 2014-02-17 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS MobiSaver 4.0
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 09:51 - 2014-02-12 09:52 - 00012569 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 09:50 - 2014-02-12 09:51 - 00005793 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 03:34 - 2014-02-12 10:25 - 00015794 _____ () C:\WINDOWS\KB2916036.log
2014-02-09 11:48 - 2014-02-09 11:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000710 _____ () C:\Documents and Settings\All Users\Desktop\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\VoiceZoneConnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\com.twc.voicezoneconnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-02-05 17:32 - 2014-02-05 17:36 - 00002804 _____ () C:\AdwCleaner[R2].txt
2014-02-04 20:20 - 2014-02-05 18:06 - 00000246 _____ () C:\WINDOWS\RealFlight.INI
2014-02-04 19:53 - 2014-02-04 19:53 - 00000836 _____ () C:\Documents and Settings\All Users\Desktop\RealFlight G3.5 Launcher.lnk
2014-02-04 19:53 - 2014-02-04 19:53 - 00000794 _____ () C:\WINDOWS\DirectX.log
2014-02-04 19:53 - 2014-02-04 19:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealFlight G3.5
2014-02-04 19:44 - 2014-02-09 07:45 - 00000000 ____D () C:\Program Files\RealFlightG3
2014-02-04 19:44 - 2014-02-04 19:57 - 00000000 ____D () C:\Program Files\Common Files\KnifeEdge
2014-02-04 15:43 - 2014-02-04 15:43 - 00001056 _____ () C:\Documents and Settings\Lou\Desktop\f1099msc.xfdf
2014-02-01 15:06 - 2014-02-01 15:06 - 00107008 _____ () C:\Documents and Settings\Lou\My Documents\foamy1.pub
2014-02-01 12:14 - 2014-02-01 12:14 - 00717086 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skb
2014-02-01 10:41 - 2014-02-01 15:06 - 00720633 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skp
2014-01-31 11:59 - 2014-01-31 11:59 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Wondershare Dr.Fone for iOS
2014-01-31 11:36 - 2014-01-31 11:36 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm2
2014-01-31 11:32 - 2014-01-31 11:34 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm1
2014-01-30 20:37 - 2014-01-30 20:37 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\New Folder
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\Start Menu\Programs\MobiOne Studio
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\.mobione
2014-01-25 16:06 - 2014-01-25 16:06 - 00000031 _____ () C:\Documents and Settings\Lou\.mobione.locator
2014-01-25 16:06 - 2014-01-25 16:06 - 00000000 ____D () C:\Program Files\MobiOne Studio
2014-01-25 13:26 - 2014-01-25 13:28 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\skypelogview (2)
2014-01-24 12:45 - 2014-01-24 12:45 - 00000000 ___SD () C:\Documents and Settings\Lou\My Documents\My Data Sources
2014-01-21 10:12 - 2014-01-21 12:26 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\moved from f

