Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Issues - Mostly AV "blocked by Group Policy" (HJT Log Attached)


  • This topic is locked This topic is locked
6 replies to this topic

#1 chrisbabcock

chrisbabcock

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 17 March 2014 - 02:47 PM

Hi all.

 

Having a ton of issues with one of my PCs.  Unfortunately, I am unable to run any AV software.  I am getting the pop-up that "This program is blocked by group policy..."

 

I can run MWB in Safe Mode.  This identified 16 threats, 2 of which were Trojans.  I removed those as well as all the other PUPs, but I am still having issues.  When trying to run HJT in Safe Mode, I was getting the runtime error about Invalid Picture.  I was finally able to log in with as a user to get HJT to run.  Attached is the log.  If anyone can look at this, I would appreciate it.

Thanks.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:34:33 PM, on 3/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EpsonAPD4SV] C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DellNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [LogMeIn Rescue Applet] rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2203092496-3904148046-150417179-1000\..\Run: [LogMeIn Rescue Applet] rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer (User 'Tuscany WS1')
O4 - HKUS\S-1-5-18\..\Run: [LogMeIn Rescue Applet] rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LogMeIn Rescue Applet] rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://secureaccess.planwithtan.com/MLWebCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: Domain = tan.corp
O17 - HKLM\System\CCS\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: NameServer = 172.16.10.35 172.16.10.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: Domain = tan.corp
O17 - HKLM\System\CS1\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: NameServer = 172.16.10.35 172.16.10.51
O17 - HKLM\System\CS2\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: Domain = tan.corp
O17 - HKLM\System\CS2\Services\Tcpip\..\{3745475A-E199-4222-8CA5-25E34BEACDAF}: NameServer = 172.16.10.35 172.16.10.51
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: Epson Point of Service Log Service (EpsonPOSLog) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
O23 - Service: Epson Point of Service Port Handler (EpsonPOSPort) - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn Rescue (79c08b6f-ccce-4da4-840a-dbf95c96e89d) (LMIRescue_79c08b6f-ccce-4da4-840a-dbf95c96e89d) - LogMeIn, Inc. - C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PasswordBox - PasswordBox, Inc. - C:\Program Files\PasswordBox\pbbtnService.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - Dell - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

--
End of file - 9912 bytes
 

You'll need Skype CreditFree via Skype


BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 17 March 2014 - 03:13 PM





Hello chrisbabcock

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chrisbabcock

chrisbabcock
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 17 March 2014 - 03:22 PM

Gringo...thanks for the reply and offer to help.  Below are the log files you requested...

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on TUSCANYWS1-PC on 17-03-2014 13:17:31
Running from C:\Users\Administrator\Desktop
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\RaMaint.exe
(LogMeIn, Inc.) C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(PasswordBox, Inc.) C:\Program Files\PasswordBox\pbbtnService.exe
(Dell) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(LogMeIn, Inc.) C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
(Dell) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(LogMeIn, Inc.) C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Dell) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(LogMeIn, Inc.) C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Program Files\Google\Update\Install\{6478DCD4-7CC8-444A-9387-04D226FDBEBD}\33.0.1750.154_33.0.1750.146_chrome_updater.exe
(Google Inc.) C:\Windows\TEMP\CR_95632.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [EpsonAPD4SV] - C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\Tools\EAPSV\EAPSV.EXE [210304 2009-06-15] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [DellNetExtender] - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1281536 2013-07-30] (Dell)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKU\.DEFAULT\...\Run: [LogMeIn Rescue Applet] - rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer <===== ATTENTION
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-21] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [LogMeIn Rescue Applet] - rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [LogMeIn Rescue Applet] - rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2203092496-3904148046-150417179-1000\...\Run: [LogMeIn Rescue Applet] - rundll32 "C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2203092496-3904148046-150417179-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2203092496-3904148046-150417179-1000\...\MountPoints2: {3286c380-c2cb-11e2-bd2e-bc305bab5a27} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2203092496-3904148046-150417179-1000\...\MountPoints2: {cf568790-9d54-11e2-ad29-bc305bab5a27} - F:\menu.exe
HKU\S-1-5-21-2203092496-3904148046-150417179-500\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-06] (SUPERAntiSpyware)
SecurityProviders: credssp.dll, IdjuwxiZfosj.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8FCF54601A42CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://secureaccess.planwithtan.com/MLWebCacheCleaner.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3745475A-E199-4222-8CA5-25E34BEACDAF}: [NameServer]172.16.10.35 172.16.10.51

