Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, Trojans, Popups, lost updates Win XP SP3


  • This topic is locked This topic is locked
40 replies to this topic

#1 JoanneMT

JoanneMT

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 25 February 2014 - 03:06 PM

Original topic is 511079/two-win-xp-sp3-os-installed-on-my-pc-shame-on-me. I have two desktops on XP SP3 - let's start on the E-machine since it will boot but is in bad shape.  [My HP Pavillion just died one day and I cannot get it to boot at all].  I had let some technicians sign onto my machines and they put files on both. I can isolate them by date, and they put some .ISO files on this machine I have not figured out how to get them onto a flash drive.

 

My thanks to dc3 and xXToffeeXx for helping me through. Toffee suggested I open a new case here for the E-Machine.



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 25 February 2014 - 03:21 PM

Greetings and  :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know. I am in training and an instructor will need to check my fixes so a little delay may happen at times.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now  :thumbup2:

 

--------------

 

Hi Joanne,

 

Please download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.com

DDS.pif

  • Double click on the DDS icon, allow it to run.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open the logfile.
  • You can find the logfile on your desktop as well.
  • Please post the content of that logfile with your next answer.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 25 February 2014 - 04:45 PM

Hi Toffee!

 

Here is DDS file - all internet and scanning were disabled:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 16:17:22 on 2014-02-25
#Option MBR scan  is disabled.
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1246.598 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SanDiskSecureAccess_Manager.exe] c:\documents and settings\owner\application data\sandisk\SanDiskSecureAccess_Manager.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [WRSVC] "c:\program files\webroot\WRSA.exe" -ul
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354888626359
Handler: AutorunsDisabled - <Clsid value has no data>
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wt16j0sf.default\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 214696]
R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2013-9-3 117728]
R1 MpKslb2400034;MpKslb2400034;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98dd2fd2-af95-4f08-89f6-3afc82e654db}\MpKslb2400034.sys [2014-2-25 39464]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 WRSVC;WRSVC;c:\program files\webroot\WRSA.exe [2013-9-3 754192]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-4-23 13024]
S4 cpuz134;cpuz134;\??\c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S4 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S4 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-25 20:35:33 39464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98dd2fd2-af95-4f08-89f6-3afc82e654db}\MpKslb2400034.sys
2014-02-25 19:23:35 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-02-25 19:23:33 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-02-25 03:28:36 7947048 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{98dd2fd2-af95-4f08-89f6-3afc82e654db}\mpengine.dll
2014-02-24 06:34:54 7947048 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-21 19:08:25 -------- d-----w- c:\documents and settings\owner\application data\PowerISO
2014-02-20 12:02:30 -------- d-----w- c:\program files\PassShow
2014-02-20 11:35:39 -------- d-----w- c:\program files\PowerISO
2014-02-20 07:31:22 -------- d-----w- c:\documents and settings\owner\application data\McAFee TechCheck
2014-02-20 07:29:55 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2014-02-20 07:29:55 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2014-02-20 07:29:55 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2014-02-20 07:29:51 -------- d-----w- c:\documents and settings\owner\application data\TechCheck
2014-02-16 00:47:50 -------- d-----w- c:\windows\Performance
2014-02-16 00:47:40 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Corporation
2014-02-16 00:45:43 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2014-02-12 00:17:58 -------- d-----w- c:\documents and settings\owner\application data\NVIDIA
2014-02-08 08:58:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help
2014-02-03 06:45:26 114408 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
==================== Find3M  ====================
.
2014-02-21 01:11:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 01:11:28 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ------w- c:\windows\system32\html.iec
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 16:17:30.37 ===============
 
Zip file is coming -

Edited by JoanneMT, 25 February 2014 - 04:49 PM.


#4 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 25 February 2014 - 04:59 PM

still having trouble getting the Attach as zip file (from DDS) on this page.  I get the file zipped, but it comes here with my c: filename.  I've tried dragging the zip folder and copy/paste; neither works.  I've used two sets of instructions.

 

 the file is 4.53 KB

 

AARRGH  I am sorry


Edited by JoanneMT, 25 February 2014 - 10:42 PM.


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 26 February 2014 - 11:24 AM

Hi Joanne,

 

No worries. You can either copy the text file into your next reply (i.e. the file inside the zip file, should be a notepad document like DDS.txt), or if you go to Reply to this topic at the top of this topic and under the reply box there is a Choose Files button. Click that and then locate the file, and press open. The file should be attached.

 

xXToffeeXx~


Edited by xXToffeeXx, 26 February 2014 - 11:25 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 27 February 2014 - 01:15 PM

Thank you, Toffee.

 

Hamulus, I got your note. If I edit the latest post to add info, does that keep it from "bumping" my topic?

 

Let me just note that I have Webroot Secure Anywhere running alongside MSE.  WRSA was offered by my bank to keep me off bad websites, and it has an option to scan.  Its' current findings are noted above.  It ran fine for a few months until we hit a few bad sites and now it is showing findings and i started getting all those popups.  I'll not run any scans until you say so :-)

 

It's probably not safe to logon to my bank site, is it?  The HP machine is dead w/black screen.

 

Thank you.

Attached Files



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 28 February 2014 - 02:09 AM

Hi Joanne,
 

If I edit the latest post to add info, does that keep it from "bumping" my topic?

If you edit your post, I may not see the update. If you have something important to add please add a new reply rather than editing, that way I can be notified.
 

It's probably not safe to logon to my bank site, is it?  The HP machine is dead w/black screen.

I haven't seen any indication of any trojans, rootkits or backdoors in your logs since they are the ones which steal information. The problem is most likely caused by adware, and it should be safe to do any banking if you need to.

 --------------

 It seems you also have Microsoft Security Essentials installed as well as Webroot as far as antiviruses go, this can cause problems:
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove Microsoft Security Client and Microsoft Security Essentials.
 
--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:
  • FRST.txt
  • Addition.txt
xXToffeeXx~

Edited by xXToffeeXx, 28 February 2014 - 02:11 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 28 February 2014 - 04:45 AM

1. FARBAR Recovery Scan Tool (FRST)

 

1a. FIRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Owner (administrator) on ROMEMAIN on 28-02-2014 04:18:28
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Gemalto N.V.) C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15517984 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [108832 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-23] ()
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [754192 2013-10-25] (Webroot)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: AutorunsDisabled\ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wt16j0sf.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files\PassShow\154.xpi
FF Extension: PassShow - C:\Program Files\PassShow\154.xpi [2014-02-20]
 
Chrome: 
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S4 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2014-02-19] (New Boundary Technologies, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [754192 2013-10-25] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644800 2005-09-26] (Realtek Semiconductor Corp.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114408 2014-02-03] (Power Software Ltd)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2013-06-18] ()
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [117728 2013-10-25] (Webroot)
S4 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
U4 intelppm; 
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 03:56 - 2014-02-28 04:18 - 00000000 ____D () C:\FRST
2014-02-28 03:43 - 2014-02-28 03:46 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:15 - 2014-02-28 03:16 - 00000791 _____ () C:\Documents and Settings\Owner\My Documents\webroot secure anywhere findings.txt
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () C:\Documents and Settings\Owner\My Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-25 16:36 - 2014-02-25 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\how to
2014-02-25 15:32 - 2014-02-25 22:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 14:23 - 2008-04-13 20:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-02-25 14:23 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 11:01 - 2014-02-24 01:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-21 18:52 - 2014-02-21 18:53 - 00000141 _____ () C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename iexplo ur dot exe.url
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 07:02 - 2014-02-20 07:12 - 00000000 ____D () C:\Program Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:35 - 2014-02-20 06:39 - 00000000 ____D () C:\Program Files\PowerISO
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:29 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-20 02:29 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Msflxgrd.ocx
2014-02-20 02:29 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2014-02-20 02:29 - 1998-06-24 00:00 - 00209192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TABCTL32.OCX
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:49 - 2014-02-18 06:51 - 00005475 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-02-16 21:07 - 2014-02-28 04:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-16 20:51 - 2014-02-17 08:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-13 23:12 - 2014-02-28 02:59 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 23:12 - 2014-02-26 23:18 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 22:59 - 2014-02-13 23:00 - 00012647 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 22:58 - 2014-02-13 22:59 - 00005843 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 10:35 - 2014-02-13 23:09 - 00015910 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 20:02 - 2014-02-21 22:02 - 00000219 _____ () C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-10 18:49 - 2014-02-10 18:54 - 00000179 _____ () C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 2-7-14.txt
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\budget
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-28 04:18 - 2014-02-28 03:56 - 00000000 ____D () C:\FRST
2014-02-28 04:17 - 2013-09-03 16:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WRData
2014-02-28 04:11 - 2014-02-16 21:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-28 03:46 - 2014-02-28 03:43 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-02-28 03:41 - 2013-02-04 11:14 - 01994031 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 03:36 - 2012-06-19 20:14 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:16 - 2014-02-28 03:15 - 00000791 _____ () C:\Documents and Settings\Owner\My Documents\webroot secure anywhere findings.txt
2014-02-28 02:59 - 2014-02-13 23:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 02:59 - 2014-01-19 16:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\SanDisk
2014-02-28 02:57 - 2013-02-04 11:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-28 02:57 - 2013-02-04 11:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-28 02:57 - 2004-08-26 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-28 02:57 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-02-27 20:13 - 2013-02-04 11:16 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-27 20:12 - 2004-08-26 13:09 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () C:\Documents and Settings\Owner\My Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-27 12:38 - 2012-06-30 17:27 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\household
2014-02-26 23:18 - 2014-02-13 23:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 22:23 - 2014-02-25 15:32 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 22:10 - 2013-09-03 16:03 - 00000000 ____D () C:\Program Files\Webroot
2014-02-25 16:36 - 2014-02-25 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\how to
2014-02-25 16:29 - 2013-09-03 18:13 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-25 14:23 - 2013-10-25 20:05 - 00044776 _____ () C:\WINDOWS\setupapi.log
2014-02-24 23:20 - 2013-09-17 14:27 - 00000000 ____D () C:\AdwCleaner
2014-02-24 02:34 - 2013-09-12 09:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-24 02:12 - 2004-08-26 11:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-24 02:06 - 2012-11-22 17:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\bleeping
2014-02-24 01:48 - 2014-02-22 11:01 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 07:05 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Help
2014-02-22 06:25 - 2012-06-17 19:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-21 22:02 - 2014-02-11 20:02 - 00000219 _____ () C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-21 19:18 - 2013-03-24 16:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\TDSS
2014-02-21 18:55 - 2014-01-25 16:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\avast
2014-02-21 18:53 - 2014-02-21 18:52 - 00000141 _____ () C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename iexplo ur dot exe.url
2014-02-21 14:18 - 2012-12-23 06:06 - 00000000 ____D () C:\JRT
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 20:44 - 2012-11-07 12:24 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-02-20 20:11 - 2012-09-14 20:03 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 20:11 - 2012-09-14 20:03 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 07:12 - 2014-02-20 07:02 - 00000000 ____D () C:\Program Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:39 - 2014-02-20 06:35 - 00000000 ____D () C:\Program Files\PowerISO
2014-02-20 03:18 - 2012-06-22 06:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\PC Maintenance
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:31 - 2014-02-20 02:29 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-19 14:03 - 2013-01-27 19:15 - 00002327 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Windows Install Clean Up.lnk
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:51 - 2014-02-18 06:49 - 00005475 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-02-17 08:52 - 2014-02-16 20:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 21:44 - 2013-09-03 11:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 21:06 - 2012-06-19 23:22 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-13 23:10 - 2012-06-15 22:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 23:09 - 2014-02-13 10:35 - 00015910 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00143414 _____ () C:\WINDOWS\FaxSetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00073530 _____ () C:\WINDOWS\ocgen.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00057388 _____ () C:\WINDOWS\tsoc.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00048263 _____ () C:\WINDOWS\comsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00029950 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00022660 _____ () C:\WINDOWS\iis6.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00013203 _____ () C:\WINDOWS\updspapi.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00008120 _____ () C:\WINDOWS\ocmsn.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00007447 _____ () C:\WINDOWS\msgsocm.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-13 23:07 - 2004-08-26 05:54 - 00503214 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 23:04 - 2013-07-16 11:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 23:00 - 2014-02-13 22:59 - 00012647 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 23:00 - 2013-10-25 20:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-13 23:00 - 2012-06-19 19:59 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 22:59 - 2014-02-13 22:58 - 00005843 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 17:09 - 2013-09-20 11:40 - 00002196 _____ () C:\Documents and Settings\Owner\Desktop\Power ISO to copy and burn cds and backups.txt
2014-02-12 13:54 - 2014-01-27 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\insurance
2014-02-11 20:00 - 2013-10-07 09:51 - 00005120 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-11 15:48 - 2012-12-01 14:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\sewing
2014-02-10 20:17 - 2014-01-28 00:47 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Teaching
2014-02-10 20:15 - 2014-01-28 00:33 - 00006266 _____ () C:\Documents and Settings\Owner\My Documents\alphabet.txt
2014-02-10 18:54 - 2014-02-10 18:49 - 00000179 _____ () C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-10 12:22 - 2012-10-20 20:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:59 - 2004-08-26 13:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-02-08 04:00 - 2013-03-24 12:16 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\TCPView Hacker
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 2-7-14.txt
2014-02-07 18:53 - 2012-06-20 13:34 - 00007468 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\budget
2014-02-07 18:10 - 2012-06-15 22:38 - 00000000 ____D () C:\WINDOWS\creator
2014-02-07 18:05 - 2012-06-15 22:38 - 00000000 ____D () C:\WINDOWS\SMINST
2014-02-07 16:55 - 2013-10-25 20:05 - 00000300 _____ () C:\WINDOWS\setupact.log
2014-02-07 16:42 - 2012-09-14 20:04 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-06 03:54 - 2009-03-08 03:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-26 11:11 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-19 19:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2012-06-19 18:45 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2009-03-08 13:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2009-03-08 03:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-26 11:11 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-26 11:11 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
2014-01-30 17:36 - 2013-03-24 16:56 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\JRT junk remov
2014-01-30 17:23 - 2013-03-20 11:08 - 00001624 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-01-29 00:02 - 2012-08-11 20:41 - 00002265 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
 
Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

2a. ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Owner at 2014-02-28 04:19:07
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CVE-2012-4792 (HKLM\...\{a1447a51-d8b1-4e93-bb19-82bd20da6fd2}.sdb) (Version:  - )
CVE-2013-3893 (HKLM\...\{55aab41f-5d5c-abdf-4568-baef76587bd7}.sdb) (Version:  - )
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
DriverUpdate (HKLM\...\{9BC6AB96-3613-4676-ABE8-4B7F55D7D8E7}) (Version: 2.2.25526 - SlimWare Utilities, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.159 (HKLM\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Google Chrome (HKLM\...\{6438EBAC-5305-39A5-A93E-88CDFA6CE947}) (Version: 65.61.49249 - Google, Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 (HKLM\...\PictureItSuiteTrial_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 Editor (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Digital Image Starter Edition 2006 Library (Version: 11.0.0422 - Microsoft Corporation) Hidden
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Control Panel 307.90 (Version: 307.90 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.90 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.118.757 - NVIDIA Corporation) Hidden
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PassShow (HKLM\...\711b30bb-9a27-492e-96b8-946705ab6197) (Version:  - PassShow Software) <==== ATTENTION
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 5.9 - Power Software Ltd)
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.17 - Realtek Semiconductor Corp.)
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SanDiskSecureAccess_Manager.exe (HKCU\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 8.0.3.3 - Webroot)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
03-12-2013 14:39:47 Software Distribution Service 3.0
04-12-2013 14:51:13 System Checkpoint
05-12-2013 20:36:48 Software Distribution Service 3.0
10-12-2013 08:41:37 System Checkpoint
11-12-2013 13:50:29 Software Distribution Service 3.0
11-12-2013 14:06:55 Software Distribution Service 3.0
13-12-2013 02:58:21 Software Distribution Service 3.0
13-12-2013 03:13:22 Software Distribution Service 3.0
13-12-2013 03:21:50 Software Distribution Service 3.0
14-12-2013 03:57:12 System Checkpoint
15-12-2013 04:57:12 System Checkpoint
15-12-2013 23:24:59 Software Distribution Service 3.0
16-12-2013 04:06:58 Software Distribution Service 3.0
16-12-2013 06:54:16 Software Distribution Service 3.0
16-12-2013 20:48:45 Software Distribution Service 3.0
17-12-2013 20:57:20 System Checkpoint
18-12-2013 21:57:12 System Checkpoint
19-12-2013 06:59:48 Software Distribution Service 3.0
23-12-2013 07:14:10 Software Distribution Service 3.0
30-12-2013 17:29:11 Software Distribution Service 3.0
31-12-2013 17:30:08 System Checkpoint
01-01-2014 17:30:16 System Checkpoint
02-01-2014 18:30:09 System Checkpoint
03-01-2014 11:52:12 Software Distribution Service 3.0
04-01-2014 12:30:08 System Checkpoint
04-01-2014 17:37:57 Software Distribution Service 3.0
05-01-2014 07:13:25 Software Distribution Service 3.0
06-01-2014 10:32:21 System Checkpoint
07-01-2014 07:48:50 Software Distribution Service 3.0
07-01-2014 08:24:23 Software Distribution Service 3.0
07-01-2014 20:34:33 Software Distribution Service 3.0
08-01-2014 21:29:47 System Checkpoint
09-01-2014 07:16:00 Software Distribution Service 3.0
09-01-2014 22:23:56 Software Distribution Service 3.0
10-01-2014 22:29:57 System Checkpoint
11-01-2014 23:29:51 System Checkpoint
12-01-2014 03:35:30 Software Distribution Service 3.0
13-01-2014 09:26:37 Software Distribution Service 3.0
14-01-2014 10:07:11 System Checkpoint
14-01-2014 13:44:42 Software Distribution Service 3.0
14-01-2014 13:45:35 Software Distribution Service 3.0
15-01-2014 14:36:27 Software Distribution Service 3.0
15-01-2014 14:47:05 Software Distribution Service 3.0
16-01-2014 14:48:51 System Checkpoint
16-01-2014 15:08:54 Software Distribution Service 3.0
17-01-2014 16:28:51 Software Distribution Service 3.0
17-01-2014 19:57:31 Software Distribution Service 3.0
18-01-2014 07:27:31 Software Distribution Service 3.0
18-01-2014 10:07:49 Software Distribution Service 3.0
19-01-2014 21:27:11 Software Distribution Service 3.0
20-01-2014 00:52:40 Software Distribution Service 3.0
20-01-2014 18:24:07 Software Distribution Service 3.0
21-01-2014 18:40:33 System Checkpoint
22-01-2014 01:24:36 Software Distribution Service 3.0
22-01-2014 07:35:33 Software Distribution Service 3.0
23-01-2014 10:53:22 System Checkpoint
23-01-2014 17:36:54 Software Distribution Service 3.0
24-01-2014 07:16:55 Software Distribution Service 3.0
24-01-2014 12:53:13 Installed Microsoft Fix it 51001
24-01-2014 18:41:36 Software Distribution Service 3.0
24-01-2014 19:35:14 Revo Uninstaller's restore point - CVE-2012-4792
25-01-2014 19:41:04 System Checkpoint
28-01-2014 00:47:10 System Checkpoint
28-01-2014 21:06:01 Software Distribution Service 3.0
28-01-2014 22:31:41 Installed Microsoft Fix it 51001
30-01-2014 20:02:29 Software Distribution Service 3.0
01-02-2014 20:51:30 System Checkpoint
02-02-2014 21:26:08 System Checkpoint
03-02-2014 22:26:08 System Checkpoint
04-02-2014 22:49:28 System Checkpoint
05-02-2014 23:26:09 System Checkpoint
07-02-2014 00:29:00 System Checkpoint
07-02-2014 21:30:41 Software Distribution Service 3.0
08-02-2014 17:57:49 Software Distribution Service 3.0
09-02-2014 07:31:37 Software Distribution Service 3.0
09-02-2014 22:31:11 Software Distribution Service 3.0
10-02-2014 10:20:20 Software Distribution Service 3.0
10-02-2014 10:26:49 Installed Microsoft Fix it 50199
10-02-2014 18:07:56 Software Distribution Service 3.0
11-02-2014 19:38:40 System Checkpoint
12-02-2014 19:45:40 System Checkpoint
13-02-2014 20:09:22 System Checkpoint
14-02-2014 03:53:56 Software Distribution Service 3.0
14-02-2014 18:44:22 Software Distribution Service 3.0
15-02-2014 18:34:18 Software Distribution Service 3.0
15-02-2014 18:36:34 Installed Microsoft Fix it 50971
16-02-2014 00:45:40 Installed Windows 7 Upgrade Advisor
16-02-2014 15:19:05 Software Distribution Service 3.0
17-02-2014 00:38:26 Software Distribution Service 3.0
17-02-2014 13:52:46 Installed Windows Media Player Firefox Plugin
18-02-2014 11:51:11 Installed Windows XP KB2618444.
18-02-2014 12:04:07 Software Distribution Service 3.0
19-02-2014 12:26:16 System Checkpoint
20-02-2014 04:44:06 Software Distribution Service 3.0
20-02-2014 12:22:56 Software Distribution Service 3.0
21-02-2014 00:17:06 Software Distribution Service 3.0
21-02-2014 19:06:38 Software Distribution Service 3.0
22-02-2014 03:17:22 Software Distribution Service 3.0
23-02-2014 03:25:46 System Checkpoint
24-02-2014 04:25:45 System Checkpoint
24-02-2014 06:34:52 Software Distribution Service 3.0
25-02-2014 03:28:28 Software Distribution Service 3.0
26-02-2014 04:11:48 System Checkpoint
26-02-2014 13:25:11 Software Distribution Service 3.0
27-02-2014 14:24:43 System Checkpoint
27-02-2014 17:07:14 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2004-08-26 11:11 - 2014-02-14 18:35 - 00001574 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 /mediaplex.com
127.0.0.1 /doubleclick.net
127.0.0.1 /serving-sys.com
127.0.0.1 .atdmt.com
127.0.0.1 .c1.atdmt.com
127.0.0.1 .doubleclick.net
127.0.0.1 /MICROSOFTWLSEARCHCRM.112.2O7
127.0.0.1  Adware.iBryte.D
127.0.0.1  .iBryte.D
127.0.0.1 .doubleclick.net
127.0.0.1 .serving-sys.com
127.0.0.1 .atdmt.com
127.0.0.1 .zedo.com
127.0.0.1 .invitemedia.com
127.0.0.1 .c1.atdmt.com
127.0.0.1 .doubleclick.net
127.0.0.1 .invitemedia.com
127.0.0.1 .apmebf.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-12 09:53 - 2013-03-23 00:22 - 01564008 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2007-01-11 16:00 - 2005-09-18 03:32 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2012-02-14 18:05 - 2012-02-14 18:37 - 11796096 _____ () C:\Documents and Settings\Owner\Application Data\SanDisk\My Vaults\dmBackup.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\etc\hosts.txt:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\Drivers\etc\hosts.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00111777.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03341730.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\05975663.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10852884.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18862049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27509126.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30265865.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\32758914.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40174589.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61946309.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66245791.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70567237.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90305861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00111777.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03341730.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\05975663.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10852884.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18862049.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27509126.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30265865.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\32758914.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40174589.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61946309.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66245791.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70567237.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90305861.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1339818859\EE\AOLHostManager.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunKistEM => C:\Program Files\Digital Media Reader\shwiconem.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2014 08:59:12 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/25/2014 04:08:30 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/25/2014 02:27:34 PM) (Source: Application Error) (User: )
Description: Fault bucket 2064710846.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (02/25/2014 02:27:28 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 10.0.0.3646, faulting module wmp.dll, version 10.0.0.4081, fault address 0x0007380f.
Processing media-specific event for [wmplayer.exe!ws!]
 
