Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Pro Locks at Splash Screen After Malwarebytes


  • This topic is locked This topic is locked
15 replies to this topic

#1 rrold1

rrold1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 29 April 2014 - 12:42 PM

Windows XP Pro

 

I ran a malwarebytes scan as a proactive measure to see it anything was running in the background. It returned a list of things to which I clicked quarantine and rebooted. The system locked at the Splash Screen. I did (and can) reboot into safe mode and was offered the option to do a system restore, which I did (bad idea?). No change. The system did not create a restore checkpoint when I had installed Malawarebytes an hour before, so I could not backtrack.

I had to reinstall malwarebytes due to the system restore, but did copy its program folder before doing so.

There is not a list available of what was previously quarantined, but the Application log file is there. I just cannot export it since the safe mode screen resolution will not allow me to see the export button.

 

I have attached a copy of the file from the malwarebytes program folder.

 

I should have probably asked advice BEFORE doing a quarantine. Any and all help is appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:54 PM

Posted 04 May 2014 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/532707 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 15 May 2014 - 11:50 AM

Greetings rrold1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • While in Safe Mode download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 15 May 2014 - 02:05 PM

Hi Gary, Thanks for the assistance. The logs requested are below.

Steve

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:14-05-2014
Ran by Shop PC (administrator) on AQUA on 15-05-2014 14:59:29
Running from C:\Documents and Settings\Shop PC\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [318488 2008-04-07] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] => C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM\...\Run: [Reminder] => C:\WINDOWS\Creator\Remind_XP.exe [761856 2006-03-31] ()
HKLM\...\Run: [Scheduler] => C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [24576 2009-12-01] ()
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1497352 2011-02-22] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44280 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642816 2012-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MilShieldSlave] => C:\Program Files\Mil Incorporated\Mil Shield\ShieldWorker.exe [1861120 2011-12-02] ()
HKLM\...\Run: [VERIZONDM] => C:\Program Files\VERIZONDM\bin\sprtcmd.exe [206120 2011-12-01] (SupportSoft, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295072 2012-12-21] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1312159197-1323100510-687155563-1006\...\Run: [Google Update] => C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2012-01-05] (Google Inc.)
HKU\S-1-5-21-1312159197-1323100510-687155563-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1312159197-1323100510-687155563-1006\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-11] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - {598D720B-0E04-45EB-92C4-ED002086F4BD} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1091&query={searchTerms}&invocationType=tb50hpcmdtie7-en-us
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1315606311968
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Shop PC\Application Data\Mozilla\Firefox\Profiles\zv17z3hq.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @alternatiff.com/AlternaTIFF - C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: OneClickDownloader - C:\Documents and Settings\Shop PC\Application Data\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-06-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-05]
CHR Extension: (Google Search) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-05]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-05]
CHR Extension: (OneClickDownload) - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco [2014-04-29]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader10.crx [2012-06-05]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
S2 MilShieldCleaner; C:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exe [1187840 2011-12-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-04-07] (PDF Complete Inc)
S2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S2 sprtsvc_verizondm; C:\Program Files\VERIZONDM\bin\sprtsvc.exe [206120 2011-12-01] (SupportSoft, Inc.)
S2 tgsrvc_verizondm; C:\Program Files\VERIZONDM\bin\tgsrvc.exe [185640 2011-12-01] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S2 EMPNT; C:\WINDOWS\system32\Drivers\EMPNT.sys [3360 2003-11-13] ()
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-12] (Malwarebytes Corporation)