==================== One Month Modified Files and Folders =======

2014-02-19 11:56 - 2014-02-19 11:56 - 00015210 _____ () C:\Documents and Settings\Lou\Desktop\FRST.txt
2014-02-19 11:56 - 2014-02-19 11:30 - 00000000 ____D () C:\FRST
2014-02-19 11:48 - 2012-03-22 06:16 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 11:29 - 2014-02-19 11:29 - 01141248 _____ (Farbar) C:\Documents and Settings\Lou\Desktop\FRST.exe
2014-02-19 11:06 - 2012-10-28 10:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-19 08:33 - 2013-05-29 13:00 - 01734994 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-19 08:32 - 2013-11-20 06:24 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-19 08:24 - 2002-11-01 06:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-19 08:23 - 2013-05-29 19:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-19 08:23 - 2013-05-29 19:02 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-19 08:22 - 2012-09-25 14:08 - 00000390 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-02-19 08:22 - 2012-03-22 06:16 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 08:22 - 2011-10-11 14:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-18 20:19 - 2013-05-29 19:02 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-17 21:52 - 2012-08-29 19:07 - 02114655 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1417001333-527237240-1003-0.dat
2014-02-17 21:52 - 2012-08-03 22:48 - 00278154 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-17 21:52 - 2011-10-11 14:24 - 00000278 ___SH () C:\Documents and Settings\Lou\ntuser.ini
2014-02-17 11:19 - 2014-02-17 11:19 - 00000904 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS MobiSaver 4.0.lnk
2014-02-17 11:19 - 2014-02-17 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS MobiSaver 4.0
2014-02-17 11:19 - 2013-11-19 14:13 - 00000000 ____D () C:\Program Files\EaseUS
2014-02-12 10:27 - 2011-10-12 12:18 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 10:25 - 2014-02-12 03:34 - 00015794 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 10:25 - 2013-06-04 17:48 - 00029822 _____ () C:\WINDOWS\updspapi.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00348121 _____ () C:\WINDOWS\iis6.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00289862 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00150258 _____ () C:\WINDOWS\ocgen.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00136859 _____ () C:\WINDOWS\tsoc.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00096811 _____ () C:\WINDOWS\comsetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00094002 _____ () C:\WINDOWS\msmqinst.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00059968 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00051405 _____ () C:\WINDOWS\netfxocm.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00020626 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00016402 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00014952 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00014306 _____ () C:\WINDOWS\tabletoc.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 10:14 - 2011-10-11 09:44 - 00622270 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 10:07 - 2013-08-15 02:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 10:01 - 2011-10-12 14:18 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 09:52 - 2014-02-12 09:51 - 00012569 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 09:52 - 2013-06-04 17:47 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 09:51 - 2014-02-12 09:50 - 00005793 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 09:51 - 2011-10-12 14:20 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-11 08:24 - 2012-01-31 20:37 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2585542$
2014-02-09 11:48 - 2014-02-09 11:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000710 _____ () C:\Documents and Settings\All Users\Desktop\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\VoiceZoneConnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\com.twc.voicezoneconnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-02-09 11:48 - 2012-03-22 06:14 - 00000000 ____D () C:\Program Files\Adobe
2014-02-09 11:48 - 2012-03-22 06:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-09 11:48 - 2011-10-18 13:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\Adobe
2014-02-09 11:47 - 2012-03-22 06:19 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Adobe
2014-02-09 07:45 - 2014-02-04 19:44 - 00000000 ____D () C:\Program Files\RealFlightG3
2014-02-08 23:06 - 2014-01-01 14:28 - 00337560 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-08 15:34 - 2013-10-27 18:10 - 00265365 _____ () C:\Documents and Settings\Lou\My Documents\lad rac.skp
2014-02-06 17:06 - 2012-10-28 10:56 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 17:06 - 2011-11-02 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:54 - 2008-04-14 04:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 04:42 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 19:00 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2011-10-11 13:57 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 04:42 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 04:42 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 18:06 - 2014-02-04 20:20 - 00000246 _____ () C:\WINDOWS\RealFlight.INI
2014-02-05 18:06 - 2013-05-31 15:13 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-05 17:39 - 2014-01-10 13:47 - 00000000 ___RD () C:\Documents and Settings\Lou\Desktop\Clean up
2014-02-05 17:36 - 2014-02-05 17:32 - 00002804 _____ () C:\AdwCleaner[R2].txt
2014-02-05 17:27 - 2011-10-11 14:23 - 00000000 ____D () C:\Documents and Settings\Lou
2014-02-05 17:24 - 2008-04-13 23:07 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-05 16:45 - 2011-10-11 14:23 - 00001599 _____ () C:\Documents and Settings\Lou\Start Menu\Programs\Remote Assistance.lnk
2014-02-05 15:47 - 2014-01-19 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ApexSQL
2014-02-05 15:45 - 2014-01-19 08:35 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\ApexSQL
2014-02-05 15:45 - 2013-05-30 13:21 - 00388030 _____ () C:\WINDOWS\setupapi.log
2014-02-05 15:23 - 2012-03-22 06:16 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Google
2014-02-05 10:07 - 2011-10-11 13:57 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-04 19:57 - 2014-02-04 19:44 - 00000000 ____D () C:\Program Files\Common Files\KnifeEdge
2014-02-04 19:53 - 2014-02-04 19:53 - 00000836 _____ () C:\Documents and Settings\All Users\Desktop\RealFlight G3.5 Launcher.lnk
2014-02-04 19:53 - 2014-02-04 19:53 - 00000794 _____ () C:\WINDOWS\DirectX.log
2014-02-04 19:53 - 2014-02-04 19:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealFlight G3.5
2014-02-04 19:53 - 2002-11-01 06:00 - 00000309 _____ () C:\WINDOWS\win.ini
2014-02-04 15:43 - 2014-02-04 15:43 - 00001056 _____ () C:\Documents and Settings\Lou\Desktop\f1099msc.xfdf
2014-02-01 15:06 - 2014-02-01 15:06 - 00107008 _____ () C:\Documents and Settings\Lou\My Documents\foamy1.pub
2014-02-01 15:06 - 2014-02-01 10:41 - 00720633 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skp
2014-02-01 12:30 - 2013-08-15 19:26 - 00000000 ___HD () C:\Documents and Settings\Lou\My Documents\Corel Auto-Preserve
2014-02-01 12:30 - 2013-03-31 09:50 - 00076800 ___SH () C:\Documents and Settings\Lou\My Documents\Thumbs.db
2014-02-01 12:30 - 2011-10-18 11:37 - 00139264 _____ () C:\Documents and Settings\Lou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-01 12:14 - 2014-02-01 12:14 - 00717086 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skb
2014-01-31 11:59 - 2014-01-31 11:59 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Wondershare Dr.Fone for iOS
2014-01-31 11:36 - 2014-01-31 11:36 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm2
2014-01-31 11:34 - 2014-01-31 11:32 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm1
2014-01-30 20:40 - 2012-06-30 10:43 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\Audacity
2014-01-30 20:37 - 2014-01-30 20:37 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\New Folder
2014-01-30 19:28 - 2014-01-06 14:54 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Wide Angle Software
2014-01-25 16:34 - 2013-12-28 10:15 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\bfsu
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\Start Menu\Programs\MobiOne Studio
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\.mobione
2014-01-25 16:06 - 2014-01-25 16:06 - 00000031 _____ () C:\Documents and Settings\Lou\.mobione.locator
2014-01-25 16:06 - 2014-01-25 16:06 - 00000000 ____D () C:\Program Files\MobiOne Studio
2014-01-25 13:28 - 2014-01-25 13:26 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\skypelogview (2)
2014-01-24 12:45 - 2014-01-24 12:45 - 00000000 ___SD () C:\Documents and Settings\Lou\My Documents\My Data Sources
2014-01-21 12:26 - 2014-01-21 10:12 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\moved from f
2014-01-21 11:04 - 2012-07-10 11:53 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Recipies
2014-01-21 10:34 - 2014-01-06 20:32 - 00147249 _____ () C:\Documents and Settings\Lou\My Documents\SkypeAlyzer_1.csl
2014-01-21 10:33 - 2014-01-06 20:33 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\skycase
2014-01-21 08:20 - 2013-12-18 16:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-20 13:10 - 2014-01-10 16:50 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\1
2014-01-20 11:09 - 2013-12-31 14:16 - 00000000 ____D () C:\Program Files\Recuva

Some content of TEMP:
====================
C:\Documents and Settings\Lou\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\Lou\Local Settings\temp\AOLInstallerfw.dll
C:\Documents and Settings\Lou\Local Settings\temp\AuConv.dll
C:\Documents and Settings\Lou\Local Settings\temp\AuConvEx.dll
C:\Documents and Settings\Lou\Local Settings\temp\bcdedit.exe
C:\Documents and Settings\Lou\Local Settings\temp\Boot.dll
C:\Documents and Settings\Lou\Local Settings\temp\BootDriver.dll
C:\Documents and Settings\Lou\Local Settings\temp\bootsect.exe
C:\Documents and Settings\Lou\Local Settings\temp\Burn.dll
C:\Documents and Settings\Lou\Local Settings\temp\CodeLog.dll
C:\Documents and Settings\Lou\Local Settings\temp\DataMana.dll
C:\Documents and Settings\Lou\Local Settings\temp\DevCtrl.dll
C:\Documents and Settings\Lou\Local Settings\temp\FatLib.dll
C:\Documents and Settings\Lou\Local Settings\temp\GdiPlus.dll
C:\Documents and Settings\Lou\Local Settings\temp\GetDriverInfo.dll
C:\Documents and Settings\Lou\Local Settings\temp\grubinst.exe
C:\Documents and Settings\Lou\Local Settings\temp\iExplorer_3_Setup_3252.exe
C:\Documents and Settings\Lou\Local Settings\temp\InstallerMessageBox.exe
C:\Documents and Settings\Lou\Local Settings\temp\ISOExport.exe
C:\Documents and Settings\Lou\Local Settings\temp\mfc90.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfc90u.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfcm90.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfcm90u.dll
C:\Documents and Settings\Lou\Local Settings\temp\msacm32.dll
C:\Documents and Settings\Lou\Local Settings\temp\msvcm90.dll
C:\Documents and Settings\Lou\Local Settings\temp\MSVCP60.DLL
C:\Documents and Settings\Lou\Local Settings\temp\msvcp90.dll
C:\Documents and Settings\Lou\Local Settings\temp\msvcr90.dll
C:\Documents and Settings\Lou\Local Settings\temp\NPSInstallerProxy.exe
C:\Documents and Settings\Lou\Local Settings\temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Documents and Settings\Lou\Local Settings\temp\RecLib.dll
C:\Documents and Settings\Lou\Local Settings\temp\SHFOLDER.DLL
C:\Documents and Settings\Lou\Local Settings\temp\sqlite-3.7.15-x86-sqlitejdbc.dll
C:\Documents and Settings\Lou\Local Settings\temp\syslinux.exe
C:\Documents and Settings\Lou\Local Settings\temp\temp.exe
C:\Documents and Settings\Lou\Local Settings\temp\uninst.dll
C:\Documents and Settings\Lou\Local Settings\temp\UserRes.dll
C:\Documents and Settings\Lou\Local Settings\temp\UserResEx.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Lou at 2014-02-19 11:57:48
Running from C:\Documents and Settings\Lou\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

