Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My pc is infected with windows security virus


  • This topic is locked This topic is locked
45 replies to this topic

#1 briarpatch

briarpatch

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 February 2014 - 10:24 PM

My pc is infected with windows securtiy virus and nothing will remove it. Not malware bytes, hitman pro etc. Everything I try seems to be outdated and useless. please help. 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 27 February 2014 - 03:19 AM

Hi,
 
please run a FRST scan. If this doesn't work that also try it in safe mode:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 27 February 2014 - 03:08 PM

Hi, this is the scan from the FRST. 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Administrator at 2014-02-27 15:05:00
Running from F:\Documents and Settings\gary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Anki (HKLM\...\Anki) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtomTime Pro 3.1d (HKLM\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Citrix Receiver (HDX Flash Redirection) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
CoCreate Modeling Personal Edition 3.0 (HKLM\...\{1FCB34FE-8BDA-4664-A231-A07A120159B0}) (Version: 30.0.0034 - Parametric Technology GmbH)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell Software Uninstall (HKLM\...\Dell_HostCD) (Version: - Dell, Inc.)
eMachineShop (HKLM\...\eMachineShop_is1) (Version: - )
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GospeLink 2001 (HKLM\...\{01D01D87-9272-47F0-A8A0-E8F1D682AE30}) (Version: - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PRO Network Connections 12.2.41.0 (HKLM\...\{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}) (Version: 12.2.41.0 - Intel)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
LDS View 7.1 (HKLM\...\{4AA4CB9C-8F35-4914-A6AE-EDBD0B4F2610}) (Version: 7.1.50 - Intellectual Reserve, Inc.)
LedEdit 2012 (HKLM\...\{DF93AFE2-D7CB-47C2-8F2D-7267CBE359B1}) (Version: 1.0.1 - LedEdit 2012)
LedEdit 2013 (HKLM\...\{88C2C81F-BD2D-4300-AEB9-80FEB7EC227C}) (Version: 1.0.1 - LedEdit 2013)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Language Pack - CHS (Version: 1.1.50727.42 - Microsoft Corporation) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 语言包 - 简体中文 (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - CHS) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 25.0 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
QuickBooks Premier: Contractor Edition 2009 (HKLM\...\{9A2F0810-3626-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tax Forms Helper 2010 9.5 (HKLM\...\Tax Forms Helper 2010_is1) (Version: - )
Tax Forms Helper 2013 11.0 (HKLM\...\Tax Forms Helper 2013_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VLC media player 1.0.2 (HKLM\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

30-11-2013 15:37:15 System Checkpoint
01-12-2013 16:15:02 System Checkpoint
02-12-2013 17:31:54 System Checkpoint
03-12-2013 19:42:51 System Checkpoint
04-12-2013 20:42:44 System Checkpoint
05-12-2013 22:30:24 System Checkpoint
06-12-2013 23:28:14 System Checkpoint
08-12-2013 00:46:54 System Checkpoint
09-12-2013 03:21:53 System Checkpoint
10-12-2013 06:39:41 System Checkpoint
11-12-2013 08:14:25 System Checkpoint
12-12-2013 14:22:01 System Checkpoint
13-12-2013 16:24:24 System Checkpoint
14-12-2013 18:36:53 System Checkpoint
15-12-2013 18:49:07 System Checkpoint
16-12-2013 19:13:12 System Checkpoint
17-12-2013 20:32:44 System Checkpoint
18-12-2013 20:49:11 System Checkpoint
19-12-2013 20:54:32 System Checkpoint
20-12-2013 21:13:12 System Checkpoint
21-12-2013 21:49:11 System Checkpoint
22-12-2013 22:20:57 System Checkpoint
23-12-2013 22:59:55 System Checkpoint
25-12-2013 01:30:39 System Checkpoint
26-12-2013 02:09:02 System Checkpoint
27-12-2013 03:48:26 System Checkpoint
28-12-2013 05:24:26 System Checkpoint
29-12-2013 07:00:25 System Checkpoint
30-12-2013 07:24:29 System Checkpoint
31-12-2013 09:47:34 System Checkpoint
01-01-2014 14:50:13 System Checkpoint
02-01-2014 15:52:01 System Checkpoint
03-01-2014 18:17:13 System Checkpoint
04-01-2014 20:07:58 System Checkpoint
05-01-2014 20:28:36 System Checkpoint
06-01-2014 21:05:47 System Checkpoint
07-01-2014 21:36:33 System Checkpoint
09-01-2014 06:18:28 System Checkpoint
10-01-2014 08:01:11 System Checkpoint
11-01-2014 08:10:12 System Checkpoint
12-01-2014 08:22:14 System Checkpoint
13-01-2014 09:17:12 System Checkpoint
14-01-2014 11:31:35 System Checkpoint
15-01-2014 11:34:16 System Checkpoint
16-01-2014 12:21:11 System Checkpoint
17-01-2014 12:57:08 System Checkpoint
18-01-2014 14:12:02 System Checkpoint
19-01-2014 17:26:56 System Checkpoint
20-01-2014 19:09:09 System Checkpoint
21-01-2014 20:09:08 System Checkpoint
22-01-2014 20:50:02 System Checkpoint
23-01-2014 20:52:18 System Checkpoint
24-01-2014 21:51:06 System Checkpoint
25-01-2014 22:18:22 System Checkpoint
26-01-2014 23:19:27 System Checkpoint
28-01-2014 06:46:47 System Checkpoint
29-01-2014 07:00:42 System Checkpoint
30-01-2014 07:07:27 System Checkpoint
31-01-2014 08:22:20 System Checkpoint
01-02-2014 11:59:41 System Checkpoint
02-02-2014 13:42:10 System Checkpoint
03-02-2014 14:32:02 System Checkpoint
04-02-2014 16:35:02 System Checkpoint
05-02-2014 18:17:15 System Checkpoint
06-02-2014 20:13:34 System Checkpoint
07-02-2014 20:25:04 System Checkpoint
08-02-2014 20:28:23 System Checkpoint
09-02-2014 22:14:56 System Checkpoint
10-02-2014 23:37:51 System Checkpoint
11-02-2014 23:59:08 System Checkpoint
13-02-2014 01:07:10 System Checkpoint
14-02-2014 01:25:54 System Checkpoint
15-02-2014 02:36:56 System Checkpoint
16-02-2014 02:37:14 System Checkpoint
17-02-2014 05:35:23 System Checkpoint
18-02-2014 07:08:04 System Checkpoint
19-02-2014 08:20:15 System Checkpoint
20-02-2014 08:54:41 System Checkpoint
21-02-2014 09:57:16 System Checkpoint
22-02-2014 14:59:32 System Checkpoint
23-02-2014 17:00:49 System Checkpoint
24-02-2014 17:10:52 System Checkpoint
25-02-2014 19:05:58 System Checkpoint
26-02-2014 19:44:08 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 07:00 - 2013-11-05 08:25 - 00450570 ___RA F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => F:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: F:\WINDOWS\Tasks\Adobe Flash Player Updater.job => F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: F:\WINDOWS\Tasks\AppleSoftwareUpdate.job => F:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004Core.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004UA.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () F:\WINDOWS\system32\vpnapi.dll
2011-09-19 11:02 - 2010-03-04 22:38 - 00071096 _____ () F:\Program Files\CDBurnerXP\NMSAccessU.exe
2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () F:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () F:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CTFMON.EXE =>
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 00:33:02 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.1.522.00x80004005previous uninstall incomplete4.1.522.00security essentialsNILNILNIL

Error: (02/24/2014 02:34:02 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry2152759308unspecifiedscanfile4.1.522.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (02/21/2014 01:08:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2014 11:48:18 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 12.16.1860.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/20/2014 11:48:18 AM) (Source: Application Hang) (User: )
Description: Hanging application opera.exe, version 12.16.1860.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/13/2014 05:51:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/13/2014 05:24:31 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/12/2014 04:38:21 PM) (Source: Application Hang) (User: )
Description: Hanging application Installer.exe, version 3.0.29.364, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/12/2014 08:39:03 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/06/2014 02:47:33 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:20:22 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/27/2014 05:20:01 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 0019D1273BBE has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/26/2014 02:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/26/2014 02:01:36 PM) (Source: DCOM) (User: ICES-E1ED5A4C5C)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (02/26/2014 02:01:09 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%126

Error: (02/26/2014 02:00:30 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/26/2014 01:57:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/26/2014 09:07:49 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (02/25/2014 00:33:02 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.1.522.00x80004005previous uninstall incomplete4.1.522.00security essentialsNILNILNIL

Error: (02/24/2014 02:34:02 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.1.522.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (02/21/2014 01:08:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/20/2014 11:48:18 AM) (Source: Application Hang)(User: )
Description: opera.exe12.16.1860.0hungapp0.0.0.000000000

Error: (02/20/2014 11:48:18 AM) (Source: Application Hang)(User: )
Description: opera.exe12.16.1860.0hungapp0.0.0.000000000

Error: (02/13/2014 05:51:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/13/2014 05:24:31 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/12/2014 04:38:21 PM) (Source: Application Hang)(User: )
Description: Installer.exe3.0.29.364hungapp0.0.0.000000000

Error: (02/12/2014 08:39:03 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/06/2014 02:47:33 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 1013.86 MB
Available physical RAM: 470.76 MB
Total Pagefile: 2441.16 MB
Available Pagefile: 1862.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.98 MB

==================== Drives ================================

Drive f: () (Fixed) (Total:465.75 GB) (Free:378.82 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 22F722F6)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 27 February 2014 - 03:15 PM

I'am sorry but this is the FRST.txt. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Administrator (administrator) on ICES-E1ED5A4C5C on 27-02-2014 15:04:29
Running from F:\Documents and Settings\gary\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) F:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) F:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Sun Microsystems, Inc.) F:\Program Files\Java\jre6\bin\jqs.exe
() F:\Program Files\CDBurnerXP\NMSAccessU.exe
(Intuit) F:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Google Inc.) F:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRServer.exe
(Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
(Nikon Corporation) F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Adobe Systems Incorporated) F:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Nuance Communications, Inc.) F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Citrix Systems, Inc.) F:\Program Files\Citrix\ICA Client\redirector.exe
(Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) F:\Program Files\Messenger\msmsgs.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) F:\Program Files\iPod\bin\iPodService.exe
(Opera Software) F:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nikon Transfer Monitor] - F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [Adobe Photo Downloader] - F:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Intuit SyncManager] - F:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [SSBkgdUpdate] - F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - F:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - F:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] - F:\Program Files\Citrix\ICA Client\redirector.exe [128960 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - F:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - F:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [DW6] - "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [SpybotSD TeaTimer] - F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [TomTomHOME.exe] - "F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [MSMSGS] - F:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {331de15e-242a-11e0-88db-0019d1273bbe} - G:\GUARDIAN.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {69a8857c-b0aa-11e1-89a1-0019d1273bbe} - G:\setup.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {958c4fdb-6305-11e1-8981-0019d1273bbe} - G:\GUARDIAN.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {ba45d8d9-83b7-11e1-898f-0019d1273bbe} - D:\OpenSecureFiles.exe
AppInit_DLLs: F:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => F:\Program Files\Citrix\ICA Client\RSHook.dll [255936 2011-08-11] (Citrix Systems, Inc.)
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> F:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=00dad079-d930-5996-ce04-f25f2bab1951&searchtype=ds&q={searchTerms}&installDate=03/11/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=00dad079-d930-5996-ce04-f25f2bab1951&searchtype=ds&q={searchTerms}&installDate=03/11/2013
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - F:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - F:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - F:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 F:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 CVPND; F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 HitmanProScheduler; F:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-25] (SurfRight B.V.)
R2 JavaQuickStarterService; F:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-08-25] (Sun Microsystems, Inc.)
R2 NMSAccess; F:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
R2 SplashtopRemoteService; F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
R2 SSUService; F:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S3 ACDaemon; F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [X]
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [X]