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-14]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-14]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-14]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-14]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-14]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-14]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [127488 2010-06-29] (Broadcom Corporation)
R2 EpsonPOSLog; C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPHLog.exe [290816 2009-03-28] (SEIKO EPSON CORPORATION)
R2 EpsonPOSPort; C:\Program Files\EPSON\EPSON Advanced Printer Driver 4\EpsonPH.exe [376832 2009-05-23] (SEIKO EPSON CORPORATION)
R2 LMIRescue_79c08b6f-ccce-4da4-840a-dbf95c96e89d; C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [3073856 2014-03-17] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\system32\GameMon.des [4552296 2012-12-16] (INCA Internet Co., Ltd.)
R2 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [359936 2013-07-30] (Dell)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [88064 2010-09-03] (Broadcom Corporation)
R2 Esdpdx04; C:\Windows\system32\Drivers\ESDPDX04.SYS [66560 2007-07-17] (CREST CO.,LTD.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [22600 2013-07-30] (SonicWALL Inc.)
R1 pfmfs_7DB; C:\Windows\System32\Drivers\pfmfs_7DB.sys [199416 2012-12-11] (Pismo Technic Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 LMIRfsClientNP; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2012-03-01] (Seiko Epson Corporation)
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-17 13:17 - 2014-03-17 13:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-03-17 13:17 - 2014-03-17 13:17 - 00013922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-03-17 13:17 - 2014-03-17 13:17 - 00000000 ____D () C:\FRST
2014-03-17 12:53 - 2014-03-17 12:53 - 18329576 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2014-03-17 12:53 - 2014-03-17 12:53 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-17 12:52 - 2014-03-17 12:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-03-17 12:44 - 2014-03-17 12:44 - 00009913 _____ () C:\Users\Administrator\Desktop\hijackthis.log
2014-03-17 12:34 - 2014-03-17 12:46 - 00009808 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-03-17 12:31 - 2014-03-17 12:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2014-03-17 12:03 - 2014-03-17 12:03 - 00180000 _____ (Kaspersky Lab) C:\Users\Tuscany WS1\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-03-17 11:53 - 2014-03-17 11:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tuscany WS1\Downloads\HijackThis.exe
2014-03-17 11:41 - 2014-03-17 11:44 - 00003296 _____ () C:\Users\Tuscany WS1\Desktop\Rkill.txt
2014-03-17 11:41 - 2014-03-17 11:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Tuscany WS1\Downloads\rkill.exe
2014-03-17 11:29 - 2014-03-17 11:29 - 01402880 _____ () C:\Users\Tuscany WS1\Downloads\HiJackThis.msi
2014-03-17 11:20 - 2014-03-17 11:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 11:20 - 2014-03-17 11:20 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tuscany WS1\Downloads\mbar-1.07.0.1009 (1).exe
2014-03-17 11:20 - 2014-03-17 11:20 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-17 07:13 - 2014-03-17 11:32 - 00000000 ____D () C:\Users\Tuscany WS1\Desktop\mbar
2014-03-17 07:13 - 2014-03-17 11:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-17 07:13 - 2014-03-17 07:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tuscany WS1\Downloads\mbar-1.07.0.1009.exe
2014-03-17 06:55 - 2014-03-17 06:55 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-17 06:55 - 2014-03-17 06:55 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Roaming\Malwarebytes
2014-03-17 06:43 - 2014-03-17 06:43 - 01145856 _____ (Farbar) C:\Users\Tuscany WS1\Downloads\FRST.exe
2014-03-17 06:31 - 2014-03-17 06:31 - 00000057 _____ () C:\Users\Tuscany WS1\Downloads\avgremover.log
2014-03-17 06:30 - 2014-03-17 06:30 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tuscany WS1\Downloads\avg_remover_stf_x86_2013_3341.exe
2014-03-17 06:26 - 2014-03-17 06:26 - 00002150 _____ () C:\Windows\epplauncher.mif
2014-03-17 06:23 - 2014-03-17 06:24 - 11125072 _____ (Microsoft Corporation) C:\Users\Tuscany WS1\Downloads\mseinstall.exe
2014-03-16 07:51 - 2014-03-16 08:42 - 00013790 _____ () C:\Users\Tuscany WS1\Documents\Week 11.xlsx
2014-03-15 10:20 - 2014-03-15 11:09 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Roaming\TeamViewer
2014-03-15 10:20 - 2014-03-15 10:20 - 00001122 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-15 10:20 - 2014-03-15 10:20 - 00000000 ____D () C:\Program Files\TeamViewer
2014-03-15 10:19 - 2014-03-15 10:19 - 05814000 _____ (TeamViewer GmbH) C:\Users\Tuscany WS1\Downloads\TeamViewer_Setup_en.exe
2014-03-14 14:09 - 2014-03-14 14:09 - 00921000 _____ (Oracle Corporation) C:\Users\Tuscany WS1\Downloads\chromeinstall-7u51.exe
2014-03-14 13:37 - 2014-03-14 13:37 - 04342784 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 02548736 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\gpprefbr.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcn.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\zh-CHT
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\zh-CHS
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\tr
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\sv
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ru
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\pt
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\pl
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\nl
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ko
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ja