Error: (02/19/2014 04:31:59 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/19/2014 00:05:05 PM) (Source: Application Hang) (User: )
Description: Hanging application notepad.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/16/2014 05:49:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (02/16/2014 05:49:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved
 
Error: (02/16/2014 10:39:59 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=32.0.1700.107;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\82cd811d-ca90-46f2-b1db-55824999a409.dmp
 
Error: (02/11/2014 07:18:09 PM) (Source: Application Error) (User: )
Description: Fault bucket -2101235139.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
 
System errors:
=============
Error: (02/27/2014 02:31:30 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.01.167.794.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.10302.00x8024402cAn unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1%%852http://www.microsoft.com
 
Error: (02/27/2014 01:31:29 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.01.167.687.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.10302.00x8024402cAn unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1%%852http://www.microsoft.com
 
Error: (02/26/2014 02:33:29 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.01.167.687.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.10302.00x8024402cAn unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1%%852http://www.microsoft.com
 
Error: (02/26/2014 01:31:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %%8604.4.0304.01.167.558.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.10302.00x8024402cAn unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1%%852http://www.microsoft.com
 
Error: (02/24/2014 10:24:28 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (02/24/2014 02:34:16 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (02/24/2014 02:08:35 AM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2
 
Error: (02/24/2014 02:07:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (02/24/2014 01:58:07 AM) (Source: DCOM) (User: ROMEMAIN)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (02/24/2014 01:52:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AmdPPM
Fips
MpFilter
SCDEmu
 
 
Microsoft Office Sessions:
=========================
Error: (02/25/2014 08:59:12 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/25/2014 04:08:30 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/25/2014 02:27:34 PM) (Source: Application Error)(User: )
Description: 2064710846
 
Error: (02/25/2014 02:27:28 PM) (Source: Application Error)(User: )
Description: wmplayer.exe10.0.0.3646wmp.dll10.0.0.40810007380f
 
Error: (02/19/2014 04:31:59 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (02/19/2014 00:05:05 PM) (Source: Application Hang)(User: )
Description: notepad.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (02/16/2014 05:49:18 PM) (Source: crypt32)(User: )
 
Error: (02/16/2014 05:49:18 PM) (Source: crypt32)(User: )
 
Error: (02/16/2014 10:39:59 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=32.0.1700.107;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\82cd811d-ca90-46f2-b1db-55824999a409.dmp
 
Error: (02/11/2014 07:18:09 PM) (Source: Application Error)(User: )
Description: -2101235139
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 1246.42 MB
Available physical RAM: 778.93 MB
Total Pagefile: 2972.64 MB
Available Pagefile: 2645.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.1 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:88.9 GB) (Free:51.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.24 GB) (Free:1.84 GB) FAT32
Drive g: (My Passport) (Fixed) (Total:297.44 GB) (Free:282.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 93 GB) (Disk ID: 4B36BDEA)
Partition 1: (Active) - (Size=89 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0B)
 
========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 297 GB) (Disk ID: 00035F28)
Partition 1: (Not Active) - (Size=297 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
4.. I uninstalled MSE as directed. Webroot WRSA is still running, and finding things, but it wants the paid version to remove the problems.  I previously removed problem files and the associated Registry Hkey (the set that goes to progra files) records and that cleared the warning from the WRSA icon.  It currently has the following findings which I have not cleared yet:
 
4a.  c:\tdsskiller_quarantine\08.04.2013_14.01.53\susp0001\svc0000\tsk0000.dta
4b.  c:\my backup -- 15-06-12 2033\program files\common files\new boundary\prismxl\prismxl.sys
4c.  c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe
 
The third one looks like it might be the source of one of the popups.  Shall I dig in there and delete the files again?  Should I folllow up by going to registry and deleting the HKEYs - but how far up do I go: to the last filename, or to
4aa.  susp0001
4bb.  new boundary
4cc.  uplayermediaplayer-setup.exe

 

5. There is no Recovery Console on this PC.  It was gone before the boot sequence changed to the older version copyrighted last decade.

 

Thank you 


Edited by JoanneMT, 28 February 2014 - 02:13 PM.


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 01 March 2014 - 06:16 AM

Hi Joanne,
 
Don't worry about deleting the files; first is already in a quarantine, the second seems to be a false positive and the third we can deal with using FRST.
 

We need to run a fix with FRST:

  • Press Windows Key + R and type notepad into the run box which appears. Press enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply.

 

--------------

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22004342.gif


Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22004343.gif


Go to Step 4 and under "System Restore" click on Create button:

p22004346.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22004347.gif

Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

 

--------------

 

Please run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop, please copy and paste the contents into your next reply.

 

--------------

 

Any improvement after these fixes?

 

--------------

 

To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Windows Repair All in One log
  • New FRST.txt log
  • Any improvement?

xXToffeeXx~


Edited by xXToffeeXx, 01 March 2014 - 06:17 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 02 March 2014 - 04:06 PM

Hi Toffee, what I was trying to say was that I was getting no findings so I did not run the programs any further.  Most of my popups were coming from Firefox, I tried it a little while this morning, not sure I got any popups. I will use FF to do some research.  However, I am still getting last decade's logon and logoff pages. I did not remember to turn Webroot virus scan back on after I turned it off for the first instruction to do so.

  Please let me know if I should re-run anything.

 

Thank you :-)

 

Fixlog 1 FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 01
Ran by Owner at 2014-03-02 08:59:48 Run:1
Running from C:\Documents and Settings\Owner\Desktop\FRST script to clear badfile
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Value deleted successfully.
"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe" => File/Directory not found.
 

==== End of Fixlog ====

 

 

  • Windows Repair All in One log  [what a cool program - but it didn't tell me to complete the steps either.

Chkdsk log step 2 report

 

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.
 
C:\Documents and Settings\Owner\My Documents\Downloads>
CD /D C:\
 
C:\>
chkdsk C:
 
The type of the file system is NTFS.
 
 
WARNING!  F parameter not specified.
Running CHKDSK in read-only mode.
 
 
CHKDSK is verifying files (stage 1 of 3)...
0 percent completed.               1 percent completed.               2 percent completed.               3 percent completed.               4 percent completed.               5 percent completed.               6 percent completed.               7 percent completed.               8 percent completed.               9 percent completed.               10 percent completed.               11 percent completed.               12 percent completed.               13 percent completed.               14 percent completed.               15 percent completed.               16 percent completed.               17 percent completed.               18 percent completed.               19 percent completed.               20 percent completed.               21 percent completed.               22 percent completed.               23 percent completed.               24 percent completed.               25 percent completed.               26 percent completed.               27 percent completed.               28 percent completed.               29 percent completed.               30 percent completed.               31 percent completed.               32 percent completed.               33 percent completed.               34 percent completed.               35 percent completed.               36 percent completed.               37 percent completed.               38 percent completed.               39 percent completed.               40 percent completed.               41 percent completed.               42 percent completed.               43 percent completed.               44 percent completed.               45 percent completed.               46 percent completed.               47 percent completed.               48 percent completed.               49 percent completed.               50 percent completed.               51 percent completed.               52 percent completed.               53 percent completed.               54 percent completed.               55 percent completed.               56 percent completed.               57 percent completed.               58 percent completed.               59 percent completed.               60 percent completed.               61 percent completed.               62 percent completed.               63 percent completed.               64 percent completed.               65 percent completed.               66 percent completed.               67 percent completed.               68 percent completed.               69 percent completed.               70 percent completed.               71 percent completed.               72 percent completed.               73 percent completed.               74 percent completed.               75 percent completed.               76 percent completed.               77 percent completed.               78 percent completed.               79 percent completed.               80 percent completed.               81 percent completed.               82 percent completed.               83 percent completed.               84 percent completed.               85 percent completed.               86 percent completed.               87 percent completed.               88 percent completed.               89 percent completed.               90 percent completed.               91 percent completed.               92 percent completed.               93 percent completed.               94 percent completed.               95 percent completed.               96 percent completed.               97 percent completed.               98 percent completed.               99 percent completed.               100 percent completed.               
File verification completed.
 
