Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan detected by Vipre


  • This topic is locked This topic is locked
18 replies to this topic

#1 mdg1907

mdg1907

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 24 June 2014 - 03:23 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_45
Run by Janine at 16:06:54 on 2014-06-24
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\VIPRE\SBPIMSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlagent.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\Program Files\Max Spyware Detector\MaxMerger.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.refdesk.com/
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - c:\program files\vipre\VSGN.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\vipre\VSGN.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\vipre\VSGN.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SBAMTray] "c:\program files\vipre\SBAMTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SDActiveMonitor] "c:\program files\max spyware detector\MaxSDTray.exe" -AUTO
mRun: [SDAutoScan] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256041657265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pc.mywebexpc.com/client/v_mywebex-pcnow/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{9FC90CC3-A2D5-4418-A04F-422274F5F9CF} : NameServer = 151.197.0.38,199.45.32.38
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files\vipre\VSGN.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\janine\application data\mozilla\firefox\profiles\t6njqeyz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.refdesk.com/
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\janine\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FMAuditOnsite;FMAudit Onsite
R? gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service
R? gfiark;gfiark
R? gfiutil;gfiutil
R? SBAMSvc;VIPRE Internet Security
R? SBFWIMCL;GFI Software Firewall NDIS IM Filter Service
R? sbhips;sbhips
R? SBRE;SBRE
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? 004;004
S? atnthost;WebEx Remote Access Agent
S? IHA_MessageCenter;IHA_MessageCenter
S? MaxMerger;MaxMerger
S? MaxMgr;MaxMgr
S? MaxProtector32;MaxProtector32
S? MaxTdss;MaxTdss
S? MaxWatchDogService;MaxWatchDogService
S? MSSQL$FMS;MSSQL$FMS
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? sbaphd;sbaphd
S? sbapifs;sbapifs
S? SbFw;SbFw
S? SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport
S? SBPIMSvc;SB Recovery Service
S? sbtis;sbtis
S? SDActMon;SDActMon
S? SQLAgent$FMS;SQLAgent$FMS
.
=============== Created Last 30 ================
.
2014-06-24 17:38:44 -------- d-----w- c:\documents and settings\janine\local settings\application data\Adobe
2014-06-24 15:40:51 -------- d-----w- C:\MaxAVLiveUpdate
2014-06-24 13:58:09 117248 ----a-w- c:\windows\system32\MaxNative.exe
2014-06-24 13:57:39 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys
2014-06-24 13:57:39 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys
2014-06-24 13:57:39 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys
2014-06-24 13:57:36 -------- d-----w- c:\program files\Max Spyware Detector
2014-06-24 13:57:34 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys
2014-06-24 13:57:34 69432 ----a-w- c:\windows\system32\drivers\MaxMgr.sys
2014-06-24 13:57:34 23008 ----a-w- c:\windows\system32\drivers\MaxTdss.sys
2014-06-24 13:57:34 13280 ----a-w- c:\windows\system32\drivers\004.sys
2014-06-24 13:57:34 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys
2014-06-24 13:56:00 -------- d-----w- c:\documents and settings\all users\application data\Max Secure
2014-06-24 13:43:05 -------- d-----w- c:\documents and settings\janine\local settings\application data\Max SecurDDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_45
Run by Janine at 16:06:54 on 2014-06-24
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
C:\WINDOWS\DOWNLO~1\MyWebEx\319\RAAGTAPP.EXE
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\VIPRE\SBPIMSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlagent.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Max Spyware Detector\MaxDBServer.exe
C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
C:\Program Files\Max Spyware Detector\MaxMerger.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.refdesk.com/
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: VIPRE Search Guard Helper: {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - c:\program files\vipre\VSGN.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\vipre\VSGN.dll
TB: VIPRE Search Guard Toolbar: {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - c:\program files\vipre\VSGN.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [SBAMTray] "c:\program files\vipre\SBAMTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SDActiveMonitor] "c:\program files\max spyware detector\MaxSDTray.exe" -AUTO
mRun: [SDAutoScan] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256041657265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pc.mywebexpc.com/client/v_mywebex-pcnow/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{9FC90CC3-A2D5-4418-A04F-422274F5F9CF} : NameServer = 151.197.0.38,199.45.32.38
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files\vipre\VSGN.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\janine\application data\mozilla\firefox\profiles\t6njqeyz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.refdesk.com/
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\janine\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\npMSDM.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FMAuditOnsite;FMAudit Onsite
R? gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service
R? gfiark;gfiark
R? gfiutil;gfiutil
R? SBAMSvc;VIPRE Internet Security
R? SBFWIMCL;GFI Software Firewall NDIS IM Filter Service
R? sbhips;sbhips
R? SBRE;SBRE
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? 004;004
S? atnthost;WebEx Remote Access Agent
S? IHA_MessageCenter;IHA_MessageCenter
S? MaxMerger;MaxMerger
S? MaxMgr;MaxMgr
S? MaxProtector32;MaxProtector32
S? MaxTdss;MaxTdss
S? MaxWatchDogService;MaxWatchDogService
S? MSSQL$FMS;MSSQL$FMS
S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service
S? sbaphd;sbaphd
S? sbapifs;sbapifs
S? SbFw;SbFw
S? SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport
S? SBPIMSvc;SB Recovery Service
S? sbtis;sbtis
S? SDActMon;SDActMon
S? SQLAgent$FMS;SQLAgent$FMS
.
=============== Created Last 30 ================
.
2014-06-24 17:38:44 -------- d-----w- c:\documents and settings\janine\local settings\application data\Adobe
2014-06-24 15:40:51 -------- d-----w- C:\MaxAVLiveUpdate
2014-06-24 13:58:09 117248 ----a-w- c:\windows\system32\MaxNative.exe
2014-06-24 13:57:39 77792 ----a-w- c:\windows\system32\drivers\MaxProtector64.sys
2014-06-24 13:57:39 74208 ----a-w- c:\windows\system32\drivers\SDActMon2K.sys
2014-06-24 13:57:39 68576 ----a-w- c:\windows\system32\drivers\MaxProc64.sys
2014-06-24 13:57:36 -------- d-----w- c:\program files\Max Spyware Detector
2014-06-24 13:57:34 85984 ----a-w- c:\windows\system32\drivers\MaxProtector32.sys
2014-06-24 13:57:34 69432 ----a-w- c:\windows\system32\drivers\MaxMgr.sys
2014-06-24 13:57:34 23008 ----a-w- c:\windows\system32\drivers\MaxTdss.sys
2014-06-24 13:57:34 13280 ----a-w- c:\windows\system32\drivers\004.sys
2014-06-24 13:57:34 123360 ----a-w- c:\windows\system32\drivers\SDActMon.sys
2014-06-24 13:56:00 -------- d-----w- c:\documents and settings\all users\application data\Max Secure
2014-06-24 13:43:05 -------- d-----w- c:\documents and settings\janine\local settings\application data\Max Secure Software
2014-06-24 13:42:32 -------- d-----w- c:\documents and settings\janine\application data\GetRightToGo
2014-06-15 14:57:37 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-06-13 13:19:38 -------- d-----w- c:\program files\ODT Viewer
2014-05-28 18:34:02 -------- d-----w- c:\documents and settings\janine\application data\VERIZON
2014-05-27 14:46:51 -------- d-sh--w- C:\found.001
.
==================== Find3M  ====================
.
2014-06-23 19:05:32 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-18 16:58:58 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 16:58:58 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 11:26:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-05 17:14:14 59 ----a-w- c:\windows\wpd99.drv
2014-04-30 18:38:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 16:08:12.57 ===============
 