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\it
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\hu
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\fr
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\es
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\de
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\cs
2014-03-14 13:24 - 2010-11-20 04:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdminCommon.dll
2014-03-14 13:24 - 2009-07-13 18:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mtedit.exe
2014-03-14 13:24 - 2009-06-10 14:28 - 00146080 _____ () C:\Windows\system32\gptedit.msc
2014-03-14 13:23 - 2010-11-20 04:19 - 01664512 _____ (Microsoft Corporation) C:\Windows\system32\gpmgmt.dll
2014-03-14 13:23 - 2010-11-20 04:19 - 01292800 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdmin.dll
2014-03-14 13:23 - 2010-11-20 04:19 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdminCustom.dll
2014-03-14 13:23 - 2010-11-20 04:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\gpme.dll
2014-03-14 13:23 - 2010-11-20 04:19 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\GPRSoP.dll
2014-03-14 13:23 - 2010-11-04 18:02 - 00146446 _____ () C:\Windows\system32\gpmc.msc
2014-03-14 13:23 - 2009-07-13 18:16 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-03-14 13:23 - 2009-06-10 14:28 - 00146712 _____ () C:\Windows\system32\gpme.msc
2014-03-14 13:20 - 2014-03-14 13:22 - 241162581 _____ () C:\Users\Administrator\Downloads\Windows6.1-KB958830-x86-RefreshPkg.msu
2014-03-14 13:19 - 2014-03-17 13:08 - 00109664 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 13:15 - 2014-03-14 13:18 - 251170997 _____ () C:\Users\Administrator\Downloads\Windows6.1-KB958830-x64-RefreshPkg.msu
2014-03-14 12:51 - 2014-03-14 12:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-14 09:48 - 2014-03-14 10:51 - 00024113 _____ () C:\Windows\system32\avgrep.txt
2014-03-14 09:44 - 2014-03-14 09:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2013
2014-03-14 09:44 - 2014-03-14 09:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2013
2014-03-14 09:23 - 2014-03-17 06:55 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-14 09:23 - 2014-03-14 09:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-03-14 09:23 - 2014-03-14 09:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 09:23 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-14 09:22 - 2014-03-14 09:22 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-14 09:22 - 2014-03-14 09:22 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator
2014-03-14 09:22 - 2013-04-04 09:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2014-03-14 09:22 - 2009-07-13 21:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-14 09:22 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-14 08:55 - 2010-09-29 05:44 - 06153352 _____ (Malwarebytes Corporation ) C:\Users\Public\Downloads\mbam-setup-1.46.exe
2014-03-14 08:13 - 2014-03-14 08:13 - 01526592 _____ (LogMeIn, Inc.) C:\Users\Tuscany WS1\Downloads\Support-LogMeInRescue (2).exe
2014-03-12 02:32 - 2014-02-28 21:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 02:32 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 02:32 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 02:32 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 02:32 - 2014-02-28 20:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 02:32 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 02:32 - 2014-02-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 02:32 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 02:32 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 02:31 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 02:31 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 02:31 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 02:31 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 02:31 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 02:31 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 02:31 - 2014-02-28 20:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 02:31 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 02:31 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 02:31 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 02:31 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 02:31 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 02:31 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 02:31 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 02:31 - 2014-02-06 18:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 02:31 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 02:31 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 02:31 - 2014-01-27 19:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 13:32 - 2014-03-11 13:32 - 00204968 _____ () C:\Windows\Minidump\031114-27627-01.dmp
2014-03-10 10:33 - 2014-03-10 10:55 - 00011420 _____ () C:\Users\Tuscany WS1\Documents\Baking Pan List.xlsx
2014-03-09 11:24 - 2014-03-14 15:18 - 00014452 _____ () C:\Users\Tuscany WS1\Documents\Week 10.xlsx
2014-03-07 15:56 - 2014-03-07 15:58 - 00000014 _____ () C:\Windows\hpmssnpjt.ini
2014-03-07 15:28 - 2014-03-07 15:28 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-28 14:01 - 2014-02-28 14:01 - 00189024 _____ () C:\Windows\Minidump\022814-28298-01.dmp
2014-02-28 11:57 - 2014-02-28 11:57 - 00001229 _____ () C:\Users\Public\Desktop\Dell SonicWALL NetExtender.lnk
2014-02-28 11:57 - 2014-02-28 11:57 - 00000000 ____D () C:\Program Files\SonicWALL
2014-02-24 10:22 - 2014-02-24 10:34 - 00011360 _____ () C:\Users\Tuscany WS1\Documents\In Room closet supplies.xlsx
2014-02-22 09:33 - 2014-02-24 13:18 - 00012754 _____ () C:\Users\Tuscany WS1\Documents\McPhail rooms.xlsx