20-20 Version 8 (Version: 8.0.3.1347 - 20-20 Technologies inc) Hidden
20-20 Version 8 (Version: 8.0.3.1347 - 20-20 Technologies)
7-Data Card Recovery version 1.1 (Version: 1.1 - SharpNight Co,Ltd)
7-zip v9.20 (Version: v9.20 - TUGUU SL)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKCU Version:  - )
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
AOL Registration (Version:  - )
AOL Toolbar for Firefox (Version: 5.13.6.2 - AOL LLC)
AOL Toolbar for Internet Explorer (Version: 5.13.4.1 - AOL LLC)
AOL Uninstaller (Choose which Products to Remove) (Version:  - AOL LLC)
AOMEI Partition Assistant Standard Edition 5.2 (Version:  - Aomei Technology Co., Ltd.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (Version:  - Audacity Team)
Avery Wizard 4.0 (Version: 4.0.103 - Avery)
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (Version: 7.53.02 - Broadcom)
Broadcom Gigabit Integrated Controller (Version: 7.53.02 - Broadcom) Hidden
Canon iC D800 (Version:  - )
Card Data Recovery  (Version:  - Tenorshare, Inc.)
CCleaner (Version: 4.01 - Piriform)
Citrix online plug-in - web (Version: 12.3.0.8 - Citrix Systems, Inc.)
Client Activator 2.0 - English (2) (Version:  - )
Client Activator 2.0 - English (All) (Version:  - )
CNCSimulator Pro (Version: 1.1.0.4 - CNCSimulator.com)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (Version:  - )
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation) Hidden
Decipher TextMessage (Version: 5.5.10 - Decipher Media)
Dokan Library version 0.6.0 (Version: 0.6.0 - Hiroku)
Download Navigator (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EASEUS Deleted File Recovery 3.0.1 (Version:  - EASEUS)
EaseUS MobiSaver 4.0 (Version:  - EaseUS)
EaseUS Partition Master 9.2.2 (Version:  - EaseUS)
EasyGSM for SGH-A800 (Version:  - )
Epson Connect (Version:  - )
Epson Customer Participation (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Scavenger 4.0 (en) (Version: 4.0.5.0 - QueTek Consulting Corporation)
File Type Assistant (Version:  - Trusted Software) <==== ATTENTION
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
iBackup Extractor (Version: 2.14 - Wide Angle Software)
iBackupBot for iTunes 4.1.6 (Version: 4.1.6 - VOWSoft, Ltd.)
ICA (Version: 15.2.0.12 - Corel Corporation) Hidden
iCopyBot for Windows 7.8.6 (Version: 7.8.6 - VOWSoft, Ltd.)
iExplorer 3.2.5.2 (Version:  - Macroplant LLC)
ImageMixer 3 SE Ver.6 Transfer Utility (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (Version: 6.00.018 - PIXELA)
ImDisk Virtual Disk Driver (Version:  - )
Installing selected sensor drivers ... (Version: 1.0.728 - Profactor) Hidden
InterVideo WinDVD (Version:  - InterVideo Inc.)
iPhone 3GS Data Recovery  (Version:  - Tenorshare, Inc.)
iPhone Backup Extractor (HKCU Version: 4.7.0.0 - Reincubate Ltd)
IPM_PSP_COM (Version: 15.2.0.12 - Corel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Juniper Networks Host Checker (HKCU Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.17087 - Juniper Networks)
Juniper Networks Network Connect 7.1.8 (Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.8.19851 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (Version:  - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (Version: 9.7.0621 - Microsoft Corporation)
MobiOne 2.6.1 (HKCU Version: 2.6.1 - Genuitec, LLC)
MSN (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
PhoneStick version 1.5.9 (Version: 1.5.9 - Softorino, Inc.)
PL-2303 USB-to-Serial (Version: 1.5.0 - Prolific Technology INC)
PSPPContent (Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (Version: 15.2.0.12 - Corel Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealFlight G3 R/C Simulator (Version:  - )
ReconstructMe Qt 1.1.74 (Version: 1.1.74 - Profactor GmbH) Hidden
ReconstructMeQt Installer 1.1.74 (Version: 1.1.74 - Profactor GmbH)
Recuva (Version: 1.49 - Piriform)
Reimage Repair (Version: 1.6.3.8 - Reimage)
Revo Uninstaller 1.94 (Version: 1.94 - VS Revo Group)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sentinel Protection Installer 7.2.1 (Version: 7.2.1 - SafeNet, Inc.)
Setup (Version: 15.2.0.12 - Corel Corporation) Hidden
Skanect 1.5 (Version: 1.5.0 - ManCTL)
SketchUp 2013 (Version: 13.0.4812 - Trimble Navigation Limited)
SkypeAlyzer version 1.2.33 (Version: 1.2.33 - Sanderson Forensics)
SoundMAX (Version: 5.12.01.5246 - Analog Devices)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.14 - Tweaking.com)
Unlocker 1.9.1 (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (Version:  - )
VoiceZoneConnect (Version: 1.5.0 - Time Warner Cable Media Inc)
VoiceZoneConnect (Version: 1.5.0 - Time Warner Cable Media Inc) Hidden
WD SmartWare (Version: 1.6.5.2 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (Version: 1.0.30 - Microsoft Corporation)
Windows DVD Maker 3.5 (Version:  - Windows DVD Maker,Inc.)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
WinPatrol (Version: 28.1.2013.0 - BillP Studios)
WinRAR 5.01 beta 1 (32-bit) (Version: 5.01.1 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 3.5.1.2) (Version: 3.5.1.2 - Wondershare Software Co.,Ltd.)