CHKDSK is verifying indexes (stage 2 of 3)...
0 percent completed.               1 percent completed.               2 percent completed.               3 percent completed.               4 percent completed.               5 percent completed.               6 percent completed.               7 percent completed.               8 percent completed.               9 percent completed.               10 percent completed.               11 percent completed.               12 percent completed.               13 percent completed.               14 percent completed.               15 percent completed.               16 percent completed.               17 percent completed.               18 percent completed.               19 percent completed.               20 percent completed.               21 percent completed.               22 percent completed.               23 percent completed.               24 percent completed.               25 percent completed.               26 percent completed.               27 percent completed.               28 percent completed.               29 percent completed.               30 percent completed.               31 percent completed.               32 percent completed.               33 percent completed.               34 percent completed.               35 percent completed.               36 percent completed.               37 percent completed.               38 percent completed.               39 percent completed.               40 percent completed.               41 percent completed.               42 percent completed.               43 percent completed.               44 percent completed.               45 percent completed.               46 percent completed.               47 percent completed.               48 percent completed.               49 percent completed.               50 percent completed.               51 percent completed.               52 percent completed.               53 percent completed.               54 percent completed.               55 percent completed.               56 percent completed.               57 percent completed.               58 percent completed.               59 percent completed.               60 percent completed.               61 percent completed.               62 percent completed.               63 percent completed.               64 percent completed.               65 percent completed.               66 percent completed.               67 percent completed.               68 percent completed.               69 percent completed.               70 percent completed.               71 percent completed.               72 percent completed.               73 percent completed.               74 percent completed.               75 percent completed.               76 percent completed.               77 percent completed.               78 percent completed.               79 percent completed.               80 percent completed.               81 percent completed.               82 percent completed.               83 percent completed.               84 percent completed.               85 percent completed.               86 percent completed.               87 percent completed.               88 percent completed.               89 percent completed.               90 percent completed.               91 percent completed.               92 percent completed.               93 percent completed.               94 percent completed.               95 percent completed.               96 percent completed.               97 percent completed.               98 percent completed.               99 percent completed.               100 percent completed.               
Index verification completed.
 
CHKDSK is recovering lost files.
 
0 percent completed.               1 percent completed.               2 percent completed.               3 percent completed.               4 percent completed.               5 percent completed.               6 percent completed.               7 percent completed.               8 percent completed.               9 percent completed.               10 percent completed.               11 percent completed.               12 percent completed.               13 percent completed.               14 percent completed.               15 percent completed.               16 percent completed.               17 percent completed.               18 percent completed.               19 percent completed.               20 percent completed.               21 percent completed.               22 percent completed.               23 percent completed.               24 percent completed.               25 percent completed.               26 percent completed.               27 percent completed.               28 percent completed.               29 percent completed.               30 percent completed.               31 percent completed.               32 percent completed.               33 percent completed.               34 percent completed.               35 percent completed.               36 percent completed.               37 percent completed.               38 percent completed.               39 percent completed.               40 percent completed.               41 percent completed.               42 percent completed.               43 percent completed.               44 percent completed.               45 percent completed.               46 percent completed.               47 percent completed.               48 percent completed.               49 percent completed.               50 percent completed.               51 percent completed.               52 percent completed.               53 percent completed.               54 percent completed.               55 percent completed.               56 percent completed.               57 percent completed.               58 percent completed.               59 percent completed.               60 percent completed.               61 percent completed.               62 percent completed.               63 percent completed.               64 percent completed.               65 percent completed.               66 percent completed.               67 percent completed.               68 percent completed.               69 percent completed.               70 percent completed.               71 percent completed.               72 percent completed.               73 percent completed.               74 percent completed.               75 percent completed.               76 percent completed.               77 percent completed.               78 percent completed.               79 percent completed.               80 percent completed.               81 percent completed.               82 percent completed.               83 percent completed.               84 percent completed.               85 percent completed.               86 percent completed.               87 percent completed.               88 percent completed.               89 percent completed.               90 percent completed.               91 percent completed.               92 percent completed.               93 percent completed.               94 percent completed.               95 percent completed.               96 percent completed.               97 percent completed.               98 percent completed.               99 percent completed.               100 percent completed.               Security descriptor verification completed.
 
CHKDSK is verifying Usn Journal...
 
Usn Journal verification completed.
 
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
 
13562913 allocation units available on disk.
 
C:\>
 
********  View Log:  "No Errors found on the drive!"  *****
 
================
 
NOTE: F is the built-in CD / DVD ROM drive that does not function on this PC. (Disks are not recognized)
 
Can/should I run the "do it" step even though it said no errors?

 

=================================

I haven't been interrupted by popups today - using only Chrome. I think all the popups were happening on Firefox since that is what I am familiar with using on this machine.  The machine is operating OK, got my mail, visited FB.  

 

I forgot to turn webroot back on (it has been showing an exclamation point over the icon b/c of the 3 findings.)  I haven't re-started the machine since running these scans, so I will let you know if it is cleared on my next post.  

 

thank you :-)


Edited by JoanneMT, 02 March 2014 - 04:10 PM.


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 02 March 2014 - 04:21 PM

Hi Joanne,

Please continue with the rest of the steps in my post until the last one. They are meant to really work as a set and you may not see much of a difference inbetween (although sometimes you can). So far looks good though.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 02 March 2014 - 07:55 PM

"Go to Step 2 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer."

 

1. Toffee - do you mean that if Step 2 says there is no problem, that I should run "DO IT" anyway?

2. I did make a mistake running FRST - i hit scan instead of fix. So sorry.

3. Firefox is the browser giving me the popups and demanding Java and other software be installed. So I am using chrome to run this.

-----------------------------------------------------------------------------------------------------------------------------------

 

-------------------FRST FIXLOG Text 1

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 02
Ran by Owner at 2014-03-02 19:45:34 Run:2
Running from C:\Documents and Settings\Owner\Desktop\FRST script to clear badfile
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Unable to delete value
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\CDRAutoRun => Unable to delete value
"C:\\PROGRA~1\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll" => Value Data not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Unable to delete value
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe" => File/Directory not found.
 

 

==== End of Fixlog ====

 

------------------------------This time check Tweaking Windows Repair all in One reported errors found on drive, restart is needed.  Checking "Do It"

 

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
c:\documents and settings\owner\my documents\downloads\uplayermediaplayer-setup.exe

Edited by JoanneMT, 03 March 2014 - 10:52 AM.


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 PM

Posted 03 March 2014 - 12:34 PM

Hi Joanne,

 

Please continue from, "Once the above is done go to Step 3 and allow it to run System File Check by clicking on Do It button," on my instructions.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 03 March 2014 - 02:41 PM

Hi Toffee,

 

note: I used add/remove programs in the control panel to remove Microsoft Security Client and Microsoft Security Essentials when you advised me to. I'm using Webroot security scanner - the free version.

 

 

Windows Repair (All in One)  System File Check "Do IT" ~ restarted the PC.

 

2. Disabled Webroot Scanner (WRSA) 

 

3. "System Restore" click on Create button Start Repairs tab and click Start button.

 

4. WRSA Repair Log:

 
System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: ROMEMAIN
Windows Drive: C:\
Windows Path: C:\WINDOWS
Current Profile: C:\Documents and Settings\Owner
Current Profile SID: S-1-5-21-2822924679-3857380540-344346031-1003
Current Profile Classes: S-1-5-21-2822924679-3857380540-344346031-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Owner\Local Settings\Application Data
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:11
 
Process Count: 33
Commit Total: 375.11 MB
Commit Limit: 2.90 GB
Commit Peak: 736.21 MB
Handle Count: 7898
Kernel Total: 56.57 MB
Kernel Paged: 34.86 MB
Kernel Non Paged: 21.71 MB
System Cache: 341.84 MB
Thread Count: 392
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.22 GB
Memory Used: 515.52 MB(41.3596%)
Memory Avail.: 730.91 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.22 GB
Memory Used: 414.07 MB(33.221%)
Memory Avail.: 832.35 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Start (3/3/2014 1:20:40 PM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/3/2014 1:20:40 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:20:45 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/3/2014 1:20:45 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:21:35 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/3/2014 1:21:35 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:22:04 PM)
 
03 - Register System Files
   Start (3/3/2014 1:22:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:24:29 PM)
 
04 - Repair WMI
   Start (3/3/2014 1:24:29 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:27:36 PM)
 
05 - Repair Windows Firewall
   Start (3/3/2014 1:27:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:27:47 PM)
 
06 - Repair Internet Explorer
   Start (3/3/2014 1:27:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:12 PM)
 
07 - Repair MDAC/MS Jet
   Start (3/3/2014 1:30:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:23 PM)
 
08 - Repair Hosts File
   Start (3/3/2014 1:30:23 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:30:25 PM)
 
09 - Remove Policies Set By Infections
   Start (3/3/2014 1:30:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:30 PM)
 
11 - Repair Icons
   Start (3/3/2014 1:30:30 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:30:32 PM)
 
12 - Repair Winsock & DNS Cache
   Start (3/3/2014 1:30:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:41 PM)
 
14 - Repair Proxy Settings
   Start (3/3/2014 1:30:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:45 PM)
 
16 - Repair Windows Updates
   Start (3/3/2014 1:30:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:17 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (3/3/2014 1:31:17 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (3/3/2014 1:31:17 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (3/3/2014 1:31:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:40 PM)
 
20 - Repair MSI (Windows Installer)
   Start (3/3/2014 1:31:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:54 PM)
 
22.01 - Repair bat Association
   Start (3/3/2014 1:31:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:59 PM)
 
22.02 - Repair cmd Association
   Start (3/3/2014 1:31:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:04 PM)
 
22.03 - Repair com Association
   Start (3/3/2014 1:32:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:08 PM)
 
22.04 - Repair Directory Association
   Start (3/3/2014 1:32:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:13 PM)
 
22.05 - Repair Drive Association
   Start (3/3/2014 1:32:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:17 PM)
 
22.06 - Repair exe Association
   Start (3/3/2014 1:32:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:22 PM)
 
22.07 - Repair Folder Association
   Start (3/3/2014 1:32:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:27 PM)
 
22.08 - Repair inf Association
   Start (3/3/2014 1:32:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:31 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (3/3/2014 1:32:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:36 PM)
 
22.10 - Repair msc Association
   Start (3/3/2014 1:32:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:41 PM)
 
22.11 - Repair reg Association
   Start (3/3/2014 1:32:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:45 PM)
 
22.12 - Repair scr Association
   Start (3/3/2014 1:32:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:50 PM)
 
23 - Repair Windows Safe Mode
   Start (3/3/2014 1:32:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:54 PM)
 
24 - Repair Print Spooler
   Start (3/3/2014 1:32:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:03 PM)
 
25 - Restore Important Windows Services
   Start (3/3/2014 1:33:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:16 PM)
 