==================== One Month Modified Files and Folders =======

2014-03-17 13:17 - 2014-03-17 13:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-03-17 13:17 - 2014-03-17 13:17 - 00013922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-03-17 13:17 - 2014-03-17 13:17 - 00000000 ____D () C:\FRST
2014-03-17 13:08 - 2014-03-14 13:19 - 00109664 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-17 12:58 - 2013-03-23 09:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 12:53 - 2014-03-17 12:53 - 18329576 _____ (SUPERAntiSpyware) C:\Users\Administrator\Downloads\SUPERAntiSpyware.exe
2014-03-17 12:53 - 2014-03-17 12:53 - 00001963 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-17 12:53 - 2014-03-17 12:53 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-17 12:52 - 2014-03-17 12:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-03-17 12:46 - 2014-03-17 12:34 - 00009808 _____ () C:\Users\Administrator\Downloads\hijackthis.log
2014-03-17 12:44 - 2014-03-17 12:44 - 00009913 _____ () C:\Users\Administrator\Desktop\hijackthis.log
2014-03-17 12:31 - 2014-03-17 12:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis.exe
2014-03-17 12:31 - 2013-06-21 15:00 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000UA.job
2014-03-17 12:30 - 2013-03-23 09:21 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 12:27 - 2009-07-13 21:34 - 00016000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-17 12:27 - 2009-07-13 21:34 - 00016000 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-17 12:25 - 2013-03-22 10:46 - 00785302 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-17 12:25 - 2013-03-22 09:37 - 01235253 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 12:19 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 12:19 - 2009-07-13 21:39 - 00038725 _____ () C:\Windows\setupact.log
2014-03-17 12:03 - 2014-03-17 12:03 - 00180000 _____ (Kaspersky Lab) C:\Users\Tuscany WS1\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-03-17 11:53 - 2014-03-17 11:53 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tuscany WS1\Downloads\HijackThis.exe
2014-03-17 11:44 - 2014-03-17 11:41 - 00003296 _____ () C:\Users\Tuscany WS1\Desktop\Rkill.txt
2014-03-17 11:41 - 2014-03-17 11:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Tuscany WS1\Downloads\rkill.exe
2014-03-17 11:32 - 2014-03-17 11:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 11:32 - 2014-03-17 07:13 - 00000000 ____D () C:\Users\Tuscany WS1\Desktop\mbar
2014-03-17 11:31 - 2013-06-21 15:00 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000Core.job
2014-03-17 11:29 - 2014-03-17 11:29 - 01402880 _____ () C:\Users\Tuscany WS1\Downloads\HiJackThis.msi
2014-03-17 11:20 - 2014-03-17 11:20 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tuscany WS1\Downloads\mbar-1.07.0.1009 (1).exe
2014-03-17 11:20 - 2014-03-17 11:20 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-17 11:20 - 2014-03-17 07:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-17 11:19 - 2013-04-13 11:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-17 11:19 - 2013-03-22 12:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-17 10:59 - 2013-03-22 12:27 - 00512494 _____ () C:\Windows\PFRO.log
2014-03-17 10:59 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Web
2014-03-17 07:13 - 2014-03-17 07:13 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Tuscany WS1\Downloads\mbar-1.07.0.1009.exe
2014-03-17 06:55 - 2014-03-17 06:55 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-17 06:55 - 2014-03-17 06:55 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Roaming\Malwarebytes
2014-03-17 06:55 - 2014-03-14 09:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-17 06:53 - 2009-07-13 21:33 - 00412488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 06:52 - 2013-04-09 11:56 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-17 06:52 - 2013-03-31 09:35 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Local\PMB Files