e Software
2014-06-24 13:42:32 -------- d-----w- c:\documents and settings\janine\application data\GetRightToGo
2014-06-15 14:57:37 46704 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-06-13 13:19:38 -------- d-----w- c:\program files\ODT Viewer
2014-05-28 18:34:02 -------- d-----w- c:\documents and settings\janine\application data\VERIZON
2014-05-27 14:46:51 -------- d-sh--w- C:\found.001
.
==================== Find3M  ====================
.
2014-06-23 19:05:32 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-18 16:58:58 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-18 16:58:58 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 11:26:02 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 11:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-05 17:14:14 59 ----a-w- c:\windows\wpd99.drv
2014-04-30 18:38:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 16:08:12.57 ===============
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 PM

Posted 29 June 2014 - 03:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538867 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 04 July 2014 - 12:17 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi mdg1907,
 
Sorry about such a long delay, we get very busy sometimes.
 
What was the name of the detection by Vipre?
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 07 July 2014 - 11:13 AM

Hi mdg1907,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 mdg1907

mdg1907
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 07 July 2014 - 01:08 PM

Hello I have been away for a few days I still need help! I will try to get back to you with this either late day or tomorrow

 

Thanks



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 07 July 2014 - 01:10 PM

Hi mdg1907,

 

Thank you for letting me know, that is fine.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 10 July 2014 - 10:50 AM

Hi mdg1907,
 
How are you getting on with these steps? Any problems?
 
xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 mdg1907

mdg1907
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 10 July 2014 - 03:37 PM

Having trouble with copy and paste I believe as a result of the Trojan I have attached files which I hope you are able to work with - please let me know