==================== Drivers (Whitelisted) ====================

R3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CVirtA; F:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; F:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
R3 DNE; F:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 Lbd; F:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
R2 StarOpen; F:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] ()
R3 STHDA; F:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
S3 vsdatant; F:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S1 aegrursp; \??\F:\WINDOWS\system32\drivers\aegrursp.sys [X]
S1 cknzjqht; \??\F:\WINDOWS\system32\drivers\cknzjqht.sys [X]
S1 crpocqni; \??\F:\WINDOWS\system32\drivers\crpocqni.sys [X]
S3 efavdrv; \??\F:\WINDOWS\system32\drivers\efavdrv.sys [X]
S1 hrjgxtzp; \??\F:\WINDOWS\system32\drivers\hrjgxtzp.sys [X]
S4 IntelIde; No ImagePath
S1 klunrema; \??\F:\WINDOWS\system32\drivers\klunrema.sys [X]
S1 lfllclsh; \??\F:\WINDOWS\system32\drivers\lfllclsh.sys [X]
S1 qbcucfzq; \??\F:\WINDOWS\system32\drivers\qbcucfzq.sys [X]
S1 qyseuuol; \??\F:\WINDOWS\system32\drivers\qyseuuol.sys [X]
U5 ScsiPort; F:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 14:56 - 2014-02-27 15:03 - 00000178 ___SH () F:\Documents and Settings\Administrator\ntuser.ini
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 __SHD () F:\Documents and Settings\Administrator\IETldCache
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 ____D () F:\Documents and Settings\Administrator
2014-02-27 14:56 - 2011-01-17 15:36 - 00001599 _____ () F:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-02-27 14:56 - 2011-01-17 15:36 - 00000792 _____ () F:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-02-27 14:56 - 2011-01-17 15:36 - 00000000 ___RD () F:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-02-27 14:53 - 2014-02-27 14:53 - 00027486 _____ () F:\Documents and Settings\gary\Desktop\Addition.txt
2014-02-27 14:52 - 2014-02-27 15:04 - 00015000 _____ () F:\Documents and Settings\gary\Desktop\FRST.txt
2014-02-27 14:51 - 2014-02-27 15:04 - 00000000 ____D () F:\FRST
2014-02-27 14:46 - 2014-02-27 14:46 - 01143808 _____ (Farbar) F:\Documents and Settings\gary\Desktop\FRST.exe
2014-02-26 13:54 - 2014-02-26 13:56 - 00006328 _____ () F:\Documents and Settings\gary\Desktop\Rkill.txt
2014-02-26 09:06 - 2014-02-26 09:06 - 00000000 ____D () F:\WINDOWS\CSC
2014-02-25 21:41 - 2014-02-25 21:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ESET
2014-02-25 21:31 - 2014-02-25 21:31 - 00001616 _____ () F:\WINDOWS\system32\.crusader
2014-02-25 21:21 - 2014-02-25 21:21 - 00001610 _____ () F:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Program Files\HitmanPro
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-02-25 21:19 - 2014-02-25 21:32 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-25 13:20 - 2014-02-25 13:20 - 00108310 _____ () F:\Documents and Settings\All Users\Application Data\1393352289.bdinstall.bin
2014-02-25 13:20 - 2014-02-25 13:20 - 00000000 ____D () F:\Program Files\Bitdefender
2014-02-25 12:44 - 2014-02-25 12:46 - 204561264 ____N (Symantec Corporation) F:\Documents and Settings\gary\Desktop\NIS-TW-21.1.0-EN-US.exe
2014-02-25 12:32 - 2014-02-25 12:32 - 00044703 _____ () F:\Documents and Settings\All Users\Application Data\1393349542.bdinstall.bin
2014-02-24 10:48 - 2014-02-24 10:49 - 99695896 _____ (Microsoft Corporation) F:\Documents and Settings\gary\Desktop\msert.exe
2014-02-20 00:47 - 2014-02-20 00:47 - 01287824 _____ () F:\Documents and Settings\gary\Desktop\PDFReaderSetup.exe
2014-02-18 11:27 - 2014-02-27 09:05 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\MAR2014PERS.xls
2014-02-12 16:36 - 2014-02-12 16:38 - 00000262 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.8080.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00039977 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.4916.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00002043 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.6464.bin
2014-02-11 10:55 - 2014-02-11 10:56 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013INC.xls
2014-02-10 23:11 - 2014-02-11 10:44 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013PERSLOANS.xls
2014-02-10 22:23 - 2014-02-10 22:23 - 00074752 _____ () F:\Documents and Settings\gary\Desktop\GENERATOR CORE INFORMATION.xls
2014-02-04 19:46 - 2014-02-11 11:22 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2013BUSSUMMARY.xls

==================== One Month Modified Files and Folders =======

2014-02-27 15:04 - 2014-02-27 14:52 - 00015000 _____ () F:\Documents and Settings\gary\Desktop\FRST.txt
2014-02-27 15:04 - 2014-02-27 14:51 - 00000000 ____D () F:\FRST
2014-02-27 15:03 - 2014-02-27 14:56 - 00000178 ___SH () F:\Documents and Settings\Administrator\ntuser.ini
2014-02-27 15:01 - 2011-12-24 09:52 - 00000882 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 __SHD () F:\Documents and Settings\Administrator\IETldCache
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 ____D () F:\Documents and Settings\Administrator
2014-02-27 14:55 - 2012-07-25 14:39 - 00000830 _____ () F:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-27 14:53 - 2014-02-27 14:53 - 00027486 _____ () F:\Documents and Settings\gary\Desktop\Addition.txt
2014-02-27 14:46 - 2014-02-27 14:46 - 01143808 _____ (Farbar) F:\Documents and Settings\gary\Desktop\FRST.exe
2014-02-27 14:42 - 2012-02-26 19:19 - 00000990 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004UA.job
2014-02-27 12:07 - 2014-01-02 13:26 - 00042496 _____ () F:\Documents and Settings\gary\My Documents\CKREGISTER2014.xls
2014-02-27 09:05 - 2014-02-18 11:27 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\MAR2014PERS.xls
2014-02-27 09:01 - 2011-01-17 15:39 - 00032494 _____ () F:\WINDOWS\SchedLgU.Txt
2014-02-27 09:00 - 2014-01-16 06:07 - 00026112 _____ () F:\Documents and Settings\gary\My Documents\FEB2014PERS.xls
2014-02-27 08:01 - 2011-12-24 09:52 - 00000878 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 07:51 - 2007-05-11 17:13 - 00000257 _____ () F:\WINDOWS\wiadebug.log
2014-02-27 07:49 - 2004-08-04 07:00 - 00013646 _____ () F:\WINDOWS\system32\wpa.dbl
2014-02-27 05:20 - 2011-01-17 15:39 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT
2014-02-27 05:20 - 2007-05-11 17:13 - 00000049 _____ () F:\WINDOWS\wiaservc.log
2014-02-26 19:42 - 2012-02-26 19:19 - 00000938 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004Core.job
2014-02-26 14:09 - 2012-03-23 09:06 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Norton
2014-02-26 14:08 - 2011-01-17 15:35 - 01112567 _____ () F:\WINDOWS\WindowsUpdate.log
2014-02-26 14:07 - 2011-01-17 15:41 - 00000278 ___SH () F:\Documents and Settings\gary\ntuser.ini
2014-02-26 13:56 - 2014-02-26 13:54 - 00006328 _____ () F:\Documents and Settings\gary\Desktop\Rkill.txt
2014-02-26 09:06 - 2014-02-26 09:06 - 00000000 ____D () F:\WINDOWS\CSC
2014-02-26 03:10 - 2011-01-21 22:18 - 00000000 ____D () F:\Program Files\Opera
2014-02-25 21:41 - 2014-02-25 21:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ESET
2014-02-25 21:32 - 2014-02-25 21:19 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-25 21:31 - 2014-02-25 21:31 - 00001616 _____ () F:\WINDOWS\system32\.crusader
2014-02-25 21:21 - 2014-02-25 21:21 - 00001610 _____ () F:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Program Files\HitmanPro
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-02-25 13:20 - 2014-02-25 13:20 - 00108310 _____ () F:\Documents and Settings\All Users\Application Data\1393352289.bdinstall.bin
2014-02-25 13:20 - 2014-02-25 13:20 - 00000000 ____D () F:\Program Files\Bitdefender
2014-02-25 13:01 - 2011-01-17 15:39 - 00000000 __SHD () F:\Documents and Settings\LocalService
2014-02-25 12:46 - 2014-02-25 12:44 - 204561264 ____N (Symantec Corporation) F:\Documents and Settings\gary\Desktop\NIS-TW-21.1.0-EN-US.exe
2014-02-25 12:33 - 2012-11-26 21:57 - 00001945 _____ () F:\WINDOWS\epplauncher.mif
2014-02-25 12:32 - 2014-02-25 12:32 - 00044703 _____ () F:\Documents and Settings\All Users\Application Data\1393349542.bdinstall.bin
2014-02-24 10:49 - 2014-02-24 10:48 - 99695896 _____ (Microsoft Corporation) F:\Documents and Settings\gary\Desktop\msert.exe
2014-02-24 09:05 - 2011-01-17 15:41 - 00000000 ____D () F:\Documents and Settings\gary
2014-02-23 16:10 - 2011-01-20 16:11 - 00000472 _____ () F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-02-21 14:55 - 2012-04-20 14:16 - 00692616 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 14:55 - 2011-05-27 19:42 - 00071048 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 08:58 - 2011-09-15 15:48 - 00000284 _____ () F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-21 03:07 - 2013-11-07 08:26 - 00001813 _____ () F:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-20 00:47 - 2014-02-20 00:47 - 01287824 _____ () F:\Documents and Settings\gary\Desktop\PDFReaderSetup.exe
2014-02-19 12:10 - 2014-01-27 12:58 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus0214.xls
2014-02-19 09:08 - 2011-03-07 07:32 - 00017920 _____ () F:\Documents and Settings\gary\My Documents\newbeginning.xls
2014-02-18 11:25 - 2011-01-24 23:54 - 00028672 _____ () F:\Documents and Settings\gary\My Documents\retirement.xls
2014-02-18 08:43 - 2014-01-03 11:47 - 00026112 _____ () F:\Documents and Settings\gary\My Documents\2014DEDUCTIONS.xls
2014-02-17 21:26 - 2013-08-15 22:36 - 00051712 _____ () F:\Documents and Settings\gary\Desktop\Indicative shaft and electric power output for engines and gensets. proteg12A1.xls
2014-02-13 18:02 - 2007-05-11 17:09 - 00194144 _____ () F:\WINDOWS\setupact.log
2014-02-12 16:38 - 2014-02-12 16:36 - 00000262 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.8080.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00039977 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.4916.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00002043 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.6464.bin
2014-02-11 11:22 - 2014-02-04 19:46 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2013BUSSUMMARY.xls
2014-02-11 10:56 - 2014-02-11 10:55 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013INC.xls
2014-02-11 10:44 - 2014-02-10 23:11 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013PERSLOANS.xls
2014-02-11 10:42 - 2013-02-23 00:25 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\2013CREDITCARDS.xls
2014-02-11 10:18 - 2013-01-04 08:51 - 00046080 _____ () F:\Documents and Settings\gary\My Documents\CKREGISTER2013.xls
2014-02-10 22:23 - 2014-02-10 22:23 - 00074752 _____ () F:\Documents and Settings\gary\Desktop\GENERATOR CORE INFORMATION.xls
2014-02-04 19:43 - 2012-01-18 11:55 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2011BUSSUMMARY.xls
2014-02-04 19:09 - 2011-01-18 19:03 - 85946576 ____N (Microsoft Corporation) F:\WINDOWS\system32\MRT.exe
2014-02-03 20:38 - 2014-01-14 08:58 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus012014.xls
2014-02-03 19:49 - 2012-02-26 19:20 - 00002309 _____ () F:\Documents and Settings\holopaw!\Desktop\Google Chrome.lnk
2014-02-02 14:48 - 2012-11-03 18:15 - 00097258 _____ () F:\WINDOWS\setupapi.log
2014-01-30 08:53 - 2013-12-14 21:55 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\JAN2014PERS.xls