==================== Restore Points  =========================

05-02-2014 15:07:54 System Checkpoint
05-02-2014 20:22:24 Revo Uninstaller's restore point - Google Chrome
05-02-2014 20:25:47 Revo Uninstaller's restore point - ApexSQL Audit 2013
05-02-2014 20:30:24 Revo Uninstaller's restore point - ApexSQL Build 2012
05-02-2014 20:31:43 Revo Uninstaller's restore point - ApexSQL Clean 2011
05-02-2014 20:33:04 Revo Uninstaller's restore point - ApexSQL Data Diff 2012
05-02-2014 20:34:25 Revo Uninstaller's restore point - ApexSQL Diff 2013
05-02-2014 20:35:54 Revo Uninstaller's restore point - ApexSQL Diff API 2011
05-02-2014 20:37:15 Revo Uninstaller's restore point - ApexSQL Doc 2013
05-02-2014 20:39:27 Revo Uninstaller's restore point - ApexSQL Log 2013
05-02-2014 20:40:54 Revo Uninstaller's restore point - ApexSQL Log API 2013
05-02-2014 20:42:16 Revo Uninstaller's restore point - ApexSQL Recover 2011
05-02-2014 20:45:13 Revo Uninstaller's restore point - ApexSQL Restore 2012
05-02-2014 20:47:11 Revo Uninstaller's restore point - ApexSQL Script 2011
05-02-2014 20:49:16 Revo Uninstaller's restore point - Forensic Explorer
06-02-2014 12:14:39 Software Distribution Service 3.0
08-02-2014 14:30:29 Software Distribution Service 3.0
09-02-2014 17:53:24 System Checkpoint
10-02-2014 13:29:23 Software Distribution Service 3.0
10-02-2014 17:35:56 Software Distribution Service 3.0
11-02-2014 13:29:54 Software Distribution Service 3.0
12-02-2014 13:37:50 Software Distribution Service 3.0
12-02-2014 14:45:22 Software Distribution Service 3.0
16-02-2014 22:41:58 Software Distribution Service 3.0
18-02-2014 01:40:34 System Checkpoint
18-02-2014 11:09:34 Software Distribution Service 3.0
19-02-2014 13:32:53 Software Distribution Service 3.0

==================== Hosts content: ==========================

2002-11-01 06:00 - 2013-06-04 21:20 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\ProgramUpdateCheck.job => C:\Program Files\File Type Assistant\tsassist.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
Task: C:\WINDOWS\Tasks\Reimage ScanAgent.job => C:\Program Files\Reimage\Reimage Repair\REI_ScanAgent.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-31 15:54 - 2012-06-26 20:26 - 00025088 _____ () C:\Program Files\Dokan\DokanLibrary\mounter.exe
2013-06-08 09:13 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 11:18:52 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (02/09/2014 11:11:53 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23543, fault address 0x002b9f40.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/05/2014 05:08:27 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 05:04:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:53:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:39:10 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:20:37 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:17:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (02/05/2014 04:15:59 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:15:11 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

System errors:
=============
Error: (02/19/2014 08:23:56 AM) (Source: Service Control Manager) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The WD Rules service failed to start due to the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WD Rules service to connect.

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The PhoneMountingService service failed to start due to the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the PhoneMountingService service to connect.

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (02/18/2014 05:58:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/18/2014 05:58:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (02/17/2014 10:59:52 AM) (Source: Service Control Manager) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:18:52 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (02/09/2014 11:11:53 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23543002b9f40

Error: (02/05/2014 05:08:27 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 05:04:58 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:53:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:39:10 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:20:37 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:17:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (02/05/2014 04:15:59 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:15:11 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3070.09 MB
Available physical RAM: 2103.5 MB
Total Pagefile: 4955.84 MB
Available Pagefile: 4147.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:172.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Canon_CAPT) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
Drive f: (windows 8 test) (Fixed) (Total:149 GB) (Free:85.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA1BCA1B)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 19 February 2014 - 05:53 PM



Hello Gone gray

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 20 February 2014 - 01:20 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Lou (administrator) on LOUXP on 19-02-2014 11:56:47
Running from C:\Documents and Settings\Lou\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Dokan\DokanLibrary\mounter.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(CANON INC.) C:\WINDOWS\system32\CAPM5RSK.EXE
(Olof Lagerkvist) C:\WINDOWS\system32\imdsksvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Western Digital) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE
(CANON INC.) C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE
(AOL LLC) C:\Program Files\Common Files\AOL\1382618545\ee\AOLDesktop.exe
(AOL LLC) C:\Program Files\Common Files\AOL\1382618545\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AOL LLC) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [AOL Fast Start] - "C:\PROGRA~1\AOLDES~1.6\AOL.EXE" -b
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK
ShortcutTarget: Canon iC D800 Status Window.LNK -> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM5LAK.EXE (CANON INC.)
Startup: C:\Documents and Settings\Lou\Start Menu\Programs\Startup\AOL Desktop.lnk
ShortcutTarget: AOL Desktop.lnk -> C:\Program Files\Common Files\AOL\Launch\aollaunch.exe (AOL LLC)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
URLSearchHook: HKLM - IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1361529270359
DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblockauctions.com/container_repository/laiexec.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ns.arise.com/dana-cached/sc/JuniperSetupClient.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 198.153.192.50 198.153.194.50 192.168.1.1