S2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 OxPPort; C:\WINDOWS\System32\DRIVERS\OxPPort.sys [82048 2008-07-31] (OEM)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
S4 Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [28416 2002-04-04] (LSI Logic)
S3 catchme; \??\C:\DOCUME~1\SHOPPC~1\LOCALS~1\Temp\catchme.sys [X]
S3 ialm; system32\DRIVERS\igxpmp32.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-15 14:59 - 2014-05-15 14:59 - 00020450 _____ () C:\Documents and Settings\Shop PC\Desktop\FRST.txt
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\FRST
2014-05-15 14:58 - 2014-05-15 14:58 - 01056256 _____ (Farbar) C:\Documents and Settings\Shop PC\Desktop\FRST.exe
2014-04-29 12:57 - 2014-05-12 17:42 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-29 12:57 - 2014-04-29 12:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 12:57 - 2014-04-29 12:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 12:57 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-29 12:57 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-29 12:55 - 2014-04-29 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Copy of Malwarebytes
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Program Files\Vid-Saver
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Program Files\uTorrentControl_v2
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Documents and Settings\Shop PC\Local Settings\Application Data\Vid-Saver
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Documents and Settings\Shop PC\Local Settings\Application Data\uTorrentControl_v2
2014-04-29 11:57 - 2014-04-29 11:57 - 00000000 __SHD () C:\WINDOWS\CSC
2014-04-29 11:20 - 2014-04-29 12:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 11:20 - 2014-04-29 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-24 09:26 - 2014-04-24 09:37 - 00001029 _____ () C:\Documents and Settings\Shop PC\My Documents\bb.txt
2014-04-18 10:08 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-04-18 10:08 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-04-18 10:07 - 2014-04-18 10:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-04-18 10:07 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-04-18 10:07 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-04-18 10:07 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-04-18 10:06 - 2014-04-18 10:07 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Citrix
2014-04-16 03:24 - 2014-01-30 08:23 - 00029280 _____ (Citrix Systems, Inc.) C:\WINDOWS\system32\Drivers\monblanking.sys
2014-04-15 22:10 - 2014-04-15 22:23 - 00000000 ____D () C:\Documents and Settings\Shop PC\My Documents\Robomow
2014-04-15 03:05 - 2014-04-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 03:01 - 2014-04-15 03:01 - 00011420 _____ () C:\WINDOWS\KB2936068-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-15 14:59 - 2014-05-15 14:59 - 00020450 _____ () C:\Documents and Settings\Shop PC\Desktop\FRST.txt
2014-05-15 14:59 - 2014-05-15 14:59 - 00000000 ____D () C:\FRST
2014-05-15 14:58 - 2014-05-15 14:58 - 01056256 _____ (Farbar) C:\Documents and Settings\Shop PC\Desktop\FRST.exe
2014-05-15 14:44 - 2011-09-09 11:40 - 00000000 ____D () C:\StoneEdge
2014-05-15 12:22 - 2006-04-25 14:05 - 01234128 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-15 11:31 - 2011-10-05 11:31 - 00002335 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2014-05-13 05:54 - 2014-04-08 03:11 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-05-12 17:42 - 2014-04-29 12:57 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 12:40 - 2012-06-18 20:52 - 00091223 _____ () C:\WINDOWS\setupapi.log
2014-04-29 12:57 - 2014-04-29 12:57 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-29 12:57 - 2014-04-29 12:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-29 12:57 - 2014-04-29 11:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-29 12:55 - 2014-04-29 12:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Copy of Malwarebytes
2014-04-29 12:13 - 2006-04-25 13:59 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-29 12:05 - 2006-04-25 14:05 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Program Files\Vid-Saver
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Program Files\uTorrentControl_v2
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Documents and Settings\Shop PC\Local Settings\Application Data\Vid-Saver
2014-04-29 11:59 - 2014-04-29 11:59 - 00000000 ____D () C:\Documents and Settings\Shop PC\Local Settings\Application Data\uTorrentControl_v2
2014-04-29 11:59 - 2011-08-24 09:30 - 00000000 ____D () C:\Documents and Settings\STC
2014-04-29 11:59 - 2011-05-26 13:08 - 00000000 ____D () C:\Documents and Settings\Shop PC