ZeroAccess:
F:\RECYCLER\S-1-5-21-1659004503-1682526488-682003330-1003\$aa6b4f676b574f32829a8e6c4608ca55

Some content of TEMP:
====================
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-673a2222.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8acc541d.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b5ab2c6f.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b74d5640.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ddfd7d6a.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e7982b8b.exe


==================== Bamital & volsnap Check =================

F:\WINDOWS\explorer.exe => MD5 is legit
F:\WINDOWS\system32\winlogon.exe => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit
F:\WINDOWS\system32\User32.dll => MD5 is legit
F:\WINDOWS\system32\userinit.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 27 February 2014 - 04:26 PM

Hi,
 
can you please describe what problems and symptoms you are experiencing now?


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#6 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 27 February 2014 - 11:57 PM

I ran combofix and for over two hours it said it was scanning for infected files, the cpu sounds like a large industrial fan its going so  fast.

I tried in safe mode and without and both did the same. My computer is getting slower and slower and while I type it will lock up and I have to close this program and come back in to type this. 

It seems this virus knows when we try to delete it and it takes evasive action by taken over the anti virus we use to find it. 



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 28 February 2014 - 03:58 AM

Then let's try this:


Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#8 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 February 2014 - 03:48 PM

finally got it. 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.28.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
gary :: ICES-E1ED5A4C5C [administrator]

2/28/2014 12:12:44 PM
mbar-log-2014-02-28 (12-12-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 299961
Time elapsed: 1 hour(s), 7 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063108608, free: 434085888

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063108608, free: 397041664

Downloaded database version: v2014.02.28.08
Downloaded database version: v2014.02.20.01
Initializing...
======================
Done!
Scanning drivers directory: F:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 22F722F6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

failed to create file F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam - 5
Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063108608, free: 438571008

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063108608, free: 438751232

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_27

File system is: NTFS
Disk drives: F:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1063108608, free: 439287808

=======================================


Scan finished
=======================================


Removal queue found; removal started
Removing F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished



#9 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 February 2014 - 06:23 PM

I may have confused you with what I did. I did not get the virus removed, what I ment by "I finally got it" was I was able to run a scan and get the logs you needed.   sorry for the confusion    I still have the problem. 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 01 March 2014 - 06:10 AM

All right. :)
Then we need a fresh FRST log.
Can you please describe what problems and symptoms you are experiencing exactly right now?


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 01 March 2014 - 01:37 PM

my pc is extremely slow and locks up while I am browsing. It is also difficult to post this information you need because it will lock up. I have the red shield with a white cross icon on my quick launch bar from this virus. 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-03-2014
Ran by Administrator (administrator) on ICES-E1ED5A4C5C on 01-03-2014 13:21:48
Running from F:\Documents and Settings\gary\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) F:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) F:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Sun Microsystems, Inc.) F:\Program Files\Java\jre6\bin\jqs.exe
() F:\Program Files\CDBurnerXP\NMSAccessU.exe
(Google Inc.) F:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Intuit) F:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRServer.exe
(Microsoft Corporation) F:\WINDOWS\system32\wscntfy.exe
(Splashtop Inc.) F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
(Nikon Corporation) F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Adobe Systems Incorporated) F:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
(Nuance Communications, Inc.) F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Adobe Systems Incorporated) F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Citrix Systems, Inc.) F:\Program Files\Citrix\ICA Client\redirector.exe
(Apple Inc.) F:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) F:\Program Files\Messenger\msmsgs.exe
(Brother Industries, Ltd.) F:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Apple Inc.) F:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) F:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) F:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) F:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Opera Software) F:\Program Files\Opera\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nikon Transfer Monitor] - F:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM\...\Run: [Adobe Photo Downloader] - F:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Intuit SyncManager] - F:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [SSBkgdUpdate] - F:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - F:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] - F:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1089536 2008-02-19] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] - F:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ConnectionCenter] - F:\Program Files\Citrix\ICA Client\redirector.exe [128960 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - F:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - F:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [DW6] - "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [SpybotSD TeaTimer] - F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [TomTomHOME.exe] - "F:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\Run: [MSMSGS] - F:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {331de15e-242a-11e0-88db-0019d1273bbe} - G:\GUARDIAN.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {69a8857c-b0aa-11e1-89a1-0019d1273bbe} - G:\setup.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {958c4fdb-6305-11e1-8981-0019d1273bbe} - G:\GUARDIAN.exe
HKU\S-1-5-21-1659004503-1682526488-682003330-1003\...\MountPoints2: {ba45d8d9-83b7-11e1-898f-0019d1273bbe} - D:\OpenSecureFiles.exe
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> F:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=00dad079-d930-5996-ce04-f25f2bab1951&searchtype=ds&q={searchTerms}&installDate=03/11/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SnapdoGOblidooYB&dpid=GOB1&co=US&userid=00dad079-d930-5996-ce04-f25f2bab1951&searchtype=ds&q={searchTerms}&installDate=03/11/2013
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: CtxIEInterceptorBHO Class - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - F:\Program Files\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - F:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - F:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 F:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

R2 CVPND; F:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
R2 HitmanProScheduler; F:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-25] (SurfRight B.V.)
R2 JavaQuickStarterService; F:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-08-25] (Sun Microsystems, Inc.)
R2 NMSAccess; F:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S2 PEVSystemStart; F:\ComboFix\SWREG.3XE [518144 2000-08-30] (SteelWerX)
R2 SplashtopRemoteService; F:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
R2 SSUService; F:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
S3 ACDaemon; F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