2014-03-17 06:43 - 2014-03-17 06:43 - 01145856 _____ (Farbar) C:\Users\Tuscany WS1\Downloads\FRST.exe
2014-03-17 06:31 - 2014-03-17 06:31 - 00000057 _____ () C:\Users\Tuscany WS1\Downloads\avgremover.log
2014-03-17 06:30 - 2014-03-17 06:30 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Tuscany WS1\Downloads\avg_remover_stf_x86_2013_3341.exe
2014-03-17 06:26 - 2014-03-17 06:26 - 00002150 _____ () C:\Windows\epplauncher.mif
2014-03-17 06:24 - 2014-03-17 06:23 - 11125072 _____ (Microsoft Corporation) C:\Users\Tuscany WS1\Downloads\mseinstall.exe
2014-03-17 06:05 - 2013-03-22 11:28 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Local\LogMeIn Rescue Applet
2014-03-16 08:42 - 2014-03-16 07:51 - 00013790 _____ () C:\Users\Tuscany WS1\Documents\Week 11.xlsx
2014-03-15 11:09 - 2014-03-15 10:20 - 00000000 ____D () C:\Users\Tuscany WS1\AppData\Roaming\TeamViewer
2014-03-15 11:06 - 2013-03-22 11:37 - 00109664 _____ () C:\Users\Tuscany WS1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-15 10:20 - 2014-03-15 10:20 - 00001122 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-03-15 10:20 - 2014-03-15 10:20 - 00000000 ____D () C:\Program Files\TeamViewer
2014-03-15 10:20 - 2013-03-22 10:42 - 00000000 ____D () C:\Users\Tuscany WS1
2014-03-15 10:19 - 2014-03-15 10:19 - 05814000 _____ (TeamViewer GmbH) C:\Users\Tuscany WS1\Downloads\TeamViewer_Setup_en.exe
2014-03-14 17:43 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-03-14 15:18 - 2014-03-09 11:24 - 00014452 _____ () C:\Users\Tuscany WS1\Documents\Week 10.xlsx
2014-03-14 14:09 - 2014-03-14 14:09 - 00921000 _____ (Oracle Corporation) C:\Users\Tuscany WS1\Downloads\chromeinstall-7u51.exe
2014-03-14 13:38 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-14 13:37 - 2014-03-14 13:37 - 04342784 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 02548736 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\gpprefbr.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcn.dll
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\zh-CHT
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\zh-CHS
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\tr
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\sv
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ru
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\pt
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\pl
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\nl
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ko
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\ja
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\it
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\hu
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\fr
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\es
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\de
2014-03-14 13:37 - 2014-03-14 13:37 - 00000000 ____D () C:\Windows\system32\cs
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-03-14 13:37 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-14 13:34 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-14 13:34 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-03-14 13:22 - 2014-03-14 13:20 - 241162581 _____ () C:\Users\Administrator\Downloads\Windows6.1-KB958830-x86-RefreshPkg.msu
2014-03-14 13:18 - 2014-03-14 13:15 - 251170997 _____ () C:\Users\Administrator\Downloads\Windows6.1-KB958830-x64-RefreshPkg.msu
2014-03-14 12:51 - 2014-03-14 12:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-03-14 10:51 - 2014-03-14 09:48 - 00024113 _____ () C:\Windows\system32\avgrep.txt
2014-03-14 10:02 - 2013-03-22 12:46 - 00000000 ____D () C:\ProgramData\AVG2013
2014-03-14 09:48 - 2014-03-14 09:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2013
2014-03-14 09:44 - 2014-03-14 09:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2013