========================== Services (Whitelisted) =================

R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [25088 2012-06-26] ()
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [670792 2012-04-09] (Juniper Networks)
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [167520 2011-11-01] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2011-11-01] (SEIKO EPSON CORPORATION)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [10240 2012-02-16] (Olof Lagerkvist)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 PhoneMountingService; C:\Program Files\PhoneStick\PhoneStickService.exe [18013496 2013-08-19] (Softorino Inc.)
S2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
S4 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [X]
S4 TomTomHOMEService; "C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 ampa; C:\WINDOWS\system32\ampa.sys [10936 2011-12-26] ()
S3 AWEAlloc; C:\WINDOWS\System32\DRIVERS\awealloc.sys [16848 2012-02-16] (Olof Lagerkvist)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [91904 2012-06-26] (Windows ® Win 7 DDK provider)
R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2012-04-09] (Juniper Networks)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] ()
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R2 ImDisk; C:\WINDOWS\System32\DRIVERS\imdisk.sys [32600 2012-02-16] (Olof Lagerkvist)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [42592 2013-12-26] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
R2 RapidPortM5; C:\WINDOWS\system32\Drivers\CAPM5LP.SYS [23232 2004-04-19] (CANON INC.)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SNTNLUSB; C:\WINDOWS\System32\DRIVERS\SNTNLUSB.SYS [28216 2005-11-10] (SafeNet, Inc.)
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S0 dhaavep; System32\drivers\quhlechv.sys [X]
S1 gajsigcb; \??\C:\WINDOWS\system32\drivers\gajsigcb.sys [X]
S1 jkdsztsk; \??\C:\WINDOWS\system32\drivers\jkdsztsk.sys [X]
S1 kalbmdxq; \??\C:\WINDOWS\system32\drivers\kalbmdxq.sys [X]
S1 krlwazxe; \??\C:\WINDOWS\system32\drivers\krlwazxe.sys [X]
S1 lvtrzsou; \??\C:\WINDOWS\system32\drivers\lvtrzsou.sys [X]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 11:56 - 2014-02-19 11:56 - 00015210 _____ () C:\Documents and Settings\Lou\Desktop\FRST.txt
2014-02-19 11:30 - 2014-02-19 11:56 - 00000000 ____D () C:\FRST
2014-02-19 11:29 - 2014-02-19 11:29 - 01141248 _____ (Farbar) C:\Documents and Settings\Lou\Desktop\FRST.exe
2014-02-17 11:19 - 2014-02-17 11:19 - 00000904 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS MobiSaver 4.0.lnk
2014-02-17 11:19 - 2014-02-17 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS MobiSaver 4.0
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 09:51 - 2014-02-12 09:52 - 00012569 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 09:50 - 2014-02-12 09:51 - 00005793 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 03:34 - 2014-02-12 10:25 - 00015794 _____ () C:\WINDOWS\KB2916036.log
2014-02-09 11:48 - 2014-02-09 11:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000710 _____ () C:\Documents and Settings\All Users\Desktop\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\VoiceZoneConnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\com.twc.voicezoneconnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-02-05 17:32 - 2014-02-05 17:36 - 00002804 _____ () C:\AdwCleaner[R2].txt
2014-02-04 20:20 - 2014-02-05 18:06 - 00000246 _____ () C:\WINDOWS\RealFlight.INI
2014-02-04 19:53 - 2014-02-04 19:53 - 00000836 _____ () C:\Documents and Settings\All Users\Desktop\RealFlight G3.5 Launcher.lnk
2014-02-04 19:53 - 2014-02-04 19:53 - 00000794 _____ () C:\WINDOWS\DirectX.log
2014-02-04 19:53 - 2014-02-04 19:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealFlight G3.5
2014-02-04 19:44 - 2014-02-09 07:45 - 00000000 ____D () C:\Program Files\RealFlightG3
2014-02-04 19:44 - 2014-02-04 19:57 - 00000000 ____D () C:\Program Files\Common Files\KnifeEdge
2014-02-04 15:43 - 2014-02-04 15:43 - 00001056 _____ () C:\Documents and Settings\Lou\Desktop\f1099msc.xfdf
2014-02-01 15:06 - 2014-02-01 15:06 - 00107008 _____ () C:\Documents and Settings\Lou\My Documents\foamy1.pub
2014-02-01 12:14 - 2014-02-01 12:14 - 00717086 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skb
2014-02-01 10:41 - 2014-02-01 15:06 - 00720633 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skp
2014-01-31 11:59 - 2014-01-31 11:59 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Wondershare Dr.Fone for iOS
2014-01-31 11:36 - 2014-01-31 11:36 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm2
2014-01-31 11:32 - 2014-01-31 11:34 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm1
2014-01-30 20:37 - 2014-01-30 20:37 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\New Folder
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\Start Menu\Programs\MobiOne Studio
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\.mobione
2014-01-25 16:06 - 2014-01-25 16:06 - 00000031 _____ () C:\Documents and Settings\Lou\.mobione.locator
2014-01-25 16:06 - 2014-01-25 16:06 - 00000000 ____D () C:\Program Files\MobiOne Studio
2014-01-25 13:26 - 2014-01-25 13:28 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\skypelogview (2)
2014-01-24 12:45 - 2014-01-24 12:45 - 00000000 ___SD () C:\Documents and Settings\Lou\My Documents\My Data Sources
2014-01-21 10:12 - 2014-01-21 12:26 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\moved from f