==================== Drivers (Whitelisted) ====================

S3 BrScnUsb; F:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CVirtA; F:\WINDOWS\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; F:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
R3 DNE; F:\WINDOWS\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 Lbd; F:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-12-03] (Lavasoft AB)
R3 mbamchameleon; F:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-02-28] (Malwarebytes Corporation)
R2 StarOpen; F:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] ()
R3 STHDA; F:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
S3 vsdatant; F:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S1 aegrursp; \??\F:\WINDOWS\system32\drivers\aegrursp.sys [X]
S3 catchme; \??\F:\DOCUME~1\gary\LOCALS~1\Temp\catchme.sys [X]
S1 cknzjqht; \??\F:\WINDOWS\system32\drivers\cknzjqht.sys [X]
S1 crpocqni; \??\F:\WINDOWS\system32\drivers\crpocqni.sys [X]
S3 efavdrv; \??\F:\WINDOWS\system32\drivers\efavdrv.sys [X]
S1 hrjgxtzp; \??\F:\WINDOWS\system32\drivers\hrjgxtzp.sys [X]
S4 IntelIde; No ImagePath
S1 klunrema; \??\F:\WINDOWS\system32\drivers\klunrema.sys [X]
S1 lfllclsh; \??\F:\WINDOWS\system32\drivers\lfllclsh.sys [X]
S1 qbcucfzq; \??\F:\WINDOWS\system32\drivers\qbcucfzq.sys [X]
S1 qyseuuol; \??\F:\WINDOWS\system32\drivers\qyseuuol.sys [X]
U5 ScsiPort; F:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 13:21 - 2014-03-01 13:21 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\FRST-OlderVersion
2014-02-28 17:17 - 2014-02-28 17:20 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus0314.xls
2014-02-28 12:01 - 2014-02-28 15:36 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\mbar
2014-02-28 08:58 - 2014-02-28 08:58 - 00000000 ____D () F:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
2014-02-28 08:23 - 2014-02-28 15:36 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-28 08:23 - 2014-02-28 12:12 - 00107224 _____ (Malwarebytes Corporation) F:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 08:22 - 2014-02-28 11:57 - 00000000 ____D () F:\Documents and Settings\Administrator\Desktop\mbar
2014-02-28 08:22 - 2014-02-28 08:22 - 00052312 _____ (Malwarebytes Corporation) F:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-28 08:20 - 2014-02-28 08:21 - 12589848 _____ (Malwarebytes Corp.) F:\Documents and Settings\gary\Desktop\mbar-1.07.0.1009.exe
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2868626$
2014-02-28 05:15 - 2014-02-28 05:15 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2916036$
2014-02-28 05:14 - 2014-02-28 05:14 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2834886$
2014-02-28 05:14 - 2014-02-28 05:14 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2758857$
2014-02-28 05:13 - 2014-02-28 05:14 - 00137662 _____ () F:\WINDOWS\KB2834886.log
2014-02-28 05:04 - 2014-02-28 05:04 - 00135223 _____ () F:\WINDOWS\KB2900986.log
2014-02-28 05:04 - 2014-02-28 05:04 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2900986$
2014-02-28 05:04 - 2014-02-28 05:04 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2847311$
2014-02-28 04:54 - 2014-02-28 04:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2898715$
2014-02-28 04:54 - 2014-02-28 04:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2802968$
2014-02-28 04:51 - 2014-02-28 04:51 - 00135699 _____ () F:\WINDOWS\KB2862335.log
2014-02-28 04:51 - 2014-02-28 04:51 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862335$
2014-02-28 04:50 - 2014-02-28 04:50 - 00133711 _____ () F:\WINDOWS\KB2834904-v2.log
2014-02-28 04:50 - 2014-02-28 04:50 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-02-28 04:49 - 2014-02-28 04:49 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2780091$
2014-02-28 04:42 - 2014-02-28 04:42 - 00133938 _____ () F:\WINDOWS\KB2904266.log
2014-02-28 04:42 - 2014-02-28 04:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2904266$
2014-02-28 04:42 - 2014-02-28 04:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2845187$
2014-02-28 04:41 - 2014-02-28 04:41 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2876217$
2014-02-28 04:31 - 2014-02-28 04:31 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2864063$
2014-02-28 04:30 - 2014-02-28 04:30 - 00000000 __SHD () F:\Documents and Settings\Default User\IETldCache
2014-02-28 04:28 - 2014-02-28 04:28 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862152$
2014-02-28 04:13 - 2014-02-28 04:13 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2770660$
2014-02-28 04:12 - 2014-02-28 04:12 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2876331$
2014-02-28 04:12 - 2014-02-28 04:12 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2850869$
2014-02-28 04:11 - 2014-02-28 04:11 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2859537$
2014-02-28 04:10 - 2014-02-28 04:10 - 00014416 _____ () F:\WINDOWS\KB2807986.log
2014-02-28 04:10 - 2014-02-28 04:10 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2807986$
2014-02-28 04:02 - 2014-02-28 04:02 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2868038$
2014-02-28 04:01 - 2014-02-28 04:02 - 00013491 _____ () F:\WINDOWS\KB2868038.log
2014-02-28 04:01 - 2014-02-28 04:01 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2820917$
2014-02-28 03:55 - 2014-02-28 03:55 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2893294$
2014-02-28 03:54 - 2014-02-28 03:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2757638$
2014-02-28 03:51 - 2014-02-28 03:51 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2893984$
2014-02-28 03:50 - 2014-02-28 03:51 - 00012104 _____ () F:\WINDOWS\KB2909921-IE8.log
2014-02-28 03:49 - 2014-02-28 03:49 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2892075$
2014-02-28 03:42 - 2014-02-28 03:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862330$
2014-02-28 03:41 - 2014-02-28 03:41 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2813345$
2014-02-28 03:39 - 2014-02-28 03:39 - 00005138 _____ () F:\WINDOWS\KB2909210-IE8.log
2014-02-28 03:09 - 2014-02-28 03:09 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2914368$
2014-02-28 03:07 - 2014-02-28 03:09 - 00005035 _____ () F:\WINDOWS\KB2914368.log
2014-02-28 00:12 - 2014-02-28 05:28 - 00144424 _____ () F:\WINDOWS\KB2868626.log
2014-02-28 00:12 - 2014-02-28 05:15 - 00142298 _____ () F:\WINDOWS\KB2916036.log
2014-02-28 00:12 - 2014-02-28 05:14 - 00143926 _____ () F:\WINDOWS\KB2758857.log
2014-02-28 00:11 - 2014-02-28 05:04 - 00142521 _____ () F:\WINDOWS\KB2847311.log
2014-02-28 00:11 - 2014-02-28 04:54 - 00141987 _____ () F:\WINDOWS\KB2802968.log
2014-02-28 00:11 - 2014-02-28 04:54 - 00141647 _____ () F:\WINDOWS\KB2898715.log
2014-02-28 00:11 - 2014-02-28 04:50 - 00142546 _____ () F:\WINDOWS\KB2780091.log
2014-02-28 00:11 - 2014-02-28 04:42 - 00138116 _____ () F:\WINDOWS\KB2845187.log
2014-02-28 00:11 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\hidparse.sys
2014-02-28 00:11 - 2013-07-02 20:59 - 00014976 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbscan.sys
2014-02-28 00:10 - 2014-02-28 04:42 - 00140633 _____ () F:\WINDOWS\KB2876217.log
2014-02-28 00:10 - 2014-02-28 04:32 - 00140110 _____ () F:\WINDOWS\KB2864063.log
2014-02-28 00:10 - 2014-02-28 04:28 - 00017903 _____ () F:\WINDOWS\KB2862152.log
2014-02-28 00:09 - 2014-02-28 04:13 - 00016928 _____ () F:\WINDOWS\KB2850869.log
2014-02-28 00:09 - 2014-02-28 04:12 - 00016324 _____ () F:\WINDOWS\KB2876331.log
2014-02-28 00:09 - 2014-02-28 04:11 - 00017241 _____ () F:\WINDOWS\KB2859537.log
2014-02-28 00:09 - 2014-02-28 04:01 - 00018299 _____ () F:\WINDOWS\KB2820917.log
2014-02-28 00:09 - 2014-02-28 03:55 - 00015136 _____ () F:\WINDOWS\KB2893294.log
2014-02-28 00:09 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbvideo.sys
2014-02-28 00:09 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbaudio.sys
2014-02-28 00:09 - 2013-07-16 19:58 - 00046848 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\irbus.sys
2014-02-28 00:09 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usb8023x.sys
2014-02-28 00:09 - 2013-02-11 19:32 - 00012928 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usb8023.sys
2014-02-28 00:08 - 2014-02-28 03:55 - 00017116 _____ () F:\WINDOWS\KB2757638.log
2014-02-28 00:08 - 2014-02-28 03:51 - 00014980 _____ () F:\WINDOWS\KB2893984.log
2014-02-28 00:08 - 2014-02-28 03:50 - 00008976 _____ () F:\WINDOWS\KB2892075.log
2014-02-28 00:07 - 2014-02-28 03:41 - 00012731 _____ () F:\WINDOWS\KB2813345.log
2014-02-28 00:07 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbport.sys
2014-02-28 00:07 - 2013-08-08 19:55 - 00032384 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbccgp.sys
2014-02-28 00:07 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbd.sys
2014-02-28 00:07 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\usbehci.sys
2014-02-27 22:17 - 2014-02-27 22:19 - 00000000 ___SD () F:\ComboFix
2014-02-27 20:18 - 2014-02-27 20:18 - 00000000 _RSHD () F:\cmdcons
2014-02-27 20:18 - 2007-05-11 17:08 - 00000210 _____ () F:\Boot.bak
2014-02-27 20:18 - 2004-08-03 23:00 - 00260272 __RSH () F:\cmldr
2014-02-27 20:15 - 2014-02-27 20:15 - 00000000 ____D () F:\Qoobox
2014-02-27 20:15 - 2011-06-26 01:45 - 00256000 _____ () F:\WINDOWS\PEV.exe
2014-02-27 20:15 - 2010-11-07 12:20 - 00208896 _____ () F:\WINDOWS\MBR.exe
2014-02-27 20:15 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) F:\WINDOWS\NIRCMD.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) F:\WINDOWS\SWREG.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) F:\WINDOWS\SWSC.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) F:\WINDOWS\SWXCACLS.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00098816 _____ () F:\WINDOWS\sed.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00080412 _____ () F:\WINDOWS\grep.exe
2014-02-27 20:15 - 2000-08-30 19:00 - 00068096 _____ () F:\WINDOWS\zip.exe
2014-02-27 20:14 - 2014-02-27 20:14 - 05185084 ____R (Swearware) F:\Documents and Settings\gary\Desktop\ComboFix.exe
2014-02-27 20:14 - 2014-02-27 20:14 - 00000000 ____D () F:\WINDOWS\erdnt
2014-02-27 14:56 - 2014-02-28 12:34 - 00000178 ___SH () F:\Documents and Settings\Administrator\ntuser.ini
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 __SHD () F:\Documents and Settings\Administrator\IETldCache
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 ____D () F:\Documents and Settings\Administrator
2014-02-27 14:56 - 2011-01-17 15:36 - 00001599 _____ () F:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-02-27 14:56 - 2011-01-17 15:36 - 00000792 _____ () F:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-02-27 14:56 - 2011-01-17 15:36 - 00000000 ___RD () F:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-02-27 14:53 - 2014-02-27 15:05 - 00027325 _____ () F:\Documents and Settings\gary\Desktop\Addition.txt
2014-02-27 14:52 - 2014-03-01 13:22 - 00015130 _____ () F:\Documents and Settings\gary\Desktop\FRST.txt
2014-02-27 14:51 - 2014-03-01 13:21 - 00000000 ____D () F:\FRST
2014-02-27 14:46 - 2014-03-01 13:21 - 01144320 _____ (Farbar) F:\Documents and Settings\gary\Desktop\FRST.exe
2014-02-26 13:54 - 2014-02-26 13:56 - 00006328 _____ () F:\Documents and Settings\gary\Desktop\Rkill.txt
2014-02-26 09:06 - 2014-02-26 09:06 - 00000000 __SHD () F:\WINDOWS\CSC
2014-02-25 21:41 - 2014-02-25 21:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ESET
2014-02-25 21:31 - 2014-02-25 21:31 - 00001616 _____ () F:\WINDOWS\system32\.crusader
2014-02-25 21:21 - 2014-02-25 21:21 - 00001610 _____ () F:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Program Files\HitmanPro
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-02-25 21:19 - 2014-02-25 21:32 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-25 13:20 - 2014-02-25 13:20 - 00108310 _____ () F:\Documents and Settings\All Users\Application Data\1393352289.bdinstall.bin
2014-02-25 13:20 - 2014-02-25 13:20 - 00000000 ____D () F:\Program Files\Bitdefender
2014-02-25 12:44 - 2014-02-25 12:46 - 204561264 ____N (Symantec Corporation) F:\Documents and Settings\gary\Desktop\NIS-TW-21.1.0-EN-US.exe
2014-02-25 12:32 - 2014-02-25 12:32 - 00044703 _____ () F:\Documents and Settings\All Users\Application Data\1393349542.bdinstall.bin
2014-02-24 10:48 - 2014-02-24 10:49 - 99695896 _____ (Microsoft Corporation) F:\Documents and Settings\gary\Desktop\msert.exe
2014-02-20 00:47 - 2014-02-20 00:47 - 01287824 _____ () F:\Documents and Settings\gary\Desktop\PDFReaderSetup.exe
2014-02-18 11:27 - 2014-02-27 09:05 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\MAR2014PERS.xls
2014-02-12 16:36 - 2014-02-12 16:38 - 00000262 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.8080.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00039977 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.4916.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00002043 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.6464.bin
2014-02-11 10:55 - 2014-02-11 10:56 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013INC.xls
2014-02-10 23:11 - 2014-02-11 10:44 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013PERSLOANS.xls
2014-02-10 22:23 - 2014-02-10 22:23 - 00074752 _____ () F:\Documents and Settings\gary\Desktop\GENERATOR CORE INFORMATION.xls
2014-02-04 19:46 - 2014-02-11 11:22 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2013BUSSUMMARY.xls