2014-03-14 09:39 - 2013-03-22 12:47 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-03-14 09:33 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Speech
2014-03-14 09:23 - 2014-03-14 09:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-03-14 09:23 - 2014-03-14 09:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-14 09:22 - 2014-03-14 09:22 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-14 09:22 - 2014-03-14 09:22 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-03-14 09:22 - 2014-03-14 09:22 - 00000000 ____D () C:\Users\Administrator
2014-03-14 09:12 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-14 08:13 - 2014-03-14 08:13 - 01526592 _____ (LogMeIn, Inc.) C:\Users\Tuscany WS1\Downloads\Support-LogMeInRescue (2).exe
2014-03-13 08:49 - 2013-09-27 16:28 - 00008807 _____ () C:\Users\Tuscany WS1\Documents\Hotel call around sheet.xlsx
2014-03-11 16:19 - 2013-04-13 11:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 16:19 - 2013-04-13 11:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 13:32 - 2014-03-11 13:32 - 00204968 _____ () C:\Windows\Minidump\031114-27627-01.dmp
2014-03-11 13:32 - 2013-03-30 11:39 - 304978163 _____ () C:\Windows\MEMORY.DMP
2014-03-11 13:32 - 2013-03-30 11:39 - 00000000 ____D () C:\Windows\Minidump
2014-03-10 14:04 - 2013-11-21 14:01 - 00000000 ____D () C:\Program Files\PasswordBox
2014-03-10 10:55 - 2014-03-10 10:33 - 00011420 _____ () C:\Users\Tuscany WS1\Documents\Baking Pan List.xlsx
2014-03-07 15:58 - 2014-03-07 15:56 - 00000014 _____ () C:\Windows\hpmssnpjt.ini
2014-03-07 15:28 - 2014-03-07 15:28 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-03-07 14:04 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-03 17:01 - 2013-03-23 09:22 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-28 21:30 - 2014-03-12 02:31 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 21:11 - 2014-03-12 02:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 21:10 - 2014-03-12 02:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 20:52 - 2014-03-12 02:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 20:51 - 2014-03-12 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 02:31 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 20:43 - 2014-03-12 02:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 02:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 20:40 - 2014-03-12 02:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 20:38 - 2014-03-12 02:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 20:38 - 2014-03-12 02:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 02:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 20:31 - 2014-03-12 02:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 20:25 - 2014-03-12 02:31 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 20:16 - 2014-03-12 02:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:14 - 2014-03-12 02:31 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:03 - 2014-03-12 02:31 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 02:31 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 02:31 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 19:32 - 2014-03-12 02:31 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 19:27 - 2014-03-12 02:31 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:25 - 2014-03-12 02:32 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 14:01 - 2014-02-28 14:01 - 00189024 _____ () C:\Windows\Minidump\022814-28298-01.dmp
2014-02-28 11:57 - 2014-02-28 11:57 - 00001229 _____ () C:\Users\Public\Desktop\Dell SonicWALL NetExtender.lnk
2014-02-28 11:57 - 2014-02-28 11:57 - 00000000 ____D () C:\Program Files\SonicWALL
2014-02-24 13:18 - 2014-02-22 09:33 - 00012754 _____ () C:\Users\Tuscany WS1\Documents\McPhail rooms.xlsx
2014-02-24 10:34 - 2014-02-24 10:22 - 00011360 _____ () C:\Users\Tuscany WS1\Documents\In Room closet supplies.xlsx
2014-02-21 20:15 - 2013-07-14 10:24 - 00000000 ____D () C:\Users\Tuscany WS1\Desktop\Tuscany Office Docs