==================== One Month Modified Files and Folders =======

2014-02-19 11:56 - 2014-02-19 11:56 - 00015210 _____ () C:\Documents and Settings\Lou\Desktop\FRST.txt
2014-02-19 11:56 - 2014-02-19 11:30 - 00000000 ____D () C:\FRST
2014-02-19 11:48 - 2012-03-22 06:16 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 11:29 - 2014-02-19 11:29 - 01141248 _____ (Farbar) C:\Documents and Settings\Lou\Desktop\FRST.exe
2014-02-19 11:06 - 2012-10-28 10:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-19 08:33 - 2013-05-29 13:00 - 01734994 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-19 08:32 - 2013-11-20 06:24 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-19 08:24 - 2002-11-01 06:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-19 08:23 - 2013-05-29 19:02 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-19 08:23 - 2013-05-29 19:02 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-19 08:22 - 2012-09-25 14:08 - 00000390 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-02-19 08:22 - 2012-03-22 06:16 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 08:22 - 2011-10-11 14:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-18 20:19 - 2013-05-29 19:02 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-17 21:52 - 2012-08-29 19:07 - 02114655 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-1417001333-527237240-1003-0.dat
2014-02-17 21:52 - 2012-08-03 22:48 - 00278154 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-02-17 21:52 - 2011-10-11 14:24 - 00000278 ___SH () C:\Documents and Settings\Lou\ntuser.ini
2014-02-17 11:19 - 2014-02-17 11:19 - 00000904 _____ () C:\Documents and Settings\All Users\Desktop\EaseUS MobiSaver 4.0.lnk
2014-02-17 11:19 - 2014-02-17 11:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS MobiSaver 4.0
2014-02-17 11:19 - 2013-11-19 14:13 - 00000000 ____D () C:\Program Files\EaseUS
2014-02-12 10:27 - 2011-10-12 12:18 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 10:25 - 2014-02-12 10:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 10:25 - 2014-02-12 03:34 - 00015794 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 10:25 - 2013-06-04 17:48 - 00029822 _____ () C:\WINDOWS\updspapi.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00348121 _____ () C:\WINDOWS\iis6.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00289862 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00150258 _____ () C:\WINDOWS\ocgen.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00136859 _____ () C:\WINDOWS\tsoc.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00096811 _____ () C:\WINDOWS\comsetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00094002 _____ () C:\WINDOWS\msmqinst.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00059968 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00051405 _____ () C:\WINDOWS\netfxocm.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00020626 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00016402 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00014952 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00014306 _____ () C:\WINDOWS\tabletoc.log
2014-02-12 10:25 - 2013-06-04 17:47 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 10:14 - 2011-10-11 09:44 - 00622270 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 10:07 - 2013-08-15 02:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-12 10:01 - 2011-10-12 14:18 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 09:52 - 2014-02-12 09:51 - 00012569 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-12 09:52 - 2013-06-04 17:47 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 09:51 - 2014-02-12 09:50 - 00005793 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 09:51 - 2011-10-12 14:20 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-11 08:24 - 2012-01-31 20:37 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2585542$
2014-02-09 11:48 - 2014-02-09 11:48 - 00000716 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000710 _____ () C:\Documents and Settings\All Users\Desktop\VoiceZoneConnect.lnk
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\VoiceZoneConnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\com.twc.voicezoneconnect
2014-02-09 11:48 - 2014-02-09 11:48 - 00000000 ____D () C:\Documents and Settings\Default User\Application Data\Macromedia
2014-02-09 11:48 - 2012-03-22 06:14 - 00000000 ____D () C:\Program Files\Adobe
2014-02-09 11:48 - 2012-03-22 06:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-02-09 11:48 - 2011-10-18 13:48 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\Adobe
2014-02-09 11:47 - 2012-03-22 06:19 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Adobe
2014-02-09 07:45 - 2014-02-04 19:44 - 00000000 ____D () C:\Program Files\RealFlightG3
2014-02-08 23:06 - 2014-01-01 14:28 - 00337560 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-08 15:34 - 2013-10-27 18:10 - 00265365 _____ () C:\Documents and Settings\Lou\My Documents\lad rac.skp
2014-02-06 17:06 - 2012-10-28 10:56 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-06 17:06 - 2011-11-02 19:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-06 03:54 - 2008-04-14 04:42 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2008-04-14 04:42 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 19:00 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2011-10-12 14:20 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2011-10-11 13:57 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 04:42 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2008-04-14 04:42 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 04:42 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2008-04-14 04:41 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 18:06 - 2014-02-04 20:20 - 00000246 _____ () C:\WINDOWS\RealFlight.INI
2014-02-05 18:06 - 2013-05-31 15:13 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-05 17:39 - 2014-01-10 13:47 - 00000000 ___RD () C:\Documents and Settings\Lou\Desktop\Clean up
2014-02-05 17:36 - 2014-02-05 17:32 - 00002804 _____ () C:\AdwCleaner[R2].txt
2014-02-05 17:27 - 2011-10-11 14:23 - 00000000 ____D () C:\Documents and Settings\Lou
2014-02-05 17:24 - 2008-04-13 23:07 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-05 16:45 - 2011-10-11 14:23 - 00001599 _____ () C:\Documents and Settings\Lou\Start Menu\Programs\Remote Assistance.lnk
2014-02-05 15:47 - 2014-01-19 08:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ApexSQL
2014-02-05 15:45 - 2014-01-19 08:35 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\ApexSQL
2014-02-05 15:45 - 2013-05-30 13:21 - 00388030 _____ () C:\WINDOWS\setupapi.log
2014-02-05 15:23 - 2012-03-22 06:16 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Google
2014-02-05 10:07 - 2011-10-11 13:57 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-02-04 19:57 - 2014-02-04 19:44 - 00000000 ____D () C:\Program Files\Common Files\KnifeEdge
2014-02-04 19:53 - 2014-02-04 19:53 - 00000836 _____ () C:\Documents and Settings\All Users\Desktop\RealFlight G3.5 Launcher.lnk
2014-02-04 19:53 - 2014-02-04 19:53 - 00000794 _____ () C:\WINDOWS\DirectX.log
2014-02-04 19:53 - 2014-02-04 19:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\RealFlight G3.5
2014-02-04 19:53 - 2002-11-01 06:00 - 00000309 _____ () C:\WINDOWS\win.ini
2014-02-04 15:43 - 2014-02-04 15:43 - 00001056 _____ () C:\Documents and Settings\Lou\Desktop\f1099msc.xfdf
2014-02-01 15:06 - 2014-02-01 15:06 - 00107008 _____ () C:\Documents and Settings\Lou\My Documents\foamy1.pub
2014-02-01 15:06 - 2014-02-01 10:41 - 00720633 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skp
2014-02-01 12:30 - 2013-08-15 19:26 - 00000000 ___HD () C:\Documents and Settings\Lou\My Documents\Corel Auto-Preserve
2014-02-01 12:30 - 2013-03-31 09:50 - 00076800 ___SH () C:\Documents and Settings\Lou\My Documents\Thumbs.db
2014-02-01 12:30 - 2011-10-18 11:37 - 00139264 _____ () C:\Documents and Settings\Lou\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-01 12:14 - 2014-02-01 12:14 - 00717086 _____ () C:\Documents and Settings\Lou\My Documents\slo42.skb
2014-01-31 11:59 - 2014-01-31 11:59 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Wondershare Dr.Fone for iOS
2014-01-31 11:36 - 2014-01-31 11:36 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm2
2014-01-31 11:34 - 2014-01-31 11:32 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\jm1
2014-01-30 20:40 - 2012-06-30 10:43 - 00000000 ____D () C:\Documents and Settings\Lou\Application Data\Audacity
2014-01-30 20:37 - 2014-01-30 20:37 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\New Folder
2014-01-30 19:28 - 2014-01-06 14:54 - 00000000 ____D () C:\Documents and Settings\Lou\Local Settings\Application Data\Wide Angle Software
2014-01-25 16:34 - 2013-12-28 10:15 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\bfsu
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\Start Menu\Programs\MobiOne Studio
2014-01-25 16:07 - 2014-01-25 16:07 - 00000000 ____D () C:\Documents and Settings\Lou\.mobione
2014-01-25 16:06 - 2014-01-25 16:06 - 00000031 _____ () C:\Documents and Settings\Lou\.mobione.locator
2014-01-25 16:06 - 2014-01-25 16:06 - 00000000 ____D () C:\Program Files\MobiOne Studio
2014-01-25 13:28 - 2014-01-25 13:26 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\skypelogview (2)
2014-01-24 12:45 - 2014-01-24 12:45 - 00000000 ___SD () C:\Documents and Settings\Lou\My Documents\My Data Sources
2014-01-21 12:26 - 2014-01-21 10:12 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\moved from f
2014-01-21 11:04 - 2012-07-10 11:53 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\Recipies
2014-01-21 10:34 - 2014-01-06 20:32 - 00147249 _____ () C:\Documents and Settings\Lou\My Documents\SkypeAlyzer_1.csl
2014-01-21 10:33 - 2014-01-06 20:33 - 00000000 ____D () C:\Documents and Settings\Lou\My Documents\skycase
2014-01-21 08:20 - 2013-12-18 16:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-01-20 13:10 - 2014-01-10 16:50 - 00000000 ____D () C:\Documents and Settings\Lou\Desktop\1
2014-01-20 11:09 - 2013-12-31 14:16 - 00000000 ____D () C:\Program Files\Recuva