2014-04-29 11:59 - 2008-09-22 23:55 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-29 11:59 - 2008-09-22 23:55 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-29 11:59 - 2008-09-22 23:55 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-29 11:59 - 2008-09-22 23:55 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-29 11:57 - 2014-04-29 11:57 - 00000000 __SHD () C:\WINDOWS\CSC
2014-04-29 11:39 - 2012-12-27 12:19 - 00000352 _____ () C:\WINDOWS\Tasks\Windows Codec Update Service.job
2014-04-29 11:38 - 2011-09-09 18:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802$
2014-04-29 11:38 - 2006-04-25 14:05 - 00032412 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-29 11:38 - 2006-04-25 06:22 - 00000377 _____ () C:\WINDOWS\wiadebug.log
2014-04-29 11:26 - 2012-01-05 11:20 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1312159197-1323100510-687155563-1006UA.job
2014-04-29 11:20 - 2014-04-29 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-29 11:19 - 2013-01-22 12:39 - 00000000 ____D () C:\Documents and Settings\Shop PC\Application Data\Skype
2014-04-29 10:59 - 2013-03-06 10:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-29 02:26 - 2012-01-05 11:20 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1312159197-1323100510-687155563-1006Core.job
2014-04-27 23:32 - 2011-09-09 13:39 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
2014-04-25 08:45 - 2012-12-21 09:51 - 00000290 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1312159197-1323100510-687155563-1006.job
2014-04-25 08:45 - 2012-12-21 09:51 - 00000282 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1312159197-1323100510-687155563-1006.job
2014-04-25 08:45 - 2012-02-29 14:08 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1312159197-1323100510-687155563-1006.job
2014-04-24 23:30 - 2012-01-05 11:20 - 00002302 _____ () C:\Documents and Settings\Shop PC\Desktop\Google Chrome.lnk
2014-04-24 09:37 - 2014-04-24 09:26 - 00001029 _____ () C:\Documents and Settings\Shop PC\My Documents\bb.txt
2014-04-23 08:20 - 2012-07-05 10:50 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-21 18:51 - 2011-09-16 17:09 - 00000000 ___SD () C:\Documents and Settings\Shop PC\My Documents\My ScanSnap
2014-04-18 10:07 - 2014-04-18 10:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-04-18 10:07 - 2014-04-18 10:06 - 00005252 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-04-18 10:07 - 2008-09-23 00:07 - 00000000 ____D () C:\Program Files\Java
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
2014-04-16 03:24 - 2014-04-16 03:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Citrix
2014-04-15 22:23 - 2014-04-15 22:10 - 00000000 ____D () C:\Documents and Settings\Shop PC\My Documents\Robomow
2014-04-15 09:08 - 2014-03-26 12:25 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-15 09:08 - 2012-02-29 14:08 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1312159197-1323100510-687155563-1006.job
2014-04-15 09:08 - 2011-12-02 16:33 - 00000032 _____ () C:\WINDOWS\vb_mconf.ini
2014-04-15 09:08 - 2008-09-23 00:11 - 00000000 ____D () C:\WINDOWS\SMINST
2014-04-15 03:22 - 2006-04-25 06:22 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-15 03:21 - 2011-05-26 13:08 - 00000178 ___SH () C:\Documents and Settings\Shop PC\ntuser.ini
2014-04-15 03:05 - 2014-04-15 03:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-15 03:05 - 2014-04-09 04:58 - 00013289 _____ () C:\WINDOWS\KB2922229.log
2014-04-15 03:05 - 2011-05-25 20:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-15 03:05 - 2006-04-25 14:00 - 00714224 _____ () C:\WINDOWS\tsoc.log
2014-04-15 03:05 - 2006-04-25 13:59 - 01686039 _____ () C:\WINDOWS\iis6.log
2014-04-15 03:05 - 2006-04-25 13:39 - 00520740 _____ () C:\WINDOWS\comsetup.log
2014-04-15 03:05 - 2006-04-25 13:39 - 00313784 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-15 03:05 - 2006-04-25 13:39 - 00085520 _____ () C:\WINDOWS\ocmsn.log
2014-04-15 03:05 - 2006-04-25 13:39 - 00079151 _____ () C:\WINDOWS\tabletoc.log
2014-04-15 03:05 - 2006-04-25 13:39 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-15 03:05 - 2006-04-25 13:28 - 01551094 _____ () C:\WINDOWS\FaxSetup.log
2014-04-15 03:05 - 2006-04-25 13:28 - 00750205 _____ () C:\WINDOWS\ocgen.log
2014-04-15 03:05 - 2006-04-25 13:28 - 00272131 _____ () C:\WINDOWS\netfxocm.log
2014-04-15 03:05 - 2006-04-25 13:28 - 00107850 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-15 03:05 - 2006-04-25 13:28 - 00077656 _____ () C:\WINDOWS\msgsocm.log
2014-04-15 03:05 - 2006-04-25 13:26 - 00473994 _____ () C:\WINDOWS\msmqinst.log
2014-04-15 03:04 - 2013-08-13 03:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-15 03:02 - 2011-09-09 18:51 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-15 03:01 - 2014-04-15 03:01 - 00011420 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-15 03:01 - 2011-08-21 17:59 - 00218606 _____ () C:\WINDOWS\updspapi.log
2014-04-15 03:01 - 2006-04-25 13:39 - 00001374 _____ () C:\WINDOWS\imsins.BAK