==================== One Month Modified Files and Folders =======

2014-03-01 13:22 - 2014-02-27 14:52 - 00015130 _____ () F:\Documents and Settings\gary\Desktop\FRST.txt
2014-03-01 13:21 - 2014-03-01 13:21 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\FRST-OlderVersion
2014-03-01 13:21 - 2014-02-27 14:51 - 00000000 ____D () F:\FRST
2014-03-01 13:21 - 2014-02-27 14:46 - 01144320 _____ (Farbar) F:\Documents and Settings\gary\Desktop\FRST.exe
2014-03-01 13:01 - 2011-12-24 09:52 - 00000882 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 12:55 - 2012-07-25 14:39 - 00000830 _____ () F:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-01 12:42 - 2012-02-26 19:19 - 00000990 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004UA.job
2014-03-01 08:01 - 2011-12-24 09:52 - 00000878 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 19:42 - 2012-02-26 19:19 - 00000938 _____ () F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004Core.job
2014-02-28 19:16 - 2011-01-17 15:35 - 01822788 _____ () F:\WINDOWS\WindowsUpdate.log
2014-02-28 19:01 - 2011-01-17 15:39 - 00032482 _____ () F:\WINDOWS\SchedLgU.Txt
2014-02-28 17:20 - 2014-02-28 17:17 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus0314.xls
2014-02-28 15:36 - 2014-02-28 12:01 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\mbar
2014-02-28 15:36 - 2014-02-28 08:23 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-28 13:32 - 2014-01-02 13:26 - 00043008 _____ () F:\Documents and Settings\gary\My Documents\CKREGISTER2014.xls
2014-02-28 12:34 - 2014-02-27 14:56 - 00000178 ___SH () F:\Documents and Settings\Administrator\ntuser.ini
2014-02-28 12:12 - 2014-02-28 08:23 - 00107224 _____ (Malwarebytes Corporation) F:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-28 11:57 - 2014-02-28 08:22 - 00000000 ____D () F:\Documents and Settings\Administrator\Desktop\mbar
2014-02-28 08:58 - 2014-02-28 08:58 - 00000000 ____D () F:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
2014-02-28 08:58 - 2011-09-15 15:48 - 00000284 _____ () F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-02-28 08:22 - 2014-02-28 08:22 - 00052312 _____ (Malwarebytes Corporation) F:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-28 08:21 - 2014-02-28 08:20 - 12589848 _____ (Malwarebytes Corp.) F:\Documents and Settings\gary\Desktop\mbar-1.07.0.1009.exe
2014-02-28 06:51 - 2007-05-11 17:13 - 00000259 _____ () F:\WINDOWS\wiadebug.log
2014-02-28 06:48 - 2004-08-04 07:00 - 00013646 _____ () F:\WINDOWS\system32\wpa.dbl
2014-02-28 05:54 - 2011-01-17 20:55 - 00000000 ____D () F:\WINDOWS\Microsoft.NET
2014-02-28 05:49 - 2007-05-11 17:13 - 00000049 _____ () F:\WINDOWS\wiaservc.log
2014-02-28 05:48 - 2011-01-17 21:00 - 00000000 ____D () F:\Program Files\Microsoft Silverlight
2014-02-28 05:48 - 2011-01-17 15:39 - 00000006 ____H () F:\WINDOWS\Tasks\SA.DAT
2014-02-28 05:48 - 2007-05-11 17:09 - 00172280 _____ () F:\WINDOWS\system32\FNTCACHE.DAT
2014-02-28 05:46 - 2011-01-17 15:41 - 00000278 ___SH () F:\Documents and Settings\gary\ntuser.ini
2014-02-28 05:28 - 2014-02-28 05:28 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2868626$
2014-02-28 05:28 - 2014-02-28 00:12 - 00144424 _____ () F:\WINDOWS\KB2868626.log
2014-02-28 05:28 - 2011-01-18 18:09 - 00229393 _____ () F:\WINDOWS\updspapi.log
2014-02-28 05:28 - 2007-05-11 17:10 - 01977709 _____ () F:\WINDOWS\FaxSetup.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00951249 _____ () F:\WINDOWS\ocgen.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00906325 _____ () F:\WINDOWS\tsoc.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00604938 _____ () F:\WINDOWS\msmqinst.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00542353 _____ () F:\WINDOWS\comsetup.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00346858 _____ () F:\WINDOWS\netfxocm.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00326998 _____ () F:\WINDOWS\ntdtcsetup.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00145456 _____ () F:\WINDOWS\iis6.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00136582 _____ () F:\WINDOWS\MedCtrOC.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00100306 _____ () F:\WINDOWS\tabletoc.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00098977 _____ () F:\WINDOWS\msgsocm.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00089282 _____ () F:\WINDOWS\ocmsn.log
2014-02-28 05:28 - 2007-05-11 17:10 - 00001374 _____ () F:\WINDOWS\imsins.log
2014-02-28 05:26 - 2007-05-11 17:10 - 00543418 _____ () F:\WINDOWS\system32\PerfStringBackup.INI
2014-02-28 05:15 - 2014-02-28 05:15 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2916036$
2014-02-28 05:15 - 2014-02-28 00:12 - 00142298 _____ () F:\WINDOWS\KB2916036.log
2014-02-28 05:15 - 2007-05-11 17:10 - 00001374 _____ () F:\WINDOWS\imsins.BAK
2014-02-28 05:14 - 2014-02-28 05:14 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2834886$
2014-02-28 05:14 - 2014-02-28 05:14 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2758857$
2014-02-28 05:14 - 2014-02-28 05:13 - 00137662 _____ () F:\WINDOWS\KB2834886.log
2014-02-28 05:14 - 2014-02-28 00:12 - 00143926 _____ () F:\WINDOWS\KB2758857.log
2014-02-28 05:04 - 2014-02-28 05:04 - 00135223 _____ () F:\WINDOWS\KB2900986.log
2014-02-28 05:04 - 2014-02-28 05:04 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2900986$
2014-02-28 05:04 - 2014-02-28 05:04 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2847311$
2014-02-28 05:04 - 2014-02-28 00:11 - 00142521 _____ () F:\WINDOWS\KB2847311.log
2014-02-28 04:54 - 2014-02-28 04:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2898715$
2014-02-28 04:54 - 2014-02-28 04:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2802968$
2014-02-28 04:54 - 2014-02-28 00:11 - 00141987 _____ () F:\WINDOWS\KB2802968.log
2014-02-28 04:54 - 2014-02-28 00:11 - 00141647 _____ () F:\WINDOWS\KB2898715.log
2014-02-28 04:51 - 2014-02-28 04:51 - 00135699 _____ () F:\WINDOWS\KB2862335.log
2014-02-28 04:51 - 2014-02-28 04:51 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862335$
2014-02-28 04:51 - 2012-11-03 18:15 - 00116573 _____ () F:\WINDOWS\setupapi.log
2014-02-28 04:50 - 2014-02-28 04:50 - 00133711 _____ () F:\WINDOWS\KB2834904-v2.log
2014-02-28 04:50 - 2014-02-28 04:50 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-02-28 04:50 - 2014-02-28 00:11 - 00142546 _____ () F:\WINDOWS\KB2780091.log
2014-02-28 04:49 - 2014-02-28 04:49 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2780091$
2014-02-28 04:42 - 2014-02-28 04:42 - 00133938 _____ () F:\WINDOWS\KB2904266.log
2014-02-28 04:42 - 2014-02-28 04:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2904266$
2014-02-28 04:42 - 2014-02-28 04:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2845187$
2014-02-28 04:42 - 2014-02-28 00:11 - 00138116 _____ () F:\WINDOWS\KB2845187.log
2014-02-28 04:42 - 2014-02-28 00:10 - 00140633 _____ () F:\WINDOWS\KB2876217.log
2014-02-28 04:42 - 2011-01-18 18:13 - 00030718 _____ () F:\WINDOWS\system32\TZLog.log
2014-02-28 04:41 - 2014-02-28 04:41 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2876217$
2014-02-28 04:32 - 2014-02-28 00:10 - 00140110 _____ () F:\WINDOWS\KB2864063.log
2014-02-28 04:31 - 2014-02-28 04:31 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2864063$
2014-02-28 04:31 - 2011-01-19 02:01 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-02-28 04:30 - 2014-02-28 04:30 - 00000000 __SHD () F:\Documents and Settings\Default User\IETldCache
2014-02-28 04:28 - 2014-02-28 04:28 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862152$
2014-02-28 04:28 - 2014-02-28 00:10 - 00017903 _____ () F:\WINDOWS\KB2862152.log
2014-02-28 04:13 - 2014-02-28 04:13 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2770660$
2014-02-28 04:13 - 2014-02-28 00:09 - 00016928 _____ () F:\WINDOWS\KB2850869.log
2014-02-28 04:12 - 2014-02-28 04:12 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2876331$
2014-02-28 04:12 - 2014-02-28 04:12 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2850869$
2014-02-28 04:12 - 2014-02-28 00:09 - 00016324 _____ () F:\WINDOWS\KB2876331.log
2014-02-28 04:11 - 2014-02-28 04:11 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2859537$
2014-02-28 04:11 - 2014-02-28 00:09 - 00017241 _____ () F:\WINDOWS\KB2859537.log
2014-02-28 04:10 - 2014-02-28 04:10 - 00014416 _____ () F:\WINDOWS\KB2807986.log
2014-02-28 04:10 - 2014-02-28 04:10 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2807986$
2014-02-28 04:10 - 2011-01-18 17:36 - 00000000 ___HD () F:\WINDOWS\$hf_mig$
2014-02-28 04:02 - 2014-02-28 04:02 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2868038$
2014-02-28 04:02 - 2014-02-28 04:01 - 00013491 _____ () F:\WINDOWS\KB2868038.log
2014-02-28 04:01 - 2014-02-28 04:01 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2820917$
2014-02-28 04:01 - 2014-02-28 00:09 - 00018299 _____ () F:\WINDOWS\KB2820917.log
2014-02-28 04:01 - 2007-05-11 17:10 - 02002092 _____ () F:\WINDOWS\iis6.BAK
2014-02-28 03:55 - 2014-02-28 03:55 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2893294$
2014-02-28 03:55 - 2014-02-28 00:09 - 00015136 _____ () F:\WINDOWS\KB2893294.log
2014-02-28 03:55 - 2014-02-28 00:08 - 00017116 _____ () F:\WINDOWS\KB2757638.log
2014-02-28 03:54 - 2014-02-28 03:54 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2757638$
2014-02-28 03:53 - 2004-08-04 07:00 - 00000603 _____ () F:\WINDOWS\win.ini
2014-02-28 03:51 - 2014-02-28 03:51 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2893984$
2014-02-28 03:51 - 2014-02-28 03:50 - 00012104 _____ () F:\WINDOWS\KB2909921-IE8.log
2014-02-28 03:51 - 2014-02-28 00:08 - 00014980 _____ () F:\WINDOWS\KB2893984.log
2014-02-28 03:50 - 2014-02-28 00:08 - 00008976 _____ () F:\WINDOWS\KB2892075.log
2014-02-28 03:50 - 2011-01-22 09:35 - 00000000 ____D () F:\WINDOWS\ie8updates
2014-02-28 03:49 - 2014-02-28 03:49 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2892075$
2014-02-28 03:42 - 2014-02-28 03:42 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2862330$
2014-02-28 03:41 - 2014-02-28 03:41 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2813345$
2014-02-28 03:41 - 2014-02-28 00:07 - 00012731 _____ () F:\WINDOWS\KB2813345.log
2014-02-28 03:39 - 2014-02-28 03:39 - 00005138 _____ () F:\WINDOWS\KB2909210-IE8.log