26 - Set Windows Services To Default Startup
   Start (3/3/2014 1:33:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:37 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (3/3/2014 1:33:37 PM)
   Total Repair Time: 00:12:58
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 
4a: posting other logs that report errors not corrected:
 1 Windows Repair Log
   Running Repair Under Current User Account
   Running Repair Under Current User Account
   Running Repair Under Current User Account
   Running Repair Under Current User Account
 
2  Windows Repair Log
 
System Variables
--------------------------------------------------------------------------------
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: ROMEMAIN
Windows Drive: C:\
Windows Path: C:\WINDOWS
Current Profile: C:\Documents and Settings\Owner
Current Profile SID: S-1-5-21-2822924679-3857380540-344346031-1003
Current Profile Classes: S-1-5-21-2822924679-3857380540-344346031-1003_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Owner\Local Settings\Application Data
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:10:11
 
Process Count: 33
Commit Total: 375.11 MB
Commit Limit: 2.90 GB
Commit Peak: 736.21 MB
Handle Count: 7898
Kernel Total: 56.57 MB
Kernel Paged: 34.86 MB
Kernel Non Paged: 21.71 MB
System Cache: 341.84 MB
Thread Count: 392
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.22 GB
Memory Used: 515.52 MB(41.3596%)
Memory Avail.: 730.91 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.22 GB
Memory Used: 414.07 MB(33.221%)
Memory Avail.: 832.35 MB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Start (3/3/2014 1:20:40 PM)
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (3/3/2014 1:20:40 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:20:45 PM)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (3/3/2014 1:20:45 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:21:35 PM)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (3/3/2014 1:21:35 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:22:04 PM)
 
03 - Register System Files
   Start (3/3/2014 1:22:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:24:29 PM)
 
04 - Repair WMI
   Start (3/3/2014 1:24:29 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:27:36 PM)
 
05 - Repair Windows Firewall
   Start (3/3/2014 1:27:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:27:47 PM)
 
06 - Repair Internet Explorer
   Start (3/3/2014 1:27:47 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:12 PM)
 
07 - Repair MDAC/MS Jet
   Start (3/3/2014 1:30:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:23 PM)
 
08 - Repair Hosts File
   Start (3/3/2014 1:30:23 PM)
   Running Repair Under System Account
   Done (3/3/2014 1:30:25 PM)
 
09 - Remove Policies Set By Infections
   Start (3/3/2014 1:30:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:30 PM)
 
11 - Repair Icons
   Start (3/3/2014 1:30:30 PM)
   Running Repair Under Current User Account
   Done (3/3/2014 1:30:32 PM)
 
12 - Repair Winsock & DNS Cache
   Start (3/3/2014 1:30:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:41 PM)
 
14 - Repair Proxy Settings
   Start (3/3/2014 1:30:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:30:45 PM)
 
16 - Repair Windows Updates
   Start (3/3/2014 1:30:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:17 PM)
 
17 - Repair CD/DVD Missing/Not Working
   Start (3/3/2014 1:31:17 PM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (3/3/2014 1:31:17 PM)
 
18 - Repair Volume Shadow Copy Service
   Start (3/3/2014 1:31:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:40 PM)
 
20 - Repair MSI (Windows Installer)
   Start (3/3/2014 1:31:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:54 PM)
 
22.01 - Repair bat Association
   Start (3/3/2014 1:31:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:31:59 PM)
 
22.02 - Repair cmd Association
   Start (3/3/2014 1:31:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:04 PM)
 
22.03 - Repair com Association
   Start (3/3/2014 1:32:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:08 PM)
 
22.04 - Repair Directory Association
   Start (3/3/2014 1:32:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:13 PM)
 
22.05 - Repair Drive Association
   Start (3/3/2014 1:32:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:17 PM)
 
22.06 - Repair exe Association
   Start (3/3/2014 1:32:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:22 PM)
 
22.07 - Repair Folder Association
   Start (3/3/2014 1:32:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:27 PM)
 
22.08 - Repair inf Association
   Start (3/3/2014 1:32:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:31 PM)
 
22.09 - Repair lnk (Shortcuts) Association
   Start (3/3/2014 1:32:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:36 PM)
 
22.10 - Repair msc Association
   Start (3/3/2014 1:32:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:41 PM)
 
22.11 - Repair reg Association
   Start (3/3/2014 1:32:41 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:45 PM)
 
22.12 - Repair scr Association
   Start (3/3/2014 1:32:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:50 PM)
 
23 - Repair Windows Safe Mode
   Start (3/3/2014 1:32:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:32:54 PM)
 
24 - Repair Print Spooler
   Start (3/3/2014 1:32:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:03 PM)
 
25 - Restore Important Windows Services
   Start (3/3/2014 1:33:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:16 PM)
 
26 - Set Windows Services To Default Startup
   Start (3/3/2014 1:33:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/3/2014 1:33:37 PM)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 5.1
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done (3/3/2014 1:33:37 PM)
   Total Repair Time: 00:12:58
 
 
...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 
3.  Windows Repair Log
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\* : registry key is skipped (contains wildcard)
 
WARNING HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\* : registry key is skipped (contains wildcard)
 
4. Windows repair hkey classes root log 4
WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)
 
WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)
 
5   Repair Icons
The system cannot find the file specified.
The system cannot find the file specified.
 
6   Windows repair hkey classes root log 3
WARNING HKEY_CLASSES_ROOT\* : registry key is skipped (contains wildcard)
 
WARNING HKEY_CLASSES_ROOT\PROTOCOLS\Name-Space Handler\mk\* : registry key is skipped (contains wildcard)
 
===================== about to run FRST  -- oh, @#$% forgot to reboot, here is report #1
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2014 02
Ran by Owner (administrator) on ROMEMAIN on 03-03-2014 14:42:44
Running from C:\Documents and Settings\Owner\Desktop\FRST script to clear badfile
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Gemalto N.V.) C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15517984 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [108832 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-23] ()
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [754192 2013-10-25] (Webroot)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software Ltd)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] (Gemalto N.V.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: AutorunsDisabled\ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wt16j0sf.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files\PassShow\154.xpi
FF Extension: PassShow - C:\Program Files\PassShow\154.xpi [2014-02-20]
 