Files to move or delete:
====================
C:\Documents and Settings\Shop PC\gotomypc_540.exe
C:\Documents and Settings\Shop PC\gotomypc_635.exe
C:\Documents and Settings\Shop PC\WSSEMAPHORES.dat
C:\Documents and Settings\STC\WSSEMAPHORES.dat

Some content of TEMP:
====================
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-14c62e89.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-198d9ac.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-217c9d42.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4e1bab22.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\utt1887.tmp.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:14-05-2014
Ran by Shop PC at 2014-05-15 15:00:04
Running from C:\Documents and Settings\Shop PC\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

1ClickDownloader (HKLM\...\1ClickDownload) (Version: 2.7 Build 26473 - 1ClickDownload) <==== ATTENTION
ABBYY FineReader for ScanSnap ™ 4.1 (HKLM\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.4 - Adobe Systems)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.5.4 - Adobe Systems) Hidden
Adobe Acrobat 9.5.4 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000004}_954) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AOL Toolbar 5.0 (HKLM\...\AOL Toolbar) (Version: 5.2.26.1 - AOL LLC)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Brother HL-4070CDW (HKLM\...\{98832B6B-D5CF-48D4-9FB2-A255BF73E9DA}) (Version: 1.00 - Brother)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CardMinder (HKLM\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (Version: 4.1.10.1 - PFU) Hidden
CCC (Version: 12.00.0000 - United Parcel Service, Inc.) Hidden
DAZzle (HKLM\...\DAZzle) (Version:  - )
DYMO Printable Postage (HKLM\...\Printable Postage.exe) (Version: 2.6 - Endicia Internet Postage)
EMP Device Programming Software (HKLM\...\{F0758303-2B40-4B86-B909-FDAF244AFC6B}) (Version: 1.6.1.1 - nei)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FormsComponent (Version: 12.00.0000 - UPS) Hidden
FOSS (Version: 12.50.0000 - UPS) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP Backup and Recovery Manager (HKLM\...\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}) (Version: 2.4a - Hewlett-Packard Company)
HP Help and Support (HKLM\...\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}) (Version: 4.2.0010 - HPQ)
ICCHelp (HKLM\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)
InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) Hidden
InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.1220 - InterVideo Inc.)
Ipswitch WS_FTP Pro (HKLM\...\WS_FTP Pro) (Version:  - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KX-TA Maintenance Console (HKLM\...\{04036F66-8809-4BCF-BA28-892460F70054}) (Version: 3.001 - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mil Shield (HKLM\...\Mil Shield) (Version: 7.9 - Mil Incorporated)
Mozilla Firefox 19.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 19.0.2 (x86 en-US)) (Version: 19.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 19.0.2 - Mozilla)
MSIChecker (Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NA1Messenger (Version: 12.00.6000 - Your Company Name) Hidden
NRF (Version: 12.00.0000 - UPS) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Order Manager PDF Writer (HKLM\...\Order Manager PDF Writer) (Version:  - )
Order Manager PLUS POS Edition (HKLM\...\{A758CEE9-9A53-4F24-93FB-B44BB75F5C51}) (Version: 5.9.1801 - Stone Edge Technologies, Inc.)
PDF Complete (HKLM\...\PDF Complete) (Version: 3.5.22 - PDF Complete, Inc.)
PolicyManager (Version: 12.00.0000 - UPS) Hidden
QBFC 7.0 (HKLM\...\{D90AD053-6F8D-4658-9EB8-D57C8BE39092}) (Version: 7.0.0.134 - Intuit Developer Network)
QuickBooks (Version: 20.0.4012.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4012.807 - Intuit Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5508 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reconciler (Version: 12.00.0000 - UPS) Hidden
ReportServer (Version: 12.00.0000 - Your Company Name) Hidden
ScanSnap (Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.0L21 - PFU)
ScanSnap Organizer (HKLM\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
ScanSnap Organizer (Version: 4.1.11.3 - PFU LIMITED) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SupportUtility (Version: 12.00.0000 - Your Company Name) Hidden
System (Version: 12.00.0000 - UPS) Hidden
UnifiedPrinting (Version: 12.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
UPS WorldShip (HKLM\...\UPS WorldShip) (Version: 12.0 - UPS)
UPSICC (Version: 1.0.0.16 - UPS) Hidden
UPSlinkHTTP (Version: 1.0.0.13 - UPS) Hidden
UPSVCMM (Version: 12.00.0000 - UPS) Hidden
Verizon Download Manager (HKLM\...\{EDA40AA1-070C-48D1-9D77-50602BCDA95E}) (Version: 16 - SupportSoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebHelp (HKLM\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Driver Package - Needhams Electronics Inc (empusb) USB  (6/27/2005 2.01.0000.0) (HKLM\...\29AC06753320B1ED9352B1A22EDF017AD47B9F04) (Version: 6/27/2005 2.01.0000.0 - Needhams Electronics Inc)
Windows Essentials Media Codec Pack 4.0 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 4.0 - Media Codec)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WorldShip (Version: 12.00.0000 - UPS) Hidden