2014-02-28 03:31 - 2011-01-18 21:30 - 00000000 ____D () F:\WINDOWS\system32\XPSViewer
2014-02-28 03:09 - 2014-02-28 03:09 - 00000000 __HDC () F:\WINDOWS\$NtUninstallKB2914368$
2014-02-28 03:09 - 2014-02-28 03:07 - 00005035 _____ () F:\WINDOWS\KB2914368.log
2014-02-27 22:19 - 2014-02-27 22:17 - 00000000 ___SD () F:\ComboFix
2014-02-27 22:16 - 2012-06-07 21:43 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\ANTIVIRUS
2014-02-27 22:15 - 2012-06-07 21:42 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\CAMERA AND PICS
2014-02-27 22:15 - 2012-06-07 21:38 - 00000000 ____D () F:\Documents and Settings\gary\Desktop\QUICK BOOKS
2014-02-27 20:18 - 2014-02-27 20:18 - 00000000 _RSHD () F:\cmdcons
2014-02-27 20:18 - 2007-05-11 17:08 - 00000327 __RSH () F:\boot.ini
2014-02-27 20:15 - 2014-02-27 20:15 - 00000000 ____D () F:\Qoobox
2014-02-27 20:14 - 2014-02-27 20:14 - 05185084 ____R (Swearware) F:\Documents and Settings\gary\Desktop\ComboFix.exe
2014-02-27 20:14 - 2014-02-27 20:14 - 00000000 ____D () F:\WINDOWS\erdnt
2014-02-27 16:10 - 2011-01-20 16:11 - 00000472 _____ () F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-02-27 15:05 - 2014-02-27 14:53 - 00027325 _____ () F:\Documents and Settings\gary\Desktop\Addition.txt
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 __SHD () F:\Documents and Settings\Administrator\IETldCache
2014-02-27 14:56 - 2014-02-27 14:56 - 00000000 ____D () F:\Documents and Settings\Administrator
2014-02-27 09:05 - 2014-02-18 11:27 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\MAR2014PERS.xls
2014-02-27 09:00 - 2014-01-16 06:07 - 00026112 _____ () F:\Documents and Settings\gary\My Documents\FEB2014PERS.xls
2014-02-26 14:09 - 2012-03-23 09:06 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\Norton
2014-02-26 13:56 - 2014-02-26 13:54 - 00006328 _____ () F:\Documents and Settings\gary\Desktop\Rkill.txt
2014-02-26 09:06 - 2014-02-26 09:06 - 00000000 __SHD () F:\WINDOWS\CSC
2014-02-26 03:10 - 2011-01-21 22:18 - 00000000 ____D () F:\Program Files\Opera
2014-02-25 21:41 - 2014-02-25 21:41 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\ESET
2014-02-25 21:32 - 2014-02-25 21:19 - 00000000 ____D () F:\Documents and Settings\All Users\Application Data\HitmanPro
2014-02-25 21:31 - 2014-02-25 21:31 - 00001616 _____ () F:\WINDOWS\system32\.crusader
2014-02-25 21:21 - 2014-02-25 21:21 - 00001610 _____ () F:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Program Files\HitmanPro
2014-02-25 21:21 - 2014-02-25 21:21 - 00000000 ____D () F:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-02-25 13:20 - 2014-02-25 13:20 - 00108310 _____ () F:\Documents and Settings\All Users\Application Data\1393352289.bdinstall.bin
2014-02-25 13:20 - 2014-02-25 13:20 - 00000000 ____D () F:\Program Files\Bitdefender
2014-02-25 13:01 - 2011-01-17 15:39 - 00000000 __SHD () F:\Documents and Settings\LocalService
2014-02-25 12:46 - 2014-02-25 12:44 - 204561264 ____N (Symantec Corporation) F:\Documents and Settings\gary\Desktop\NIS-TW-21.1.0-EN-US.exe
2014-02-25 12:33 - 2012-11-26 21:57 - 00001945 _____ () F:\WINDOWS\epplauncher.mif
2014-02-25 12:32 - 2014-02-25 12:32 - 00044703 _____ () F:\Documents and Settings\All Users\Application Data\1393349542.bdinstall.bin
2014-02-24 10:49 - 2014-02-24 10:48 - 99695896 _____ (Microsoft Corporation) F:\Documents and Settings\gary\Desktop\msert.exe
2014-02-24 09:05 - 2011-01-17 15:41 - 00000000 ____D () F:\Documents and Settings\gary
2014-02-21 14:55 - 2012-04-20 14:16 - 00692616 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 14:55 - 2011-05-27 19:42 - 00071048 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-21 03:07 - 2013-11-07 08:26 - 00001813 _____ () F:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-20 00:47 - 2014-02-20 00:47 - 01287824 _____ () F:\Documents and Settings\gary\Desktop\PDFReaderSetup.exe
2014-02-19 12:10 - 2014-01-27 12:58 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus0214.xls
2014-02-19 09:08 - 2011-03-07 07:32 - 00017920 _____ () F:\Documents and Settings\gary\My Documents\newbeginning.xls
2014-02-18 11:25 - 2011-01-24 23:54 - 00028672 _____ () F:\Documents and Settings\gary\My Documents\retirement.xls
2014-02-18 08:43 - 2014-01-03 11:47 - 00026112 _____ () F:\Documents and Settings\gary\My Documents\2014DEDUCTIONS.xls
2014-02-17 21:26 - 2013-08-15 22:36 - 00051712 _____ () F:\Documents and Settings\gary\Desktop\Indicative shaft and electric power output for engines and gensets. proteg12A1.xls
2014-02-13 18:02 - 2007-05-11 17:09 - 00194144 _____ () F:\WINDOWS\setupact.log
2014-02-12 16:38 - 2014-02-12 16:36 - 00000262 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.8080.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00039977 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.4916.bin
2014-02-12 16:36 - 2014-02-12 16:36 - 00002043 _____ () F:\Documents and Settings\All Users\Application Data\1392240975.6464.bin
2014-02-11 11:22 - 2014-02-04 19:46 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2013BUSSUMMARY.xls
2014-02-11 10:56 - 2014-02-11 10:55 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013INC.xls
2014-02-11 10:44 - 2014-02-10 23:11 - 00014848 _____ () F:\Documents and Settings\gary\My Documents\2013PERSLOANS.xls
2014-02-11 10:42 - 2013-02-23 00:25 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\2013CREDITCARDS.xls
2014-02-11 10:18 - 2013-01-04 08:51 - 00046080 _____ () F:\Documents and Settings\gary\My Documents\CKREGISTER2013.xls
2014-02-10 22:23 - 2014-02-10 22:23 - 00074752 _____ () F:\Documents and Settings\gary\Desktop\GENERATOR CORE INFORMATION.xls
2014-02-06 03:54 - 2004-08-04 07:00 - 00174592 ____N (Microsoft Corporation) F:\WINDOWS\system32\ie4uinit.exe
2014-02-06 03:54 - 2004-08-04 07:00 - 00174592 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2012-06-13 23:13 - 00522240 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 11113472 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 02006016 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 00743424 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 00630272 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 00247808 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 00055296 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2011-01-22 09:34 - 00012800 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2011-01-17 15:34 - 00759296 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 18:26 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) F:\WINDOWS\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) F:\WINDOWS\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) F:\WINDOWS\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) F:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 06021120 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 06021120 _____ (Microsoft Corporation) F:\WINDOWS\system32\mshtml.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 01469440 ____N (Microsoft Corporation) F:\WINDOWS\system32\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 07:00 - 01469440 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2004-08-04 07:00 - 01216000 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 01216000 _____ (Microsoft Corporation) F:\WINDOWS\system32\urlmon.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00920064 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00920064 _____ (Microsoft Corporation) F:\WINDOWS\system32\wininet.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00611840 ____N (Microsoft Corporation) F:\WINDOWS\system32\mstime.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00611840 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00387584 ____N (Microsoft Corporation) F:\WINDOWS\system32\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00387584 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00206848 ____N (Microsoft Corporation) F:\WINDOWS\system32\occache.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00206848 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00184320 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00184320 _____ (Microsoft Corporation) F:\WINDOWS\system32\iepeers.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00105984 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\url.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00105984 _____ (Microsoft Corporation) F:\WINDOWS\system32\url.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00067072 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00067072 _____ (Microsoft Corporation) F:\WINDOWS\system32\mshtmled.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00043520 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00043520 _____ (Microsoft Corporation) F:\WINDOWS\system32\licmgr10.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00025600 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00025600 _____ (Microsoft Corporation) F:\WINDOWS\system32\jsproxy.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00018944 ____C (Microsoft Corporation) F:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2004-08-04 07:00 - 00018944 _____ (Microsoft Corporation) F:\WINDOWS\system32\corpol.dll
2014-02-05 17:24 - 2004-08-04 07:00 - 00385024 _____ (Microsoft Corporation) F:\WINDOWS\system32\html.iec
2014-02-04 19:43 - 2012-01-18 11:55 - 00015872 _____ () F:\Documents and Settings\gary\My Documents\2011BUSSUMMARY.xls
2014-02-04 19:09 - 2011-01-18 19:03 - 85946576 ____N (Microsoft Corporation) F:\WINDOWS\system32\MRT.exe
2014-02-03 20:38 - 2014-01-14 08:58 - 00018944 _____ () F:\Documents and Settings\gary\My Documents\bus012014.xls
2014-02-03 19:49 - 2012-02-26 19:20 - 00002309 _____ () F:\Documents and Settings\holopaw!\Desktop\Google Chrome.lnk
2014-01-30 08:53 - 2013-12-14 21:55 - 00025600 _____ () F:\Documents and Settings\gary\My Documents\JAN2014PERS.xls

Some content of TEMP:
====================
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-673a2222.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-8acc541d.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b5ab2c6f.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-b74d5640.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ddfd7d6a.exe
F:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-e7982b8b.exe