Some content of TEMP:
====================
C:\Documents and Settings\Lou\Local Settings\temp\AcsInstall.dll
C:\Documents and Settings\Lou\Local Settings\temp\AOLInstallerfw.dll
C:\Documents and Settings\Lou\Local Settings\temp\AuConv.dll
C:\Documents and Settings\Lou\Local Settings\temp\AuConvEx.dll
C:\Documents and Settings\Lou\Local Settings\temp\bcdedit.exe
C:\Documents and Settings\Lou\Local Settings\temp\Boot.dll
C:\Documents and Settings\Lou\Local Settings\temp\BootDriver.dll
C:\Documents and Settings\Lou\Local Settings\temp\bootsect.exe
C:\Documents and Settings\Lou\Local Settings\temp\Burn.dll
C:\Documents and Settings\Lou\Local Settings\temp\CodeLog.dll
C:\Documents and Settings\Lou\Local Settings\temp\DataMana.dll
C:\Documents and Settings\Lou\Local Settings\temp\DevCtrl.dll
C:\Documents and Settings\Lou\Local Settings\temp\FatLib.dll
C:\Documents and Settings\Lou\Local Settings\temp\GdiPlus.dll
C:\Documents and Settings\Lou\Local Settings\temp\GetDriverInfo.dll
C:\Documents and Settings\Lou\Local Settings\temp\grubinst.exe
C:\Documents and Settings\Lou\Local Settings\temp\iExplorer_3_Setup_3252.exe
C:\Documents and Settings\Lou\Local Settings\temp\InstallerMessageBox.exe
C:\Documents and Settings\Lou\Local Settings\temp\ISOExport.exe
C:\Documents and Settings\Lou\Local Settings\temp\mfc90.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfc90u.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfcm90.dll
C:\Documents and Settings\Lou\Local Settings\temp\mfcm90u.dll
C:\Documents and Settings\Lou\Local Settings\temp\msacm32.dll
C:\Documents and Settings\Lou\Local Settings\temp\msvcm90.dll
C:\Documents and Settings\Lou\Local Settings\temp\MSVCP60.DLL
C:\Documents and Settings\Lou\Local Settings\temp\msvcp90.dll
C:\Documents and Settings\Lou\Local Settings\temp\msvcr90.dll
C:\Documents and Settings\Lou\Local Settings\temp\NPSInstallerProxy.exe
C:\Documents and Settings\Lou\Local Settings\temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Documents and Settings\Lou\Local Settings\temp\RecLib.dll
C:\Documents and Settings\Lou\Local Settings\temp\SHFOLDER.DLL
C:\Documents and Settings\Lou\Local Settings\temp\sqlite-3.7.15-x86-sqlitejdbc.dll
C:\Documents and Settings\Lou\Local Settings\temp\syslinux.exe
C:\Documents and Settings\Lou\Local Settings\temp\temp.exe
C:\Documents and Settings\Lou\Local Settings\temp\uninst.dll
C:\Documents and Settings\Lou\Local Settings\temp\UserRes.dll
C:\Documents and Settings\Lou\Local Settings\temp\UserResEx.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Lou at 2014-02-19 11:57:48
Running from C:\Documents and Settings\Lou\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

20-20 Version 8 (Version: 8.0.3.1347 - 20-20 Technologies inc) Hidden
20-20 Version 8 (Version: 8.0.3.1347 - 20-20 Technologies)
7-Data Card Recovery version 1.1 (Version: 1.1 - SharpNight Co,Ltd)
7-zip v9.20 (Version: v9.20 - TUGUU SL)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Connect 9 Add-in (HKCU Version: 11,2,385,0 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKCU Version:  - )
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (Version: 11.0.05 - Adobe Systems Incorporated)
AOL Registration (Version:  - )
AOL Toolbar for Firefox (Version: 5.13.6.2 - AOL LLC)
AOL Toolbar for Internet Explorer (Version: 5.13.4.1 - AOL LLC)
AOL Uninstaller (Choose which Products to Remove) (Version:  - AOL LLC)
AOMEI Partition Assistant Standard Edition 5.2 (Version:  - Aomei Technology Co., Ltd.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0 (Version:  - Audacity Team)
Avery Wizard 4.0 (Version: 4.0.103 - Avery)
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (Version: 7.53.02 - Broadcom)
Broadcom Gigabit Integrated Controller (Version: 7.53.02 - Broadcom) Hidden
Canon iC D800 (Version:  - )
Card Data Recovery  (Version:  - Tenorshare, Inc.)
CCleaner (Version: 4.01 - Piriform)
Citrix online plug-in - web (Version: 12.3.0.8 - Citrix Systems, Inc.)
Client Activator 2.0 - English (2) (Version:  - )
Client Activator 2.0 - English (All) (Version:  - )
CNCSimulator Pro (Version: 1.1.0.4 - CNCSimulator.com)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (Version:  - )
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation) Hidden
Decipher TextMessage (Version: 5.5.10 - Decipher Media)
Dokan Library version 0.6.0 (Version: 0.6.0 - Hiroku)
Download Navigator (Version: 1.1.0 - SEIKO EPSON CORPORATION)
EASEUS Deleted File Recovery 3.0.1 (Version:  - EASEUS)
EaseUS MobiSaver 4.0 (Version:  - EaseUS)
EaseUS Partition Master 9.2.2 (Version:  - EaseUS)
EasyGSM for SGH-A800 (Version:  - )
Epson Connect (Version:  - )
Epson Customer Participation (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (Version:  - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Scavenger 4.0 (en) (Version: 4.0.5.0 - QueTek Consulting Corporation)
File Type Assistant (Version:  - Trusted Software) <==== ATTENTION
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
iBackup Extractor (Version: 2.14 - Wide Angle Software)
iBackupBot for iTunes 4.1.6 (Version: 4.1.6 - VOWSoft, Ltd.)
ICA (Version: 15.2.0.12 - Corel Corporation) Hidden
iCopyBot for Windows 7.8.6 (Version: 7.8.6 - VOWSoft, Ltd.)
iExplorer 3.2.5.2 (Version:  - Macroplant LLC)
ImageMixer 3 SE Ver.6 Transfer Utility (Version: 6.00.017 - PIXELA)
ImageMixer 3 SE Ver.6 Video Tools (Version: 6.00.018 - PIXELA)
ImDisk Virtual Disk Driver (Version:  - )
Installing selected sensor drivers ... (Version: 1.0.728 - Profactor) Hidden
InterVideo WinDVD (Version:  - InterVideo Inc.)
iPhone 3GS Data Recovery  (Version:  - Tenorshare, Inc.)
iPhone Backup Extractor (HKCU Version: 4.7.0.0 - Reincubate Ltd)
IPM_PSP_COM (Version: 15.2.0.12 - Corel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Juniper Networks Host Checker (HKCU Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.17087 - Juniper Networks)
Juniper Networks Network Connect 7.1.8 (Version: 7.1.8.20737 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU Version: 7.1.8.19851 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (Version:  - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (Version:  - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (Version: 9.7.0621 - Microsoft Corporation)
MobiOne 2.6.1 (HKCU Version: 2.6.1 - Genuitec, LLC)
MSN (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (Version: 136.27 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
PhoneStick version 1.5.9 (Version: 1.5.9 - Softorino, Inc.)
PL-2303 USB-to-Serial (Version: 1.5.0 - Prolific Technology INC)
PSPPContent (Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (Version: 15.2.0.12 - Corel Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealFlight G3 R/C Simulator (Version:  - )
ReconstructMe Qt 1.1.74 (Version: 1.1.74 - Profactor GmbH) Hidden
ReconstructMeQt Installer 1.1.74 (Version: 1.1.74 - Profactor GmbH)
Recuva (Version: 1.49 - Piriform)
Reimage Repair (Version: 1.6.3.8 - Reimage)
Revo Uninstaller 1.94 (Version: 1.94 - VS Revo Group)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Sentinel Protection Installer 7.2.1 (Version: 7.2.1 - SafeNet, Inc.)
Setup (Version: 15.2.0.12 - Corel Corporation) Hidden
Skanect 1.5 (Version: 1.5.0 - ManCTL)
SketchUp 2013 (Version: 13.0.4812 - Trimble Navigation Limited)
SkypeAlyzer version 1.2.33 (Version: 1.2.33 - Sanderson Forensics)
SoundMAX (Version: 5.12.01.5246 - Analog Devices)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.14 - Tweaking.com)
Unlocker 1.9.1 (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Viewpoint Media Player (Version:  - )
VoiceZoneConnect (Version: 1.5.0 - Time Warner Cable Media Inc)
VoiceZoneConnect (Version: 1.5.0 - Time Warner Cable Media Inc) Hidden
WD SmartWare (Version: 1.6.5.2 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (Version: 2.0.5000.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (Version: 1.0.30 - Microsoft Corporation)
Windows DVD Maker 3.5 (Version:  - Windows DVD Maker,Inc.)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
WinPatrol (Version: 28.1.2013.0 - BillP Studios)
WinRAR 5.01 beta 1 (32-bit) (Version: 5.01.1 - win.rar GmbH)
Wondershare Dr.Fone for iOS(Build 3.5.1.2) (Version: 3.5.1.2 - Wondershare Software Co.,Ltd.)