Thanks

Mike

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-07-2014
Ran by Janine (administrator) on FRONTOFFICE on 10-07-2014 16:16:33
Running from C:\Documents and Settings\Janine\My Documents\Downloads
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(WebEx Communications, Inc.) C:\WINDOWS\DOWNLO~1\MyWebEx\319\atnthost.exe
() C:\WINDOWS\DOWNLO~1\MyWebEx\319\raagtapp.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxMerger.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlservr.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxActMon.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxDBServer.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(ThreatTrack Security, Inc.) C:\Program Files\VIPRE\SBPIMSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlagent.EXE
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(SHARP CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
(Musicmatch, Inc.) C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxSDTray.exe
(Max Secure Software) C:\Program Files\Max Spyware Detector\MaxUSBProc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Janine\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-03-29] (ATI Technologies, Inc.)
HKLM\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1831936 2007-05-17] (Google)
HKLM\...\Run: [mmtask] => C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [53248 2006-01-17] (Musicmatch Inc.)
HKLM\...\Run: [SN0XRCV] => C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe [102400 2006-10-23] (SHARP CORPORATION)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MMTray] => C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [135168 2006-01-17] (Musicmatch, Inc.)
HKLM\...\Run: [SBAMTray] => C:\Program Files\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-02-16] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SDActiveMonitor] => C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1091552 2014-05-14] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] => [X]
HKLM\...\Run: [MaxUSBProc] => C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [447968 2014-05-14] (Max Secure Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3708081216-4292330508-3426232972-1007\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-06] (Google Inc.)
HKU\S-1-5-21-3708081216-4292330508-3426232972-1007\...\MountPoints2: {6f8f3a28-e5b2-11e3-b4d8-00123f9b0ae7} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3708081216-4292330508-3426232972-1007\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [144896 2007-05-17] (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
ShortcutTarget: Service Manager.lnk -> C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Michael Looney\Start Menu\Programs\Startup\LaunchU3.exe.lnk
ShortcutTarget: LaunchU3.exe.lnk -> C:\Documents and Settings\Michael Looney\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} -  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files\VIPRE\VSGN.dll ()
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files\VIPRE\VSGN.dll ()
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pc.mywebexpc.com/client/v_mywebex-pcnow/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files\VIPRE\VSGN.dll ()
Tcpip\..\Interfaces\{9FC90CC3-A2D5-4418-A04F-422274F5F9CF}: [NameServer]151.197.0.38,199.45.32.38
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Janine\Application Data\Mozilla\Firefox\Profiles\t6njqeyz.default
FF Homepage: hxxp://www.refdesk.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Janine\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-05-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} [2014-05-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-10]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-02-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2014-03-26]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Documents and Settings\Janine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Janine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Janine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Janine\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
========================== Services (Whitelisted) =================
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 atnthost; C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atnthost.exe [21896 2010-07-24] (WebEx Communications, Inc.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
S2 FMAuditOnsite; C:\Program Files\FMAuditOnsite\fmaonsite.exe [64512 2014-05-20] (ECi FMAudit)
S2 gfi_lanss11_attservice; C:\Program Files\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1831936 2007-05-17] (Google)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [158128 2014-03-26] (Sun Microsystems, Inc.)
R2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307168 2014-05-14] (Max Secure Software)
R2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [653280 2014-05-14] (Max Secure Software)
R2 MSSQL$FMS; C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 SBAMSvc; C:\Program Files\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 SQLAgent$FMS; C:\Program Files\Microsoft SQL Server\MSSQL$FMS\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 004; C:\WINDOWS\System32\drivers\004.sys [13280 2014-05-14] (Max Secure Software)
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\WINDOWS\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R0 MaxMgr; C:\WINDOWS\System32\drivers\MaxMgr.sys [69432 2014-05-14] (Max Secure Software)