Chrome: 
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-20]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-20]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
S4 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2014-02-19] (New Boundary Technologies, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [754192 2013-10-25] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644800 2005-09-26] (Realtek Semiconductor Corp.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-22] (Conexant Systems, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd.                                               )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114408 2014-02-03] (Power Software Ltd)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 2013-06-18] ()
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [117728 2013-10-25] (Webroot)
S4 cpuz134; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
U4 intelppm; 
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-03-03 13:24 - 2014-03-03 13:24 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-03-03 13:23 - 2014-03-03 13:31 - 00007514 _____ () C:\WINDOWS\bitssetup.log
2014-03-03 13:23 - 2014-03-03 13:24 - 00000558 _____ () C:\WINDOWS\Windows Update.log
2014-03-03 13:20 - 2014-03-03 13:33 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-03-02 12:30 - 2014-03-02 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-02 09:15 - 2014-03-03 10:52 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Windows Repair All In One per bleep
2014-03-02 08:33 - 2014-03-02 08:33 - 00000660 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to FRST (3).lnk
2014-03-02 08:27 - 2014-03-03 14:42 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST script to clear badfile
2014-02-28 20:15 - 2014-02-28 20:15 - 00092432 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-28 13:23 - 2014-02-28 13:23 - 00000521 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to boot xp.lnk
2014-02-28 13:22 - 2014-02-28 13:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\boot xp
2014-02-28 11:54 - 2014-02-28 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ClubSanDisk
2014-02-28 10:56 - 2014-02-28 10:56 - 00000624 _____ () C:\Documents and Settings\Owner\Application Data\.backup.dm
2014-02-28 03:56 - 2014-03-03 14:42 - 00000000 ____D () C:\FRST
2014-02-28 03:43 - 2014-03-02 09:03 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:15 - 2014-02-28 03:16 - 00000791 _____ () C:\Documents and Settings\Owner\My Documents\webroot secure anywhere findings.txt
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () C:\Documents and Settings\Owner\My Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-25 16:36 - 2014-03-02 11:23 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\how to
2014-02-25 15:32 - 2014-02-25 22:23 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 14:23 - 2008-04-13 20:12 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-02-25 14:23 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 11:01 - 2014-02-24 01:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-21 18:52 - 2014-02-21 18:53 - 00000141 _____ () C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename iexplo ur dot exe.url
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 07:02 - 2014-02-20 07:12 - 00000000 ____D () C:\Program Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:35 - 2014-02-20 06:39 - 00000000 ____D () C:\Program Files\PowerISO
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:29 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-20 02:29 - 2000-05-22 01:00 - 00244416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Msflxgrd.ocx
2014-02-20 02:29 - 2000-05-22 01:00 - 00203976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2014-02-20 02:29 - 1998-06-24 00:00 - 00209192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TABCTL32.OCX
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:49 - 2014-02-18 06:51 - 00005475 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-02-16 21:07 - 2014-03-03 14:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-16 20:51 - 2014-02-17 08:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-13 23:12 - 2014-03-03 14:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 23:12 - 2014-03-02 23:18 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 22:59 - 2014-02-13 23:00 - 00012647 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 22:58 - 2014-02-13 22:59 - 00005843 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-13 10:35 - 2014-02-13 23:09 - 00015910 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 20:02 - 2014-02-21 22:02 - 00000219 _____ () C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-10 18:49 - 2014-02-28 04:42 - 00001111 _____ () C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 2-7-14.txt
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\budget
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-03 14:42 - 2014-03-02 08:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST script to clear badfile
2014-03-03 14:42 - 2014-02-28 03:56 - 00000000 ____D () C:\FRST
2014-03-03 14:14 - 2013-02-04 11:14 - 02071195 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-03 14:11 - 2014-02-16 21:07 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-03 14:06 - 2014-02-13 23:12 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 14:05 - 2013-09-17 17:12 - 00146808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-03 14:05 - 2013-02-04 11:16 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-03 14:05 - 2013-02-04 11:16 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-03-03 14:05 - 2004-08-26 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-03 14:04 - 2013-02-04 11:16 - 00032482 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-03 14:04 - 2004-08-26 13:09 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-03-03 13:33 - 2014-03-03 13:20 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-03-03 13:31 - 2014-03-03 13:23 - 00007514 _____ () C:\WINDOWS\bitssetup.log
2014-03-03 13:31 - 2004-08-26 13:01 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____D () C:\Documents and Settings\LocalService\Start Menu\Programs\Accessories
2014-03-03 13:30 - 2004-08-26 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-03 13:30 - 2004-08-26 13:04 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-03-03 13:30 - 2004-08-26 13:04 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-03-03 13:29 - 2004-08-26 05:54 - 00523760 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-03 13:24 - 2014-03-03 13:24 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-03-03 13:24 - 2014-03-03 13:23 - 00000558 _____ () C:\WINDOWS\Windows Update.log
2014-03-03 13:11 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\system32\ias
2014-03-03 10:52 - 2014-03-02 09:15 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Windows Repair All In One per bleep
2014-03-02 23:18 - 2014-02-13 23:12 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 19:47 - 2013-09-03 16:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WRData
2014-03-02 12:30 - 2014-03-02 12:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-03-02 11:23 - 2014-02-25 16:36 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\how to
2014-03-02 09:03 - 2014-02-28 03:43 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-03-02 08:33 - 2014-03-02 08:33 - 00000660 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to FRST (3).lnk
2014-03-02 08:05 - 2004-08-26 11:12 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-28 20:15 - 2014-02-28 20:15 - 00092432 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-02-28 13:55 - 2013-11-12 19:41 - 00000000 ____D () C:\Program Files\Recuva
2014-02-28 13:45 - 2012-06-20 13:35 - 00001503 _____ () C:\Documents and Settings\Owner\Desktop\Paint (2).lnk
2014-02-28 13:23 - 2014-02-28 13:23 - 00000521 _____ () C:\Documents and Settings\Owner\Desktop\Shortcut to boot xp.lnk
2014-02-28 13:22 - 2014-02-28 13:22 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\boot xp
2014-02-28 11:54 - 2014-02-28 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ClubSanDisk
2014-02-28 10:56 - 2014-02-28 10:56 - 00000624 _____ () C:\Documents and Settings\Owner\Application Data\.backup.dm
2014-02-28 10:55 - 2013-10-25 20:05 - 00050089 _____ () C:\WINDOWS\setupapi.log
2014-02-28 04:42 - 2014-02-10 18:49 - 00001111 _____ () C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-28 03:36 - 2012-06-19 20:14 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:16 - 2014-02-28 03:15 - 00000791 _____ () C:\Documents and Settings\Owner\My Documents\webroot secure anywhere findings.txt
2014-02-28 02:59 - 2014-01-19 16:21 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\SanDisk
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () C:\Documents and Settings\Owner\My Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-27 12:38 - 2012-06-30 17:27 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\household
2014-02-25 22:23 - 2014-02-25 15:32 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 22:10 - 2013-09-03 16:03 - 00000000 ____D () C:\Program Files\Webroot
2014-02-25 16:29 - 2013-09-03 18:13 - 00002315 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-24 23:20 - 2013-09-17 14:27 - 00000000 ____D () C:\AdwCleaner
2014-02-24 02:34 - 2013-09-12 09:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-24 02:06 - 2012-11-22 17:48 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\bleeping
2014-02-24 01:48 - 2014-02-22 11:01 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 07:05 - 2004-08-26 05:45 - 00000000 ____D () C:\WINDOWS\Help
2014-02-22 06:25 - 2012-06-17 19:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-02-21 22:02 - 2014-02-11 20:02 - 00000219 _____ () C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-21 19:18 - 2013-03-24 16:58 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\TDSS
2014-02-21 18:55 - 2014-01-25 16:27 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\avast
2014-02-21 18:53 - 2014-02-21 18:52 - 00000141 _____ () C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename iexplo ur dot exe.url
2014-02-21 14:18 - 2012-12-23 06:06 - 00000000 ____D () C:\JRT
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 20:44 - 2012-11-07 12:24 - 00262144 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-02-20 20:11 - 2012-09-14 20:03 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 20:11 - 2012-09-14 20:03 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 07:12 - 2014-02-20 07:02 - 00000000 ____D () C:\Program Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:39 - 2014-02-20 06:35 - 00000000 ____D () C:\Program Files\PowerISO
2014-02-20 03:18 - 2012-06-22 06:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\PC Maintenance
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:31 - 2014-02-20 02:29 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-19 14:03 - 2013-01-27 19:15 - 00002327 _____ () C:\Documents and Settings\Owner\Start Menu\Programs\Windows Install Clean Up.lnk
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:51 - 2014-02-18 06:49 - 00005475 _____ () C:\WINDOWS\KB2618444-IE8.log
2014-02-17 08:52 - 2014-02-16 20:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-16 21:44 - 2013-09-03 11:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 21:06 - 2012-06-19 23:22 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-02-14 18:35 - 2004-08-26 11:11 - 00001574 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_414
2014-02-13 23:10 - 2012-06-15 22:45 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 23:09 - 2014-02-13 10:35 - 00015910 _____ () C:\WINDOWS\KB2916036.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00143414 _____ () C:\WINDOWS\FaxSetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00073530 _____ () C:\WINDOWS\ocgen.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00057388 _____ () C:\WINDOWS\tsoc.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00048263 _____ () C:\WINDOWS\comsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00029950 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00022660 _____ () C:\WINDOWS\iis6.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00013203 _____ () C:\WINDOWS\updspapi.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00008120 _____ () C:\WINDOWS\ocmsn.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00007447 _____ () C:\WINDOWS\msgsocm.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-13 23:04 - 2013-07-16 11:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 23:00 - 2014-02-13 22:59 - 00012647 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-13 23:00 - 2013-10-25 20:05 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-13 23:00 - 2012-06-19 19:59 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 22:59 - 2014-02-13 22:58 - 00005843 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-12 17:09 - 2013-09-20 11:40 - 00002196 _____ () C:\Documents and Settings\Owner\Desktop\Power ISO to copy and burn cds and backups.txt
2014-02-12 13:54 - 2014-01-27 20:04 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\insurance
2014-02-11 20:00 - 2013-10-07 09:51 - 00005120 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-11 15:48 - 2012-12-01 14:15 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\sewing
2014-02-10 20:17 - 2014-01-28 00:47 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Teaching
2014-02-10 20:15 - 2014-01-28 00:33 - 00006266 _____ () C:\Documents and Settings\Owner\My Documents\alphabet.txt
2014-02-10 12:22 - 2012-10-20 20:01 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:59 - 2004-08-26 13:09 - 00000000 ____D () C:\Documents and Settings\Owner
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
2014-02-08 04:00 - 2013-03-24 12:16 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\TCPView Hacker
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 2-7-14.txt
2014-02-07 18:53 - 2012-06-20 13:34 - 00007468 _____ () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\budget
2014-02-07 18:10 - 2012-06-15 22:38 - 00000000 ____D () C:\WINDOWS\creator
2014-02-07 18:05 - 2012-06-15 22:38 - 00000000 ____D () C:\WINDOWS\SMINST
2014-02-07 16:55 - 2013-10-25 20:05 - 00000300 _____ () C:\WINDOWS\setupact.log
2014-02-07 16:42 - 2012-09-14 20:04 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-06 03:54 - 2009-03-08 03:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-26 11:11 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-19 19:08 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2012-06-19 18:45 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2009-03-08 13:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2009-03-08 03:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-26 11:11 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-26 11:11 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
--------------FRST  SCAN after reboot system
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 
 
02-03-2014 02
Ran by Owner (administrator) on ROMEMAIN on 03-03-2014 15:02:46
Running from C:\Documents and Settings\Owner\Desktop\FRST script 
 
to clear badfile
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS 
 
Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: 
 
 
/dl/81/ 
Download link for 64-Bit Version: 
 
 
/dl/82/ 
Download link from any site other than Bleeping Computer is 
 
unpermitted or outdated.
See tutorial for FRST: 
 
 
se-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Google Inc.) C:\Program 
 
Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program 
 
Files\SUPERAntiSpyware\SASCORE.EXE
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA 
 
Update Core\daemonu.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common 
 
Files\New Boundary\PrismXL\PRISMXL.SYS
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Gemalto N.V.) C:\Documents and Settings\Owner\Application 
 
Data\SanDisk\SanDiskSecureAccess_Manager.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common 
 
Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe 
 
Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll 
 
[15517984 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll 
 
[108832 2013-03-21] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA 
 
Corporation\nview\nwiz.exe [1982312 2013-03-23] ()
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [754192 
 
2013-10-25] (Webroot)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program 
 
Files\PowerISO\PWRISOVM.EXE [337432 2014-02-03] (Power Software 
 
Ltd)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program 
 
Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 
 
2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: 
 
[MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 
 
2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2822924679-3857380540-344346031-1003\...\Run: 
 
[SanDiskSecureAccess_Manager.exe] - C:\Documents and 
 
Settings\Owner\Application 
 
Data\SanDisk\SanDiskSecureAccess_Manager.exe [30705792 2012-02-15] 
 
(Gemalto N.V.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} 
 
- C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - 
 
C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Handler: AutorunsDisabled\ms-itss - 
 
{0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common 
 
Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft 
 
Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - 
 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program 
 
Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] 
 
(SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application 
 
Data\Mozilla\Firefox\Profiles\wt16j0sf.default
FF Plugin: @adobe.com/FlashPlayer - 
 
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - 
 
C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - 
 
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program 
 
Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program 
 
Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 
 
11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla 
 
firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: 
 
[{20a82645-c095-46ed-80e3-08825760534b}] - 
 
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - 
 
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: 
 
[{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program 
 
Files\PassShow\154.xpi
FF Extension: PassShow - C:\Program Files\PassShow\154.xpi 
 
[2014-02-20]
 
Chrome: 
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: 
 
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Documents and 
 
Settings\Owner\Local Settings\Application Data\Google\Chrome\User 
 
Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - 
 
internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program 
 
Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginCh
 
rome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program 
 
Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 
 
11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media 
 
Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - 
 
C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft 
 
Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media 
 
Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program 
 
Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - 
 
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation 
 
Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - 
 
C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Documents and 
 
Settings\Owner\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake 
 
[2013-05-20]
CHR Extension: (Google Drive) - C:\Documents and 
 
Settings\Owner\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf 
 
[2013-05-20]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo 
 
[2013-05-20]
CHR Extension: (Google Search) - C:\Documents and 
 
Settings\Owner\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf 
 
[2013-05-20]
CHR Extension: (Google Wallet) - C:\Documents and 
 
Settings\Owner\Local Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 
 
[2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia 
 
[2013-05-20]
 
========================== Services (Whitelisted) 
 
=================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 
 
2012-07-11] (SUPERAntiSpyware.com)
S4 AOL TopSpeedMonitor; C:\Program Files\Common 
 
Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America 
 
Online, Inc)
R2 PrismXL; C:\Program Files\Common Files\New 
 
Boundary\PrismXL\PRISMXL.SYS [172032 2014-02-19] (New Boundary 
 
Technologies, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [754192 2013-10-25] 
 
(Webroot)
 
==================== Drivers (Whitelisted) ====================
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 
 
2001-08-17] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [3644800 
 
2005-09-26] (Realtek Semiconductor Corp.)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 
 
2007-04-16] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 
 
2008-04-13] (Microsoft Corporation)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 
 
2005-07-22] (Conexant Systems, Inc.)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] 
 
(Macronix International Co., Ltd.                                  
 