==================== Restore Points  =========================

05-02-2014 15:07:54 System Checkpoint
05-02-2014 20:22:24 Revo Uninstaller's restore point - Google Chrome
05-02-2014 20:25:47 Revo Uninstaller's restore point - ApexSQL Audit 2013
05-02-2014 20:30:24 Revo Uninstaller's restore point - ApexSQL Build 2012
05-02-2014 20:31:43 Revo Uninstaller's restore point - ApexSQL Clean 2011
05-02-2014 20:33:04 Revo Uninstaller's restore point - ApexSQL Data Diff 2012
05-02-2014 20:34:25 Revo Uninstaller's restore point - ApexSQL Diff 2013
05-02-2014 20:35:54 Revo Uninstaller's restore point - ApexSQL Diff API 2011
05-02-2014 20:37:15 Revo Uninstaller's restore point - ApexSQL Doc 2013
05-02-2014 20:39:27 Revo Uninstaller's restore point - ApexSQL Log 2013
05-02-2014 20:40:54 Revo Uninstaller's restore point - ApexSQL Log API 2013
05-02-2014 20:42:16 Revo Uninstaller's restore point - ApexSQL Recover 2011
05-02-2014 20:45:13 Revo Uninstaller's restore point - ApexSQL Restore 2012
05-02-2014 20:47:11 Revo Uninstaller's restore point - ApexSQL Script 2011
05-02-2014 20:49:16 Revo Uninstaller's restore point - Forensic Explorer
06-02-2014 12:14:39 Software Distribution Service 3.0
08-02-2014 14:30:29 Software Distribution Service 3.0
09-02-2014 17:53:24 System Checkpoint
10-02-2014 13:29:23 Software Distribution Service 3.0
10-02-2014 17:35:56 Software Distribution Service 3.0
11-02-2014 13:29:54 Software Distribution Service 3.0
12-02-2014 13:37:50 Software Distribution Service 3.0
12-02-2014 14:45:22 Software Distribution Service 3.0
16-02-2014 22:41:58 Software Distribution Service 3.0
18-02-2014 01:40:34 System Checkpoint
18-02-2014 11:09:34 Software Distribution Service 3.0
19-02-2014 13:32:53 Software Distribution Service 3.0

==================== Hosts content: ==========================

2002-11-01 06:00 - 2013-06-04 21:20 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\ProgramUpdateCheck.job => C:\Program Files\File Type Assistant\tsassist.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Reimage Reminder.job => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
Task: C:\WINDOWS\Tasks\Reimage ScanAgent.job => C:\Program Files\Reimage\Reimage Repair\REI_ScanAgent.exe

==================== Loaded Modules (whitelisted) =============

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-31 15:54 - 2012-06-26 20:26 - 00025088 _____ () C:\Program Files\Dokan\DokanLibrary\mounter.exe
2013-06-08 09:13 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 11:18:52 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (02/09/2014 11:11:53 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23543, fault address 0x002b9f40.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/05/2014 05:08:27 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 05:04:58 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:53:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:39:10 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:20:37 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:17:07 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (02/05/2014 04:15:59 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:15:11 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

System errors:
=============
Error: (02/19/2014 08:23:56 AM) (Source: Service Control Manager) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The WD Rules service failed to start due to the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the WD Rules service to connect.

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The PhoneMountingService service failed to start due to the following error:
%%1053

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the PhoneMountingService service to connect.

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/19/2014 08:23:45 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (02/18/2014 05:58:48 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (02/18/2014 05:58:48 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (02/17/2014 10:59:52 AM) (Source: Service Control Manager) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (02/17/2014 11:18:52 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (02/09/2014 11:11:53 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23543002b9f40

Error: (02/05/2014 05:08:27 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 05:04:58 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:53:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:39:10 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:20:37 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:17:07 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (02/05/2014 04:15:59 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (02/05/2014 04:15:11 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.4.304.00x8024402fupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3070.09 MB
Available physical RAM: 2103.5 MB
Total Pagefile: 4955.84 MB
Available Pagefile: 4147.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:172.27 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Canon_CAPT) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
Drive f: (windows 8 test) (Fixed) (Total:149 GB) (Free:85.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA1BCA1B)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Lou on Thu 02/20/2014 at 13:01:11.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3299568
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}

 

~~~ Files

Successfully deleted: [File] "C:\end"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\Lou\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Lou\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Lou\Local Settings\Application Data\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/20/2014 at 13:10:00.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 21 February 2014 - 07:56 AM


Hello Gone gray

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 27 February 2014 - 08:49 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Gone gray

Gone gray
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 27 February 2014 - 03:27 PM

Sorry Gringo,
I have been busy, but still need help.
I will do as u asked last, as soon as I can.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 28 February 2014 - 07:45 AM

No problem and I will check on you in a couple of days

And thanks for getting back to me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 03 March 2014 - 07:20 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 06 March 2014 - 08:42 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:15 AM

Posted 09 March 2014 - 01:44 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users