Files to move or delete:
====================
C:\Users\Tuscany WS1\g2ax_customer_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 00:55

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-03-17 13:18:07
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies)
AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{64973F6A-8754-43D1-BDD0-FC6F0546347B}) (Version: 14.4.6.2 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM\...\{3318B54A-B5A8-49B1-8016-753DC6CAC63B}) (Version: 1.0.110 - Citrix)
Dell SonicWALL NetExtender (HKLM\...\Dell SonicWALL NetExtender) (Version: 7.0.201 - Dell)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EPSON Advanced Printer Driver 4 (HKLM\...\{11FF6AF6-0141-4EF8-829A-989459A1E5D8}) (Version: 4.07.0007 - EPSON)
EPSON APD4 Point and Print Support (Version: 4.07.0006 - EPSON) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LogMeIn (HKLM\...\{0330FC8D-EDB2-455E-A3DC-B56DD107E4BC}) (Version: 4.1.2694 - LogMeIn, Inc.)
LogMeIn (HKLM\...\{B27B646E-76EA-4412-91D8-A4DFDA8AD152}) (Version: 4.1.3256 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
ShotOnline (HKLM\...\ShotOnline) (Version: 1.0 - GamesCampus)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TSW Main (HKLM\...\{B06F3366-C956-4DD0-AF88-A18CD25F4CC1}) (Version: 0.1 - agolder)
USB HID OPOS MagSwipe Driver (HKLM\...\{FA631EA3-7B23-48F3-9E68-69F4C0952410}) (Version:  - )
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wild Waves (HKLM\...\{21AA0176-5B9E-4305-82B1-8D891422E760}) (Version: 1.00.0000 - Phantom EFX)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