==================== Restore Points  =========================

06-03-2014 18:30:34 Software Distribution Service 3.0
06-03-2014 22:34:51 System Checkpoint
07-03-2014 19:36:26 Software Distribution Service 3.0
08-03-2014 19:36:14 Software Distribution Service 3.0
09-03-2014 19:36:00 Software Distribution Service 3.0
10-03-2014 19:36:04 Software Distribution Service 3.0
11-03-2014 06:06:20 Software Distribution Service 3.0
11-03-2014 07:00:19 Software Distribution Service 3.0
11-03-2014 19:36:23 Software Distribution Service 3.0
12-03-2014 19:36:15 Software Distribution Service 3.0
13-03-2014 19:36:41 Software Distribution Service 3.0
14-03-2014 19:38:52 Software Distribution Service 3.0
15-03-2014 19:36:04 Software Distribution Service 3.0
16-03-2014 19:36:10 Software Distribution Service 3.0
17-03-2014 19:37:04 Software Distribution Service 3.0
18-03-2014 06:06:47 Software Distribution Service 3.0
18-03-2014 07:00:19 Software Distribution Service 3.0
19-03-2014 07:20:10 System Checkpoint
19-03-2014 13:21:44 Software Distribution Service 3.0
20-03-2014 13:21:26 Software Distribution Service 3.0
21-03-2014 13:21:38 Software Distribution Service 3.0
22-03-2014 13:21:42 Software Distribution Service 3.0
23-03-2014 13:21:36 Software Distribution Service 3.0
24-03-2014 13:21:41 Software Distribution Service 3.0
25-03-2014 07:00:16 Software Distribution Service 3.0
25-03-2014 13:21:45 Software Distribution Service 3.0
26-03-2014 13:21:55 Software Distribution Service 3.0
27-03-2014 16:24:51 Software Distribution Service 3.0
28-03-2014 16:24:24 Software Distribution Service 3.0
29-03-2014 16:24:10 Software Distribution Service 3.0
30-03-2014 16:24:03 Software Distribution Service 3.0
31-03-2014 16:24:22 Software Distribution Service 3.0
01-04-2014 05:47:28 Software Distribution Service 3.0
01-04-2014 16:24:35 Software Distribution Service 3.0
02-04-2014 16:24:23 Software Distribution Service 3.0
03-04-2014 16:24:38 Software Distribution Service 3.0
04-04-2014 16:24:13 Software Distribution Service 3.0
05-04-2014 16:24:27 Software Distribution Service 3.0
06-04-2014 16:24:07 Software Distribution Service 3.0
07-04-2014 16:25:15 Software Distribution Service 3.0
08-04-2014 05:47:20 Software Distribution Service 3.0
08-04-2014 07:00:15 Software Distribution Service 3.0
09-04-2014 07:22:20 System Checkpoint
09-04-2014 07:30:10 Software Distribution Service 3.0
10-04-2014 08:19:39 System Checkpoint
10-04-2014 21:27:23 Software Distribution Service 3.0
11-04-2014 21:27:30 Software Distribution Service 3.0
12-04-2014 21:27:43 Software Distribution Service 3.0
13-04-2014 21:27:25 Software Distribution Service 3.0
14-04-2014 21:27:23 Software Distribution Service 3.0
14-04-2014 21:39:13 Software Distribution Service 3.0
15-04-2014 06:23:23 Software Distribution Service 3.0
15-04-2014 07:00:22 Software Distribution Service 3.0
16-04-2014 07:25:08 Printer Driver GoToMyPC UPD Driver Installed
16-04-2014 07:34:06 Software Distribution Service 3.0
17-04-2014 07:38:25 System Checkpoint
18-04-2014 08:24:04 System Checkpoint
18-04-2014 14:06:39 Installed Java 7 Update 55
19-04-2014 14:26:22 System Checkpoint
20-04-2014 14:39:18 System Checkpoint
21-04-2014 22:52:00 System Checkpoint
22-04-2014 23:26:24 System Checkpoint
24-04-2014 03:41:46 System Checkpoint
25-04-2014 04:27:18 System Checkpoint
26-04-2014 04:48:12 System Checkpoint
27-04-2014 06:38:01 System Checkpoint
28-04-2014 07:26:16 System Checkpoint
29-04-2014 07:56:40 System Checkpoint
29-04-2014 15:58:53 Restore Operation