==================== Bamital & volsnap Check =================

F:\WINDOWS\explorer.exe => MD5 is legit
F:\WINDOWS\system32\winlogon.exe => MD5 is legit
F:\WINDOWS\system32\svchost.exe => MD5 is legit
F:\WINDOWS\system32\services.exe => MD5 is legit
F:\WINDOWS\system32\User32.dll => MD5 is legit
F:\WINDOWS\system32\userinit.exe => MD5 is legit
F:\WINDOWS\system32\rpcss.dll => MD5 is legit
F:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Administrator at 2014-03-01 13:22:56
Running from F:\Documents and Settings\gary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Anki (HKLM\...\Anki) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtomTime Pro 3.1d (HKLM\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Citrix Receiver (HDX Flash Redirection) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
CoCreate Modeling Personal Edition 3.0 (HKLM\...\{1FCB34FE-8BDA-4664-A231-A07A120159B0}) (Version: 30.0.0034 - Parametric Technology GmbH)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell Software Uninstall (HKLM\...\Dell_HostCD) (Version: - Dell, Inc.)
eMachineShop (HKLM\...\eMachineShop_is1) (Version: - )
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GospeLink 2001 (HKLM\...\{01D01D87-9272-47F0-A8A0-E8F1D682AE30}) (Version: - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PRO Network Connections 12.2.41.0 (HKLM\...\{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}) (Version: 12.2.41.0 - Intel)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
LDS View 7.1 (HKLM\...\{4AA4CB9C-8F35-4914-A6AE-EDBD0B4F2610}) (Version: 7.1.50 - Intellectual Reserve, Inc.)
LedEdit 2012 (HKLM\...\{DF93AFE2-D7CB-47C2-8F2D-7267CBE359B1}) (Version: 1.0.1 - LedEdit 2012)
LedEdit 2013 (HKLM\...\{88C2C81F-BD2D-4300-AEB9-80FEB7EC227C}) (Version: 1.0.1 - LedEdit 2013)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Language Pack - CHS (Version: 1.1.50727.42 - Microsoft Corporation) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 语言包 - 简体中文 (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - CHS) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 25.0 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
QuickBooks Premier: Contractor Edition 2009 (HKLM\...\{9A2F0810-3626-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tax Forms Helper 2010 9.5 (HKLM\...\Tax Forms Helper 2010_is1) (Version: - )
Tax Forms Helper 2013 11.0 (HKLM\...\Tax Forms Helper 2013_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VLC media player 1.0.2 (HKLM\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

02-12-2013 17:31:54 System Checkpoint
03-12-2013 19:42:51 System Checkpoint
04-12-2013 20:42:44 System Checkpoint
05-12-2013 22:30:24 System Checkpoint
06-12-2013 23:28:14 System Checkpoint
08-12-2013 00:46:54 System Checkpoint
09-12-2013 03:21:53 System Checkpoint
10-12-2013 06:39:41 System Checkpoint
11-12-2013 08:14:25 System Checkpoint
12-12-2013 14:22:01 System Checkpoint
13-12-2013 16:24:24 System Checkpoint
14-12-2013 18:36:53 System Checkpoint
15-12-2013 18:49:07 System Checkpoint
16-12-2013 19:13:12 System Checkpoint
17-12-2013 20:32:44 System Checkpoint
18-12-2013 20:49:11 System Checkpoint
19-12-2013 20:54:32 System Checkpoint
20-12-2013 21:13:12 System Checkpoint
21-12-2013 21:49:11 System Checkpoint
22-12-2013 22:20:57 System Checkpoint
23-12-2013 22:59:55 System Checkpoint
25-12-2013 01:30:39 System Checkpoint
26-12-2013 02:09:02 System Checkpoint
27-12-2013 03:48:26 System Checkpoint
28-12-2013 05:24:26 System Checkpoint
29-12-2013 07:00:25 System Checkpoint
30-12-2013 07:24:29 System Checkpoint
31-12-2013 09:47:34 System Checkpoint
01-01-2014 14:50:13 System Checkpoint
02-01-2014 15:52:01 System Checkpoint
03-01-2014 18:17:13 System Checkpoint
04-01-2014 20:07:58 System Checkpoint
05-01-2014 20:28:36 System Checkpoint
06-01-2014 21:05:47 System Checkpoint
07-01-2014 21:36:33 System Checkpoint
09-01-2014 06:18:28 System Checkpoint
10-01-2014 08:01:11 System Checkpoint
11-01-2014 08:10:12 System Checkpoint
12-01-2014 08:22:14 System Checkpoint
13-01-2014 09:17:12 System Checkpoint
14-01-2014 11:31:35 System Checkpoint
15-01-2014 11:34:16 System Checkpoint
16-01-2014 12:21:11 System Checkpoint
17-01-2014 12:57:08 System Checkpoint
18-01-2014 14:12:02 System Checkpoint
19-01-2014 17:26:56 System Checkpoint
20-01-2014 19:09:09 System Checkpoint
21-01-2014 20:09:08 System Checkpoint
22-01-2014 20:50:02 System Checkpoint
23-01-2014 20:52:18 System Checkpoint
24-01-2014 21:51:06 System Checkpoint
25-01-2014 22:18:22 System Checkpoint
26-01-2014 23:19:27 System Checkpoint
28-01-2014 06:46:47 System Checkpoint
29-01-2014 07:00:42 System Checkpoint
30-01-2014 07:07:27 System Checkpoint
31-01-2014 08:22:20 System Checkpoint
01-02-2014 11:59:41 System Checkpoint
02-02-2014 13:42:10 System Checkpoint
03-02-2014 14:32:02 System Checkpoint
04-02-2014 16:35:02 System Checkpoint
05-02-2014 18:17:15 System Checkpoint
06-02-2014 20:13:34 System Checkpoint
07-02-2014 20:25:04 System Checkpoint
08-02-2014 20:28:23 System Checkpoint
09-02-2014 22:14:56 System Checkpoint
10-02-2014 23:37:51 System Checkpoint
11-02-2014 23:59:08 System Checkpoint
13-02-2014 01:07:10 System Checkpoint
14-02-2014 01:25:54 System Checkpoint
15-02-2014 02:36:56 System Checkpoint
16-02-2014 02:37:14 System Checkpoint
17-02-2014 05:35:23 System Checkpoint
18-02-2014 07:08:04 System Checkpoint
19-02-2014 08:20:15 System Checkpoint
20-02-2014 08:54:41 System Checkpoint
21-02-2014 09:57:16 System Checkpoint
22-02-2014 14:59:32 System Checkpoint
23-02-2014 17:00:49 System Checkpoint
24-02-2014 17:10:52 System Checkpoint
25-02-2014 19:05:58 System Checkpoint
26-02-2014 19:44:08 System Checkpoint
27-02-2014 20:38:34 System Checkpoint
28-02-2014 08:01:45 Software Distribution Service 3.0
01-03-2014 09:53:12 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 07:00 - 2013-11-05 08:25 - 00450570 ___RA F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => F:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: F:\WINDOWS\Tasks\Adobe Flash Player Updater.job => F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: F:\WINDOWS\Tasks\AppleSoftwareUpdate.job => F:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004Core.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004UA.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () F:\WINDOWS\system32\vpnapi.dll
2011-09-19 11:02 - 2010-03-04 22:38 - 00071096 _____ () F:\Program Files\CDBurnerXP\NMSAccessU.exe
2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () F:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () F:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CTFMON.EXE =>
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 05:50:37 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - CLR: Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)


System errors:
=============
Error: (02/27/2014 10:14:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/27/2014 10:14:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm
Fips
intelppm

Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:20:22 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/27/2014 05:20:01 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 0019D1273BBE has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/26/2014 02:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/26/2014 02:01:36 PM) (Source: DCOM) (User: ICES-E1ED5A4C5C)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (02/26/2014 02:01:09 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%126

Error: (02/26/2014 02:00:30 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/28/2014 05:50:37 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - CLR: Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1013.86 MB
Available physical RAM: 517.55 MB
Total Pagefile: 2441.16 MB
Available Pagefile: 1856.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.59 MB

==================== Drives ================================

Drive f: () (Fixed) (Total:465.75 GB) (Free:378.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 22F722F6)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-03-2014
Ran by Administrator at 2014-03-01 13:22:56
Running from F:\Documents and Settings\gary\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
Anki (HKLM\...\Anki) (Version: - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AtomTime Pro 3.1d (HKLM\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-6490CW (HKLM\...\{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2631 - CDBurnerXP)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}) (Version: 5.0.6 - Cisco Systems, Inc.)
Citrix Receiver (HDX Flash Redirection) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 3.0.0.56418 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
CleanUp! (HKLM\...\CleanUp!) (Version: - )
CoCreate Modeling Personal Edition 3.0 (HKLM\...\{1FCB34FE-8BDA-4664-A231-A07A120159B0}) (Version: 30.0.0034 - Parametric Technology GmbH)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell Software Uninstall (HKLM\...\Dell_HostCD) (Version: - Dell, Inc.)
eMachineShop (HKLM\...\eMachineShop_is1) (Version: - )
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GospeLink 2001 (HKLM\...\{01D01D87-9272-47F0-A8A0-E8F1D682AE30}) (Version: - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PRO Network Connections 12.2.41.0 (HKLM\...\{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}) (Version: 12.2.41.0 - Intel)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 27 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
LDS View 7.1 (HKLM\...\{4AA4CB9C-8F35-4914-A6AE-EDBD0B4F2610}) (Version: 7.1.50 - Intellectual Reserve, Inc.)
LedEdit 2012 (HKLM\...\{DF93AFE2-D7CB-47C2-8F2D-7267CBE359B1}) (Version: 1.0.1 - LedEdit 2012)
LedEdit 2013 (HKLM\...\{88C2C81F-BD2D-4300-AEB9-80FEB7EC227C}) (Version: 1.0.1 - LedEdit 2013)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Language Pack - CHS (Version: 1.1.50727.42 - Microsoft Corporation) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 语言包 - 简体中文 (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - CHS) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 25.0 (x86 en-US) (HKLM\...\Mozilla Firefox 25.0 (x86 en-US)) (Version: 25.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 25.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
QuickBooks Premier: Contractor Edition 2009 (HKLM\...\{9A2F0810-3626-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tax Forms Helper 2010 9.5 (HKLM\...\Tax Forms Helper 2010_is1) (Version: - )
Tax Forms Helper 2013 11.0 (HKLM\...\Tax Forms Helper 2013_is1) (Version: - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
ViewNX (HKLM\...\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}) (Version: 1.5.2 - Nikon)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VLC media player 1.0.2 (HKLM\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
WebEx Support Manager for Internet Explorer (HKLM\...\{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}) (Version: 6.5.4917 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points =========================