21-02-2014 08:00:04 Scheduled Checkpoint
26-02-2014 11:00:13 Windows Update
27-02-2014 11:00:12 Windows Update
28-02-2014 18:57:34 Device Driver Package Install: SonicWALL Network adapters
08-03-2014 01:23:57 Scheduled Checkpoint
12-03-2014 10:00:14 Windows Update
14-03-2014 20:23:13 Windows Update
14-03-2014 20:37:06 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0786E4D0-8725-46A9-B868-0FA6377CAE42} - System32\Tasks\Windows Update Check - 0x0ECD02AB => C:\Users\Tuscany
Task: {6720924C-D942-48B1-BB19-D398132E4D35} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {A3B76205-0246-4C43-A01E-0C81F8DC82CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000Core => C:\Users\Tuscany WS1\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: {ACD9070B-4839-41A5-A521-FCF59053F0EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {B26547B8-5F4F-46F2-BA2E-81719AF02324} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C725862F-C7A6-45F9-811D-111E7FE712E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-23] (Google Inc.)
Task: {F18447FA-CECB-4DAA-9EF3-F9CE36BC69BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000UA => C:\Users\Tuscany WS1\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000Core.job => C:\Users\Tuscany WS1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2203092496-3904148046-150417179-1000UA.job => C:\Users\Tuscany WS1\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-01 13:11 - 2013-11-01 13:11 - 00090624 _____ () C:\Program Files\PasswordBox\libwebsocketswin32.dll
2014-03-17 13:03 - 2014-03-15 00:35 - 00892120 _____ () C:\Program Files\Google\Update\Install\{6478DCD4-7CC8-444A-9387-04D226FDBEBD}\33.0.1750.154_33.0.1750.146_chrome_updater.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_79c08b6f-ccce-4da4-840a-dbf95c96e89d => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: 24x7HELP => "C:\Program Files\24x7Help\App24x7Help.exe" /STARTUP
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files\PCFixSpeed\PCFixTray.exe" /startup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 11:31:07 AM) (Source: MsiInstaller) (User: TuscanyWS1-PC)
Description: Product: HiJackThis -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (03/17/2014 11:31:05 AM) (Source: MsiInstaller) (User: TuscanyWS1-PC)
Description: Product: HiJackThis -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (03/17/2014 11:31:04 AM) (Source: MsiInstaller) (User: TuscanyWS1-PC)
Description: Product: HiJackThis -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (03/17/2014 11:30:26 AM) (Source: MsiInstaller) (User: TuscanyWS1-PC)
Description: Product: HiJackThis -- Error 1711. An error occurred while writing installation information to disk.  Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.

Error: (03/17/2014 06:26:54 AM) (Source: Microsoft Security Client Setup) (User: TuscanyWS1-PC)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/17/2014 06:25:21 AM) (Source: MsiInstaller) (User: TuscanyWS1-PC)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: c:\Windows\Installer\9789013.ipi, -2147287035,

Error: (03/17/2014 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2014 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2014 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/17/2014 00:30:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/17/2014 00:20:04 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/17/2014 00:19:49 PM) (Source: Service Control Manager) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (03/17/2014 11:36:38 AM) (Source: DCOM) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (03/17/2014 11:35:59 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (03/17/2014 11:35:59 AM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/17/2014 11:34:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/17/2014 11:34:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/17/2014 11:34:11 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/17/2014 11:34:11 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/17/2014 11:34:11 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (06/19/2013 08:55:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-17 10:34:17.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:34:17.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:34:17.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.0.6001.18000_none_6f8d0e60c043c672\Win32_Tpm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:34:12.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:34:12.437
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:34:12.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.0.6001.18000_none_34daa5e8f21ef8d2\fveapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:33:46.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:33:46.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:33:46.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\bcrypt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-17 10:33:23.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Backup\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f_bcrypt.dll_e2f091ac because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3291.65 MB
Available physical RAM: 1653.04 MB
Total Pagefile: 6581.59 MB
Available Pagefile: 4841.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:217.79 GB) (Free:109.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 22 March 2014 - 10:06 AM

Hello

Very Very sorry for the delay - I was discussing something with your case with a friend of mine and then got hit with the flu for a couple of days

My friend would like to have a copy of one of your files to examine


Make sure you can view hidden files and folder...
Check this out: How to see hidden files in Windows

Now can you please go to:

C:\Users\Tuscany WS1\AppData\Local\AVG SafeGuard toolbar\LogMeIn Rescue Applet\andpgl.dll

and right click on it, select send to compressed(zip) folders that will make a zipped copy of this file...
Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the file and submit to antivirus companies if needed.
After that please delete the zip file you just created.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 27 March 2014 - 11:01 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 01 April 2014 - 08:11 AM


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:22 AM

Posted 05 April 2014 - 04:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users