             )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 
 
2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 
 
2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 
 
2008-08-01] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] 
 
(Microsoft Corporation)
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 
 
2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 
 
2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [114408 
 
2014-02-03] (Power Software Ltd)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13024 
 
2013-06-18] ()
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 
 
2003-01-10] (America Online, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [117728 
 
2013-10-25] (Webroot)
S4 cpuz134; 
 
\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
U4 intelppm; 
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 
 
2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____D () 
 
C:\Documents and Settings\LocalService\Start 
 
Menu\Programs\Accessories
2014-03-03 13:24 - 2014-03-03 13:24 - 00000000 ____D () 
 
C:\WINDOWS\system32\LogFiles
2014-03-03 13:23 - 2014-03-03 13:31 - 00007514 _____ () 
 
C:\WINDOWS\bitssetup.log
2014-03-03 13:23 - 2014-03-03 13:24 - 00000558 _____ () 
 
C:\WINDOWS\Windows Update.log
2014-03-03 13:20 - 2014-03-03 13:33 - 00181064 _____ 
 
(Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-03-02 12:30 - 2014-03-02 12:30 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Tweaking.com
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 ____D () C:\Program 
 
Files\Tweaking.com
2014-03-02 09:15 - 2014-03-03 10:52 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\Windows Repair All In One 
 
per bleep
2014-03-02 08:33 - 2014-03-02 08:33 - 00000660 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Shortcut to FRST (3).lnk
2014-03-02 08:27 - 2014-03-03 15:02 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\FRST script to clear 
 
badfile
2014-02-28 20:15 - 2014-02-28 20:15 - 00092432 _____ () 
 
C:\Documents and Settings\LocalService\Local Settings\Application 
 
Data\FontCache3.0.0.0.dat
2014-02-28 13:23 - 2014-02-28 13:23 - 00000521 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Shortcut to boot xp.lnk
2014-02-28 13:22 - 2014-02-28 13:22 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\boot xp
2014-02-28 11:54 - 2014-02-28 11:54 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Application Data\ClubSanDisk
2014-02-28 10:56 - 2014-02-28 10:56 - 00000624 _____ () 
 
C:\Documents and Settings\Owner\Application Data\.backup.dm
2014-02-28 03:56 - 2014-03-03 14:43 - 00000000 ____D () C:\FRST
2014-02-28 03:43 - 2014-03-02 09:03 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:15 - 2014-02-28 03:16 - 00000791 _____ () 
 
C:\Documents and Settings\Owner\My Documents\webroot secure 
 
anywhere findings.txt
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () 
 
C:\Documents and Settings\Owner\My 
 
Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-25 16:36 - 2014-03-02 11:23 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\how to
2014-02-25 15:32 - 2014-02-25 22:23 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 14:23 - 2008-04-13 20:12 - 00159232 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-02-25 14:23 - 2001-08-17 22:36 - 00005632 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 11:01 - 2014-02-24 01:48 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-21 18:52 - 2014-02-21 18:53 - 00000141 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename 
 
iexplo ur dot exe.url
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 07:02 - 2014-02-20 07:12 - 00000000 ____D () C:\Program 
 
Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () 
 
C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:35 - 2014-02-20 06:39 - 00000000 ____D () C:\Program 
 
Files\PowerISO
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:29 - 2014-02-20 02:31 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-20 02:29 - 2000-05-22 01:00 - 00244416 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\Msflxgrd.ocx
2014-02-20 02:29 - 2000-05-22 01:00 - 00203976 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\RICHTX32.OCX
2014-02-20 02:29 - 1998-06-24 00:00 - 00209192 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\TABCTL32.OCX
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () 
 
C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:49 - 2014-02-18 06:51 - 00005475 _____ () 
 
C:\WINDOWS\KB2618444-IE8.log
2014-02-16 21:07 - 2014-03-03 14:11 - 00000830 _____ () 
 
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-16 20:51 - 2014-02-17 08:52 - 00000000 ____D () C:\Program 
 
Files\Mozilla Firefox
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () 
 
C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () 
 
C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 
 
Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () 
 
C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade 
 
Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program 
 
Files\Microsoft Windows 7 Upgrade Advisor
2014-02-13 23:12 - 2014-03-03 14:48 - 00000882 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 23:12 - 2014-03-02 23:18 - 00000886 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () 
 
C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 22:59 - 2014-02-13 23:00 - 00012647 _____ () 
 
C:\WINDOWS\KB2909921-IE8.log
2014-02-13 22:58 - 2014-02-13 22:59 - 00005843 _____ () 
 
C:\WINDOWS\KB2909210-IE8.log
2014-02-13 10:35 - 2014-02-13 23:09 - 00015910 _____ () 
 
C:\WINDOWS\KB2916036.log
2014-02-11 20:02 - 2014-02-21 22:02 - 00000219 _____ () 
 
C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-10 18:49 - 2014-02-28 04:42 - 00001111 _____ () 
 
C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () 
 
C:\Documents and Settings\NetworkService\Local 
 
Settings\Application Data\PCHealth
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 
 
2-7-14.txt
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\budget
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power 
 
Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
 
==================== One Month Modified Files and Folders =======
 
2014-03-03 15:02 - 2014-03-02 08:27 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\FRST script to clear 
 
badfile
2014-03-03 14:49 - 2013-02-04 11:14 - 02074694 _____ () 
 
C:\WINDOWS\WindowsUpdate.log
2014-03-03 14:48 - 2014-02-13 23:12 - 00000882 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 14:48 - 2013-02-04 11:16 - 00000159 _____ () 
 
C:\WINDOWS\wiadebug.log
2014-03-03 14:48 - 2013-02-04 11:16 - 00000048 _____ () 
 
C:\WINDOWS\wiaservc.log
2014-03-03 14:48 - 2004-08-26 13:08 - 00000006 ____H () 
 
C:\WINDOWS\Tasks\SA.DAT
2014-03-03 14:47 - 2013-02-04 11:16 - 00032482 _____ () 
 
C:\WINDOWS\SchedLgU.Txt
2014-03-03 14:47 - 2004-08-26 13:09 - 00000178 ___SH () 
 
C:\Documents and Settings\Owner\ntuser.ini
2014-03-03 14:43 - 2014-02-28 03:56 - 00000000 ____D () C:\FRST
2014-03-03 14:11 - 2014-02-16 21:07 - 00000830 _____ () 
 
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-03 14:05 - 2013-09-17 17:12 - 00146808 _____ () 
 
C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-03 13:33 - 2014-03-03 13:20 - 00181064 _____ 
 
(Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2014-03-03 13:31 - 2014-03-03 13:23 - 00007514 _____ () 
 
C:\WINDOWS\bitssetup.log
2014-03-03 13:31 - 2004-08-26 13:01 - 00000000 ____D () 
 
C:\WINDOWS\Registration
2014-03-03 13:30 - 2014-03-03 13:30 - 00000000 ____D () 
 
C:\Documents and Settings\LocalService\Start 
 
Menu\Programs\Accessories
2014-03-03 13:30 - 2004-08-26 13:08 - 00000000 __SHD () 
 
C:\Documents and Settings\LocalService
2014-03-03 13:30 - 2004-08-26 13:04 - 00023392 _____ () 
 
C:\WINDOWS\system32\nscompat.tlb
2014-03-03 13:30 - 2004-08-26 13:04 - 00016832 _____ () 
 
C:\WINDOWS\system32\amcompat.tlb
2014-03-03 13:29 - 2004-08-26 05:54 - 00523760 _____ () 
 
C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-03 13:24 - 2014-03-03 13:24 - 00000000 ____D () 
 
C:\WINDOWS\system32\LogFiles
2014-03-03 13:24 - 2014-03-03 13:23 - 00000558 _____ () 
 
C:\WINDOWS\Windows Update.log
2014-03-03 13:11 - 2004-08-26 05:45 - 00000000 ____D () 
 
C:\WINDOWS\system32\ias
2014-03-03 10:52 - 2014-03-02 09:15 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\Windows Repair All In One 
 
per bleep
2014-03-02 23:18 - 2014-02-13 23:12 - 00000886 _____ () 
 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 19:47 - 2013-09-03 16:03 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Application Data\WRData
2014-03-02 12:30 - 2014-03-02 12:30 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Start 
 
Menu\Programs\Tweaking.com
2014-03-02 12:28 - 2014-03-02 12:28 - 00000000 ____D () C:\Program 
 
Files\Tweaking.com
2014-03-02 11:23 - 2014-02-25 16:36 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\how to
2014-03-02 09:03 - 2014-02-28 03:43 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\Farbar - FRST
2014-03-02 08:33 - 2014-03-02 08:33 - 00000660 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Shortcut to FRST (3).lnk
2014-03-02 08:05 - 2004-08-26 11:12 - 00001170 _____ () 
 
C:\WINDOWS\system32\wpa.dbl
2014-02-28 20:15 - 2014-02-28 20:15 - 00092432 _____ () 
 
C:\Documents and Settings\LocalService\Local Settings\Application 
 
Data\FontCache3.0.0.0.dat
2014-02-28 13:55 - 2013-11-12 19:41 - 00000000 ____D () C:\Program 
 
Files\Recuva
2014-02-28 13:45 - 2012-06-20 13:35 - 00001503 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Paint (2).lnk
2014-02-28 13:23 - 2014-02-28 13:23 - 00000521 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Shortcut to boot xp.lnk
2014-02-28 13:22 - 2014-02-28 13:22 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\boot xp
2014-02-28 11:54 - 2014-02-28 11:54 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Application Data\ClubSanDisk
2014-02-28 10:56 - 2014-02-28 10:56 - 00000624 _____ () 
 
C:\Documents and Settings\Owner\Application Data\.backup.dm
2014-02-28 10:55 - 2013-10-25 20:05 - 00050089 _____ () 
 
C:\WINDOWS\setupapi.log
2014-02-28 04:42 - 2014-02-10 18:49 - 00001111 _____ () 
 
C:\Documents and Settings\Owner\Desktop\BADFILES.txt
2014-02-28 03:36 - 2012-06-19 20:14 - 00001945 _____ () 
 
C:\WINDOWS\epplauncher.mif
2014-02-28 03:21 - 2014-02-28 03:21 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\windows 7
2014-02-28 03:16 - 2014-02-28 03:15 - 00000791 _____ () 
 
C:\Documents and Settings\Owner\My Documents\webroot secure 
 
anywhere findings.txt
2014-02-28 02:59 - 2014-01-19 16:21 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\SanDisk
2014-02-27 19:55 - 2014-02-27 19:55 - 00000083 _____ () 
 