==================== Hosts content: ==========================

2006-02-27 22:00 - 2011-11-08 11:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1312159197-1323100510-687155563-1006Core.job => C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1312159197-1323100510-687155563-1006UA.job => C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1312159197-1323100510-687155563-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1312159197-1323100510-687155563-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1312159197-1323100510-687155563-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1312159197-1323100510-687155563-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\Windows Codec Update Service.job => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-09-20 14:37 - 2002-12-18 11:28 - 00024576 _____ () C:\Program Files\WS_FTP Pro\nsftpch.dll
2007-04-19 00:26 - 2007-04-19 00:26 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2013-03-06 10:38 - 2009-01-18 15:50 - 00417792 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adobexmp.dll
2006-02-27 22:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\Drivers\bahgxcff.sys:changelist

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 02:28:53 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/22/2014 02:28:40 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 0x80070005, P2 mpupdateengine, P3 am fe, P4 11.1.4590.0, P5 mpsigstub.exe, P6 4.5.216.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/18/2014 03:04:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dazzle.exe, version 14.1.2.0, faulting module dazzle.exe, version 14.1.2.0, fault address 0x0007f902.
Processing media-specific event for [dazzle.exe!ws!]

Error: (04/17/2014 04:23:00 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/16/2014 07:27:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (04/16/2014 07:26:46 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.5.216.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/16/2014 07:26:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (04/15/2014 09:08:08 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10401.0, P3 1.169.2651.0, P4 1.169.2651.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (04/14/2014 05:29:03 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10401.0, P3 1.169.2529.0, P4 1.169.2529.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

Error: (04/01/2014 07:16:43 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.10401.0, P3 1.169.1377.0, P4 1.169.1377.0, P5 unknown, P6 NIL, P7 NIL, P8 NIL, P9 avsubmit0, P10 avsubmit1.

System errors:
=============
Error: (05/15/2014 02:58:37 PM) (Source: DCOM) (EventID: 10005) (User: AQUA)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/15/2014 00:22:32 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 00:22:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.173.1861.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/15/2014 00:22:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/15/2014 00:22:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/15/2014 00:22:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.173.1861.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/15/2014 00:22:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/15/2014 00:22:32 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/15/2014 00:22:31 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 11:30:27 AM) (Source: DCOM) (EventID: 10005) (User: AQUA)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Microsoft Office Sessions:
=========================
Error: (03/26/2014 01:32:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 361 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/06/2013 04:11:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 84129 seconds with 1920 seconds of active time.  This session ended with a crash.

Error: (11/16/2012 10:16:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/11/2011 04:15:38 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 219758 seconds with 840 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3071.17 MB
Available physical RAM: 2437 MB
Total Pagefile: 4961.59 MB
Available Pagefile: 4536.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.74 GB) (Free:416.55 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:10 GB) (Free:6.55 GB) NTFS
Drive z: () (Network) (Total:455.74 GB) (Free:436.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D42AD42A)
Partition 1: (Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by rrold1, 15 May 2014 - 02:09 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 16 May 2014 - 08:18 AM

Hi Steve,

Thanks for your patience. I should be more responsive to your replies now.

Please consider the below caution then complete the below step for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • While in Safe Mode press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S2 EMPNT; C:\WINDOWS\system32\Drivers\EMPNT.sys [3360 2003-11-13] ()
U1 WS2IFSL;
C:\Documents and Settings\Shop PC\gotomypc_540.exe
C:\Documents and Settings\Shop PC\gotomypc_635.exe
C:\Documents and Settings\Shop PC\WSSEMAPHORES.dat
C:\Documents and Settings\STC\WSSEMAPHORES.dat
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-14c62e89.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-198d9ac.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-217c9d42.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4e1bab22.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\utt1887.tmp.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Does your computer boot properly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 16 May 2014 - 11:49 AM

Hi Gary,

 

The computer booted right up and I am beyond appreciative. I will be removing the torrent SW, but didn't want to do anything more until my machine is clean.

 

My log is below.