02-12-2013 17:31:54 System Checkpoint
03-12-2013 19:42:51 System Checkpoint
04-12-2013 20:42:44 System Checkpoint
05-12-2013 22:30:24 System Checkpoint
06-12-2013 23:28:14 System Checkpoint
08-12-2013 00:46:54 System Checkpoint
09-12-2013 03:21:53 System Checkpoint
10-12-2013 06:39:41 System Checkpoint
11-12-2013 08:14:25 System Checkpoint
12-12-2013 14:22:01 System Checkpoint
13-12-2013 16:24:24 System Checkpoint
14-12-2013 18:36:53 System Checkpoint
15-12-2013 18:49:07 System Checkpoint
16-12-2013 19:13:12 System Checkpoint
17-12-2013 20:32:44 System Checkpoint
18-12-2013 20:49:11 System Checkpoint
19-12-2013 20:54:32 System Checkpoint
20-12-2013 21:13:12 System Checkpoint
21-12-2013 21:49:11 System Checkpoint
22-12-2013 22:20:57 System Checkpoint
23-12-2013 22:59:55 System Checkpoint
25-12-2013 01:30:39 System Checkpoint
26-12-2013 02:09:02 System Checkpoint
27-12-2013 03:48:26 System Checkpoint
28-12-2013 05:24:26 System Checkpoint
29-12-2013 07:00:25 System Checkpoint
30-12-2013 07:24:29 System Checkpoint
31-12-2013 09:47:34 System Checkpoint
01-01-2014 14:50:13 System Checkpoint
02-01-2014 15:52:01 System Checkpoint
03-01-2014 18:17:13 System Checkpoint
04-01-2014 20:07:58 System Checkpoint
05-01-2014 20:28:36 System Checkpoint
06-01-2014 21:05:47 System Checkpoint
07-01-2014 21:36:33 System Checkpoint
09-01-2014 06:18:28 System Checkpoint
10-01-2014 08:01:11 System Checkpoint
11-01-2014 08:10:12 System Checkpoint
12-01-2014 08:22:14 System Checkpoint
13-01-2014 09:17:12 System Checkpoint
14-01-2014 11:31:35 System Checkpoint
15-01-2014 11:34:16 System Checkpoint
16-01-2014 12:21:11 System Checkpoint
17-01-2014 12:57:08 System Checkpoint
18-01-2014 14:12:02 System Checkpoint
19-01-2014 17:26:56 System Checkpoint
20-01-2014 19:09:09 System Checkpoint
21-01-2014 20:09:08 System Checkpoint
22-01-2014 20:50:02 System Checkpoint
23-01-2014 20:52:18 System Checkpoint
24-01-2014 21:51:06 System Checkpoint
25-01-2014 22:18:22 System Checkpoint
26-01-2014 23:19:27 System Checkpoint
28-01-2014 06:46:47 System Checkpoint
29-01-2014 07:00:42 System Checkpoint
30-01-2014 07:07:27 System Checkpoint
31-01-2014 08:22:20 System Checkpoint
01-02-2014 11:59:41 System Checkpoint
02-02-2014 13:42:10 System Checkpoint
03-02-2014 14:32:02 System Checkpoint
04-02-2014 16:35:02 System Checkpoint
05-02-2014 18:17:15 System Checkpoint
06-02-2014 20:13:34 System Checkpoint
07-02-2014 20:25:04 System Checkpoint
08-02-2014 20:28:23 System Checkpoint
09-02-2014 22:14:56 System Checkpoint
10-02-2014 23:37:51 System Checkpoint
11-02-2014 23:59:08 System Checkpoint
13-02-2014 01:07:10 System Checkpoint
14-02-2014 01:25:54 System Checkpoint
15-02-2014 02:36:56 System Checkpoint
16-02-2014 02:37:14 System Checkpoint
17-02-2014 05:35:23 System Checkpoint
18-02-2014 07:08:04 System Checkpoint
19-02-2014 08:20:15 System Checkpoint
20-02-2014 08:54:41 System Checkpoint
21-02-2014 09:57:16 System Checkpoint
22-02-2014 14:59:32 System Checkpoint
23-02-2014 17:00:49 System Checkpoint
24-02-2014 17:10:52 System Checkpoint
25-02-2014 19:05:58 System Checkpoint
26-02-2014 19:44:08 System Checkpoint
27-02-2014 20:38:34 System Checkpoint
28-02-2014 08:01:45 Software Distribution Service 3.0
01-03-2014 09:53:12 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 07:00 - 2013-11-05 08:25 - 00450570 ___RA F:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => F:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: F:\WINDOWS\Tasks\Adobe Flash Player Updater.job => F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: F:\WINDOWS\Tasks\AppleSoftwareUpdate.job => F:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => F:\Program Files\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004Core.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: F:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1682526488-682003330-1004UA.job => F:\Documents and Settings\holopaw!\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 12:26 - 2010-03-23 12:26 - 00201512 _____ () F:\WINDOWS\system32\vpnapi.dll
2011-09-19 11:02 - 2010-03-04 22:38 - 00071096 _____ () F:\Program Files\CDBurnerXP\NMSAccessU.exe
2004-08-04 07:00 - 2008-04-13 19:11 - 00059904 _____ () F:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 19:11 - 00014336 _____ () F:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: CTFMON.EXE =>
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2014 05:50:37 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - CLR: Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)


System errors:
=============
Error: (02/27/2014 10:14:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/27/2014 10:14:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm
Fips
intelppm

Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:32:34 AM) (Source: 0) (User: )
Description: 192.168.1.4C8:33:4B:4F:AF:79

Error: (02/27/2014 05:20:22 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/27/2014 05:20:01 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.6 for the Network Card with network address 0019D1273BBE has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/26/2014 02:01:51 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (02/26/2014 02:01:36 PM) (Source: DCOM) (User: ICES-E1ED5A4C5C)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (02/26/2014 02:01:09 PM) (Source: Service Control Manager) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following error:
%%126

Error: (02/26/2014 02:00:30 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (02/28/2014 05:50:37 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - CLR: Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)

Error: (02/28/2014 05:24:42 AM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 2.0.50727.3655 - Fatal Execution Engine Error (7A0BD76A) (80131506)


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1013.86 MB
Available physical RAM: 517.55 MB
Total Pagefile: 2441.16 MB
Available Pagefile: 1856.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.59 MB

==================== Drives ================================

Drive f: () (Fixed) (Total:465.75 GB) (Free:378.52 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 22F722F6)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#12 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 03 March 2014 - 11:04 AM

Now what should I do?



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 03 March 2014 - 01:25 PM

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#14 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 03 March 2014 - 11:35 PM

Here is the log file from Eset online scanner. 

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9f1832b5283843448e6c39fdb7f08774
# engine=17301
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-04 04:10:14
# local_time=2014-03-03 11:10:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=128232
# found=76
# cleaned=0
# scan_time=22084
sh=58C3F42D04D646EB15C73F8558B7A6FC8CE26A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\101_cortica_m.js"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\102_dealply_m.js"
sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\103_intext_5_m.js"
sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\104_jollywallet_m.js"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\105_corticas_m.js"
sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\108_icm_m.js"
sh=6EF5B1448DE7B0A1263E32EBA7DC2AFE502C8FB4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\116_ads_only_5_m.js"
sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\119_similar_web_m.js"
sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\120_luck_m.js"
sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\123_intext_adv_m.js"
sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\125_arcadi2_m.js"
sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\126_revizer_ws_m.js"
sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\127_revizer_p_m.js"
sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=05480BD17A63333789D1E425879FBF083C177A99 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\129_widdit_m.js"
sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\135_arcadi3_m.js"
sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\142_intext_fa_m.js"
sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\155_ibario_pops_m.js"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js"
sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\159_cortica_rollover_m.js"
sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\171_arcadi2_sourceID_m.js"
sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js"
sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\175_coolmirage_m.js"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\178_revizer_ws_dynamic_m.js"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\179_revizer_p_dynamic_m.js"
sh=631D51C0D12FBED68BBF95F6E6505F2CE3692BAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\92_superfish_m.js"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=E7BCD6F073E77DCC4C4915E98ABEE39A6B2BB18D ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.IM trojan" ac=I fn="F:\Documents and Settings\gary\Application Data\Sun\Java\Deployment\cache\6.0\32\61bc06a0-7ea02c66"
sh=C46A4566D8C9593AE7848326C97F042BAEC584D7 ft=1 fh=69d2459828cf11a1 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Desktop\ESDPK-PLX6-PagePlusStarterEdition_Setup.exe"
sh=0F312905DB1730CC5098590F30872D5492FE051F ft=1 fh=c71c001163b42d28 vn="a variant of Win32/InstallCore.JT potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Desktop\PDFReaderSetup.exe"
sh=ABAB8EFDDEB29EB7CB36A507409A33F746147B8D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Local Settings\Application Data\Mozilla\Firefox\Profiles\wpq2gaey.default\Cache\1\7B\1014Bd01"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\Local Settings\Temp\05ab1fc9-b065-41ec-a86f-25467d9500cd.exe"
sh=F07CF3D001C6175B87A4608DFE6C7C29F802A9A9 ft=1 fh=863e87353786590a vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\Documents and Settings\gary\My Documents\Downloads\cdbxp_setup_4.3.8.2631.exe"
sh=BDD6AA040F91B18AAB5A9E1A63C7E975D87132EC ft=1 fh=8b0bf2daa0c1498c vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\My Documents\Downloads\cnet_cdbxp_setup_4_3_8_2631_exe.exe"
sh=7A75DE824921D7FD54DC4C506B92178E0520A7E7 ft=1 fh=69133f134a910390 vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="F:\Documents and Settings\gary\My Documents\Downloads\registrybooster.exe"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\101_cortica_m.js"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\102_dealply_m.js"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\103_intext_5_m.js"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\104_jollywallet_m.js"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\105_corticas_m.js"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\107_coupish_m.js"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\108_icm_m.js"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\116_ads_only_5_m.js"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\119_similar_web_m.js"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\120_luck_m.js"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\123_intext_adv_m.js"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\125_arcadi2_m.js"
sh=05AFDDD9F2930AE5FC24A301EB8542795D09B5A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\126_revizer_ws_m.js"
sh=FBCA935E295A6F9DD0A6118DAE63ADB15EC5F2DD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\127_revizer_p_m.js"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\129_widdit_m.js"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\135_arcadi3_m.js"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\142_intext_fa_m.js"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\155_ibario_pops_m.js"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\159_cortica_rollover_m.js"
sh=CD6C49370804B033E758D7EC277EA0D08B95B890 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\170_icm1_5_m.js"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\171_arcadi2_sourceID_m.js"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\92_superfish_m.js"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="F:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\y7uvgdwd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="F:\Documents and Settings\holopaw!\Application Data\Mozilla\Firefox\Profiles\eh0149lv.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe"
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="F:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="F:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="F:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"



#15 briarpatch

briarpatch
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 04 March 2014 - 08:53 PM

I can't get online now. Any suggestions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users