C:\Documents and Settings\Owner\My 
 
Documents\windows-repair-all-in-one.txt
2014-02-27 19:51 - 2014-02-27 19:51 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\dentist letters
2014-02-27 12:38 - 2012-06-30 17:27 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\household
2014-02-25 22:23 - 2014-02-25 15:32 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\DDS from bleep
2014-02-25 22:10 - 2013-09-03 16:03 - 00000000 ____D () C:\Program 
 
Files\Webroot
2014-02-25 16:29 - 2013-09-03 18:13 - 00002315 _____ () 
 
C:\Documents and Settings\All Users\Start Menu\Programs\Adobe 
 
Reader XI.lnk
2014-02-24 23:20 - 2013-09-17 14:27 - 00000000 ____D () 
 
C:\AdwCleaner
2014-02-24 02:34 - 2013-09-12 09:53 - 00000178 ___SH () 
 
C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-24 02:06 - 2012-11-22 17:48 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\bleeping
2014-02-24 01:48 - 2014-02-22 11:01 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\scans feb 19
2014-02-22 16:10 - 2014-02-22 16:10 - 00046262 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Result.txt
2014-02-22 07:05 - 2004-08-26 05:45 - 00000000 ____D () 
 
C:\WINDOWS\Help
2014-02-22 06:25 - 2012-06-17 19:06 - 00000000 ____D () 
 
C:\WINDOWS\system32\NtmsData
2014-02-21 22:02 - 2014-02-11 20:02 - 00000219 _____ () 
 
C:\Documents and Settings\Owner\Desktop\BLEEP CHECK FILES.txt
2014-02-21 19:18 - 2013-03-24 16:58 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\TDSS
2014-02-21 18:55 - 2014-01-25 16:27 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\avast
2014-02-21 18:53 - 2014-02-21 18:52 - 00000141 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Downld TDssKiller rename 
 
iexplo ur dot exe.url
2014-02-21 14:18 - 2012-12-23 06:06 - 00000000 ____D () C:\JRT
2014-02-21 14:08 - 2014-02-21 14:08 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\PowerISO
2014-02-20 20:44 - 2012-11-07 12:24 - 00262144 _____ () 
 
C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-02-20 20:11 - 2012-09-14 20:03 - 00692616 _____ (Adobe 
 
Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-20 20:11 - 2012-09-14 20:03 - 00071048 _____ (Adobe 
 
Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-20 07:12 - 2014-02-20 07:02 - 00000000 ____D () C:\Program 
 
Files\PassShow
2014-02-20 06:39 - 2014-02-20 06:39 - 00000694 _____ () 
 
C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
2014-02-20 06:39 - 2014-02-20 06:39 - 00000000 ____D () 
 
C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
2014-02-20 06:39 - 2014-02-20 06:35 - 00000000 ____D () C:\Program 
 
Files\PowerISO
2014-02-20 03:18 - 2012-06-22 06:56 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\PC Maintenance
2014-02-20 02:31 - 2014-02-20 02:31 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\McAFee TechCheck
2014-02-20 02:31 - 2014-02-20 02:29 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\TechCheck
2014-02-19 14:03 - 2013-01-27 19:15 - 00002327 _____ () 
 
C:\Documents and Settings\Owner\Start Menu\Programs\Windows 
 
Install Clean Up.lnk
2014-02-18 08:39 - 2014-02-18 08:39 - 00000589 _____ () 
 
C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-02-18 06:51 - 2014-02-18 06:49 - 00005475 _____ () 
 
C:\WINDOWS\KB2618444-IE8.log
2014-02-17 08:52 - 2014-02-16 20:51 - 00000000 ____D () C:\Program 
 
Files\Mozilla Firefox
2014-02-16 21:44 - 2013-09-03 11:11 - 00000000 ____D () C:\Program 
 
Files\Mozilla Maintenance Service
2014-02-16 21:06 - 2012-06-19 23:22 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Adobe
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () 
 
C:\WINDOWS\Performance
2014-02-15 19:47 - 2014-02-15 19:47 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Microsoft Corporation
2014-02-15 19:45 - 2014-02-15 19:45 - 00001868 _____ () 
 
C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 
 
Upgrade Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00001862 _____ () 
 
C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade 
 
Advisor.lnk
2014-02-15 19:45 - 2014-02-15 19:45 - 00000000 ____D () C:\Program 
 
Files\Microsoft Windows 7 Upgrade Advisor
2014-02-14 18:35 - 2004-08-26 11:11 - 00001574 _____ () 
 
C:\WINDOWS\system32\Drivers\etc\hosts_bak_414
2014-02-13 23:10 - 2012-06-15 22:45 - 00000000 ____D () 
 
C:\WINDOWS\Microsoft.NET
2014-02-13 23:09 - 2014-02-13 23:09 - 00000000 __HDC () 
 
C:\WINDOWS\$NtUninstallKB2916036$
2014-02-13 23:09 - 2014-02-13 10:35 - 00015910 _____ () 
 
C:\WINDOWS\KB2916036.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00143414 _____ () 
 
C:\WINDOWS\FaxSetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00073530 _____ () 
 
C:\WINDOWS\ocgen.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00057388 _____ () 
 
C:\WINDOWS\tsoc.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00048263 _____ () 
 
C:\WINDOWS\comsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00029950 _____ () 
 
C:\WINDOWS\ntdtcsetup.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00022660 _____ () 
 
C:\WINDOWS\iis6.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00013203 _____ () 
 
C:\WINDOWS\updspapi.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00008120 _____ () 
 
C:\WINDOWS\ocmsn.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00007447 _____ () 
 
C:\WINDOWS\msgsocm.log
2014-02-13 23:09 - 2013-10-25 20:05 - 00001374 _____ () 
 
C:\WINDOWS\imsins.log
2014-02-13 23:04 - 2013-07-16 11:48 - 00000000 ____D () 
 
C:\WINDOWS\system32\MRT
2014-02-13 23:00 - 2014-02-13 22:59 - 00012647 _____ () 
 
C:\WINDOWS\KB2909921-IE8.log
2014-02-13 23:00 - 2013-10-25 20:05 - 00001374 _____ () 
 
C:\WINDOWS\imsins.BAK
2014-02-13 23:00 - 2012-06-19 19:59 - 85946576 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 22:59 - 2014-02-13 22:58 - 00005843 _____ () 
 
C:\WINDOWS\KB2909210-IE8.log
2014-02-12 17:09 - 2013-09-20 11:40 - 00002196 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Power ISO to copy and burn 
 
cds and backups.txt
2014-02-12 13:54 - 2014-01-27 20:04 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\insurance
2014-02-11 20:00 - 2013-10-07 09:51 - 00005120 _____ () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-11 19:17 - 2014-02-11 19:17 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\NVIDIA
2014-02-11 15:48 - 2012-12-01 14:15 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\sewing
2014-02-10 20:17 - 2014-01-28 00:47 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\Teaching
2014-02-10 20:15 - 2014-01-28 00:33 - 00006266 _____ () 
 
C:\Documents and Settings\Owner\My Documents\alphabet.txt
2014-02-10 12:22 - 2012-10-20 20:01 - 00000664 _____ () 
 
C:\WINDOWS\system32\d3d9caps.dat
2014-02-08 19:31 - 2014-02-08 19:31 - 00024326 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Resultlong report.txt
2014-02-08 12:59 - 2004-08-26 13:09 - 00000000 ____D () 
 
C:\Documents and Settings\Owner
2014-02-08 12:52 - 2014-02-08 12:52 - 00000000 ____D () 
 
C:\Documents and Settings\NetworkService\Local 
 
Settings\Application Data\PCHealth
2014-02-08 04:00 - 2013-03-24 12:16 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Desktop\TCPView Hacker
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Local Settings\Application 
 
Data\Help
2014-02-08 03:58 - 2014-02-08 03:58 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\Application Data\Help
2014-02-07 19:25 - 2014-02-07 19:25 - 00020963 _____ () 
 
C:\Documents and Settings\Owner\Desktop\Resultmini tool box errors 
 
2-7-14.txt
2014-02-07 18:53 - 2012-06-20 13:34 - 00007468 _____ () 
 
C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2014-02-07 18:52 - 2014-02-07 18:52 - 00000000 ____D () 
 
C:\Documents and Settings\Owner\My Documents\budget
2014-02-07 18:10 - 2012-06-15 22:38 - 00000000 ____D () 
 
C:\WINDOWS\creator
2014-02-07 18:05 - 2012-06-15 22:38 - 00000000 ____D () 
 
C:\WINDOWS\SMINST
2014-02-07 16:55 - 2013-10-25 20:05 - 00000300 _____ () 
 
C:\WINDOWS\setupact.log
2014-02-07 16:42 - 2012-09-14 20:04 - 00001813 _____ () 
 
C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-06 03:54 - 2009-03-08 03:32 - 00174592 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2004-08-26 11:11 - 00174592 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 18:26 - 2012-06-19 19:08 - 00522240 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 11113472 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 02006016 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00743424 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00630272 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00247808 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00055296 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2012-06-19 19:06 - 00012800 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2012-06-19 18:45 - 00759296 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 06021120 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 01216000 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00920064 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2010-04-16 11:09 - 00184320 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2009-03-08 13:09 - 00387584 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 01469440 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2009-03-08 03:34 - 00206848 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00105984 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2009-03-08 03:34 - 00043520 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00025600 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00611840 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00067072 ____C (Microsoft 
 
Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 06021120 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 01216000 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00920064 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00611840 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00206848 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00105984 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-26 11:12 - 00067072 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 01469440 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-26 11:11 - 00387584 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00184320 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00043520 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00025600 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-26 11:11 - 00018944 _____ (Microsoft 
 
Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-26 11:11 - 00385024 ____N (Microsoft 
 
Corporation) C:\WINDOWS\system32\html.iec
2014-02-03 01:45 - 2014-02-03 01:45 - 00114408 _____ (Power 
 
Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

Toffee, I am sorry about the two FRST scan reports. There doesn't seem to be a difference.  This post has gotten so long already, I do not mind if you delete reports I didn't need to include.  


Edited by JoanneMT, 03 March 2014 - 03:33 PM.


#15 JoanneMT

JoanneMT
  • Topic Starter

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:02:36 PM

Posted 04 March 2014 - 03:03 PM

Toffee: Firefox is still giving the popups and adding websites. chrome is behaving all right.  ie is only used by windows for downloads and I haven't done anything to it - I thought I saw that Java is needed on the PC for IE8 but I have removed all I can find.

 

I still have those two CVE-2012  programs on my add/remove programs list.  They will not uninstall, and they freeze the machine when I try, so that I have to reboot.

 

I found this site: http://singularlabs.com/uninstallers/security-software/  I've removed several software packages but never as completely as this site claims.

 

I'm running Webroot secure anywhere scanner and have been able to clear its findings. It only scans for malware and rootkits. what about a virus scanner? I uninstalled MSE.

 

thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users