 

Regards,

Steve

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Shop PC at 2014-05-16 11:07:27 Run:1
Running from C:\Documents and Settings\Shop PC\Desktop
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
Content of fixlist:
*****************
S2 EMPNT; C:\WINDOWS\system32\Drivers\EMPNT.sys [3360 2003-11-13] ()
U1 WS2IFSL;
C:\Documents and Settings\Shop PC\gotomypc_540.exe
C:\Documents and Settings\Shop PC\gotomypc_635.exe
C:\Documents and Settings\Shop PC\WSSEMAPHORES.dat
C:\Documents and Settings\STC\WSSEMAPHORES.dat
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-14c62e89.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-198d9ac.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-217c9d42.exe
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4e1bab22.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\lowproc.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Shop PC\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\tbedrs.dll
C:\Documents and Settings\Shop PC\Local Settings\temp\utt1887.tmp.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\STC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe
*****************
 
EMPNT => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Shop PC\gotomypc_540.exe => Moved successfully.
C:\Documents and Settings\Shop PC\gotomypc_635.exe => Moved successfully.
C:\Documents and Settings\Shop PC\WSSEMAPHORES.dat => Moved successfully.
C:\Documents and Settings\STC\WSSEMAPHORES.dat => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-14c62e89.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-198d9ac.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-217c9d42.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\temp\mpam-4e1bab22.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\lowproc.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\stubhelper.dll => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\tbedrs.dll => Moved successfully.
C:\Documents and Settings\Shop PC\Local Settings\temp\utt1887.tmp.exe => Moved successfully.
C:\Documents and Settings\STC\Local Settings\temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\STC\Local Settings\temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
 
==== End of Fixlog ====


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 16 May 2014 - 12:14 PM

Hi Steve,

Very nice! :thumbsup2:

There is no urgency in deleting utorrent, the real danger is downloading material via those means. You can delete it any time you'd like.

Let's do some more clean up and search for security vulnerabilities on your computer.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\WINDOWS\system32\Drivers\EMPNT.sys
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Security Check log
  • How is your computer running now, any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 16 May 2014 - 01:08 PM

Yes, very nice!

 

I'm not sure of what to uncheck (if anything) in the AdwCleaner so I did not click clean yet. The report is below as well as the Fixlog.

 

# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Shop PC - AQUA
# Running from : C:\Documents and Settings\Shop PC\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Found : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Vid-Saver
Folder Found : C:\Documents and Settings\STC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\Vid-Saver
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
[ File : C:\Documents and Settings\Shop PC\Application Data\Mozilla\Firefox\Profiles\zv17z3hq.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
[ File : C:\Documents and Settings\STC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
*************************
 
AdwCleaner[R0].txt - [2562 octets] - [16/05/2014 13:50:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2622 octets] ##########
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-05-2014
Ran by Shop PC at 2014-05-16 13:44:46 Run:2
Running from C:\Documents and Settings\Shop PC\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\WINDOWS\system32\Drivers\EMPNT.sys
*****************
 
C:\WINDOWS\system32\Drivers\EMPNT.sys => Moved successfully.
 
==== End of Fixlog ====


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 16 May 2014 - 02:07 PM

You can delete all of the entries AdwCleaner found. Please continue on after that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 16 May 2014 - 04:12 PM

My computer seems to be just fine. The logs requested are below.

Regards,

 

Steve

 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Vid-Saver
[x] Not Deleted : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Conduit
[x] Not Deleted : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Vid-Saver
[x] Not Deleted : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
[x] Not Deleted : C:\Documents and Settings\STC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
[ File : C:\Documents and Settings\Shop PC\Application Data\Mozilla\Firefox\Profiles\zv17z3hq.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
[ File : C:\Documents and Settings\STC\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : pmlghpafmmnmmkjdhacccolfgnkiboco
 
*************************
 
AdwCleaner[R0].txt - [2702 octets] - [16/05/2014 13:50:57]
AdwCleaner[S0].txt - [2672 octets] - [16/05/2014 15:22:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2732 octets] ##########
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Shop PC on Fri 05/16/2014 at 16:27:22.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{598D720B-0E04-45EB-92C4-ED002086F4BD}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Shop PC\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Shop PC\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Shop PC\Local Settings\Application Data\utorrentcontrol_v2"
Successfully deleted: [Folder] "C:\Documents and Settings\Shop PC\Local Settings\Application Data\vid-saver"
Successfully deleted: [Folder] "C:\Program Files\utorrentcontrol_v2"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/16/2014 at 16:31:53.54
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 Results of screen317's Security Check version 0.99.83  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Please wait while WMIC compiles updated MOF files.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 55  
 Adobe Flash Player 13.0.0.214  
 Mozilla Firefox 19.0.2 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 16 May 2014 - 04:31 PM

Thanks. We are going to run one final scan to look for any leftover entries. Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Everything still working as it should?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 19 May 2014 - 09:06 AM

Hi Gary,

 

All seems to be working well.  Log follows

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3279bb19e3073645a52a173f5bda894b
# engine=18297
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-16 11:35:07
# local_time=2014-05-16 07:35:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 2421225 63505997 0 0
# scanned=136232
# found=14
# cleaned=14
# scan_time=4811
sh=04D1E7A2B2917837628D194BD0F7F3896A7D3C03 ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DU trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\Application Data\Sun\Java\Deployment\cache\6.0\8\962888-1228c56e"
sh=AC86367E903E7D46E0322C3AA56AF82676673E4F ft=1 fh=28ac54bb90a3301f vn="a variant of Win32/InstalleRex.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=3F7976498661C306FE1B73EA0F8FD80C7C30F3F7 ft=1 fh=93a499006a4dae46 vn="Win32/Wajam.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\Local Settings\temp\is349140818\wajam_download.exe"
sh=D63617AF9FA8013B6135C4053242F3DC0B071463 ft=1 fh=c0de1fde1936e0bf vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\Local Settings\temp\is349140818\Yontoo-C4.exe"
sh=26049D7BA2758ABBDC80B3D767B8C3AF38652BC9 ft=1 fh=c71c00119829a0fe vn="Win32/TopMedia.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\Local Settings\temp\PromoEngineInstaller\chutil.dll"
sh=D066EBB6415B578F8AC82B1229E3AFC2B240616A ft=1 fh=fb0ef17255335788 vn="Win32/InstalleRex.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\My Documents\Downloads\DownloadSetup.exe"
sh=525EB01389C7DA0FDED058BCA3B0A73271E4A700 ft=1 fh=e7e3e19f10c5d52e vn="Win32/TopMedia.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\My Documents\Downloads\Fifty_Shades_of_Grey_(Trilogy)_secure.exe"
sh=0F2E6C7843F638F30D83249810ECCC5C20043813 ft=0 fh=0000000000000000 vn="Win32/TopMedia.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\My Documents\Downloads\Fifty_Shades_of_Grey_(Trilogy)_secure.rar"
sh=364B9EB44369103306244AEC8AF481049D9D8EFE ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\My Documents\Downloads\K111_ukx.zip"
sh=EA8FDEF00FA9E25122D38D6EC6D08927E1359BDC ft=1 fh=28cdac77872481c1 vn="a variant of Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Shop PC\My Documents\Downloads\WECPSetup.exe"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Shop PC\Local Settings\temp\tbedrs.dll.xBAD"
sh=546E8A982A56E3BCE62FF261E009EB1D155F6595 ft=1 fh=34e04396e1b1fa5c vn="a variant of Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Shop PC\Local Settings\temp\utt1887.tmp.exe.xBAD"
sh=C415AD8F65376C3350A7FE0B22B0A42B1B12CD60 ft=1 fh=918ec4f9ed0138e3 vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1312159197-1323100510-687155563-1006\Dc3.exe"
sh=5CC269CFAB70E22DE457220F5574ABA4B83FC90D ft=1 fh=294fad4d5076a175 vn="Win32/Adware.1ClickDownload.G application (cleaned by deleting - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1312159197-1323100510-687155563-1006\Dc4.exe"


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 19 May 2014 - 02:18 PM

Greetings,

ESET did a good job.

Please do this one last update.

===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Firefox update properly?
  • Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 rrold1

rrold1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 19 May 2014 - 02:43 PM

FireFox updated. This computer seems fine and its unbelievable what an incredible service that you provide here.

 

I do have another computer that is acting a bit odd and have to wonder if it was infected by something as well.. It would lock on boot up until I disabled Webclient in the configuration. Can you help with that as well? I know that there are many others waiting and would be happy to get back in line.

 

In any case, thank you so much!

 

Steve



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 PM

Posted 19 May 2014 - 05:43 PM

Hi Steve,

It sounds like you already understand there are numerous people who are in line and waiting for assistance. Between that and the fact only one computer is dealt with on a post I am afraid I must ask you to start another topic.

Having said that, now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users