R1 MaxProtector32; C:\WINDOWS\System32\drivers\MaxProtector32.sys [85984 2014-05-14] (Max Secure Software)
R0 MaxTdss; C:\WINDOWS\System32\drivers\MaxTdss.sys [23008 2014-05-14] (Max Secure Software)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R1 sbaphd; C:\WINDOWS\System32\drivers\sbaphd.sys [24032 2013-06-18] (ThreatTrack Security, Inc.)
R2 sbapifs; C:\WINDOWS\System32\drivers\sbapifs.sys [70888 2013-06-18] (ThreatTrack Security, Inc.)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [339152 2013-07-04] (GFI Software)
S3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [96288 2012-09-24] (GFI Software)
R3 SBFWIMCLMP; C:\WINDOWS\System32\DRIVERS\SBFWIM.sys [96288 2012-09-24] (GFI Software)
S3 sbhips; C:\WINDOWS\System32\drivers\sbhips.sys [96720 2013-07-04] (GFI Software)
R1 sbtis; C:\WINDOWS\System32\drivers\sbtis.sys [224336 2013-07-04] (GFI Software)
R0 SDActMon; C:\WINDOWS\System32\drivers\SDActMon.sys [123360 2014-05-14] (Max Secure Software)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [180096 2005-03-31] (SigmaTel, Inc.)
S2 RPSKT; system32\DRIVERS\rp_skt32.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-10 16:13 - 2014-07-10 16:16 - 00000000 ____D () C:\FRST
2014-06-25 08:56 - 2014-06-25 08:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp
2014-06-24 16:19 - 2014-06-24 16:19 - 00003927 _____ () C:\Documents and Settings\Janine\Desktop\attach.zip
2014-06-24 16:08 - 2014-06-24 16:08 - 00021205 _____ () C:\Documents and Settings\Janine\Desktop\attach.txt
2014-06-24 16:08 - 2014-06-24 16:08 - 00012852 _____ () C:\Documents and Settings\Janine\Desktop\dds.txt
2014-06-24 15:32 - 2014-06-30 11:56 - 01371412 __RSH () C:\SdHeuristic.txt
2014-06-24 13:39 - 2014-06-24 13:39 - 00000000 ____D () C:\Documents and Settings\Janine\Desktop\New Folder
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Application Data\Adobe
2014-06-24 11:40 - 2014-07-08 11:40 - 00000000 ____D () C:\MaxAVLiveUpdate
2014-06-24 10:22 - 2014-06-24 10:22 - 00009331 ____H () C:\SysSD.db
2014-06-24 09:58 - 2014-06-24 09:58 - 00001655 _____ () C:\Documents and Settings\All Users\Desktop\Max Spyware Detector.lnk
2014-06-24 09:58 - 2014-06-24 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Max Spyware Detector
2014-06-24 09:58 - 2014-05-10 16:07 - 00117248 _____ () C:\WINDOWS\system32\MaxNative.exe
2014-06-24 09:58 - 2004-08-04 06:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.backup
2014-06-24 09:57 - 2014-07-10 16:03 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-06-24 09:57 - 2014-05-14 11:36 - 00123360 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\SDActMon.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00085984 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\MaxProtector32.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00077792 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\MaxProtector64.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00074208 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\SDActMon2K.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00069432 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\MaxMgr.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00068576 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\MaxProc64.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00023008 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\MaxTdss.sys
2014-06-24 09:57 - 2014-05-14 11:36 - 00013280 _____ (Max Secure Software) C:\WINDOWS\system32\Drivers\004.sys
2014-06-24 09:56 - 2014-06-24 09:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Max Secure
2014-06-24 09:54 - 2014-06-24 09:55 - 194836200 _____ (Max Secure Software ) C:\Documents and Settings\Janine\Desktop\MaxSpywaredetector.exe
2014-06-24 09:43 - 2014-06-24 09:43 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Application Data\Max Secure Software
2014-06-24 09:42 - 2014-06-24 09:43 - 00000000 ____D () C:\Documents and Settings\Janine\Application Data\GetRightToGo
2014-06-23 13:50 - 2014-06-23 13:50 - 00000000 ____D () C:\Documents and Settings\Michael Looney.FRONTOFFICE\Local Settings\Application Data\Google
2014-06-23 13:31 - 2014-06-23 13:30 - 00090112 _____ () C:\WINDOWS\Minidump\Mini062314-01.dmp
2014-06-13 10:34 - 2014-06-13 10:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061314-01.dmp
2014-06-13 09:19 - 2014-06-13 09:19 - 00000645 _____ () C:\Documents and Settings\All Users\Desktop\ODT Viewer.lnk
2014-06-13 09:19 - 2014-06-13 09:19 - 00000000 ____D () C:\Program Files\ODT Viewer
2014-06-13 09:19 - 2014-06-13 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ODT Viewer
2014-06-11 14:09 - 2014-06-11 14:09 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061114-01.dmp
2014-06-10 16:37 - 2014-06-10 18:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-10 16:37 - 2014-06-10 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
2014-07-10 16:17 - 2012-12-13 17:23 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Temp
2014-07-10 16:16 - 2014-07-10 16:13 - 00000000 ____D () C:\FRST
2014-07-10 16:03 - 2014-06-24 09:57 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2014-07-10 15:59 - 2004-08-11 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-10 15:57 - 2004-08-11 18:13 - 02019937 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-10 15:52 - 2012-12-13 17:23 - 00000278 ___SH () C:\Documents and Settings\Janine\ntuser.ini
2014-07-10 15:23 - 2005-09-17 16:13 - 00002372 _____ () C:\WINDOWS\ODBC.INI
2014-07-08 11:40 - 2014-06-24 11:40 - 00000000 ____D () C:\MaxAVLiveUpdate
2014-06-30 11:56 - 2014-06-24 15:32 - 01371412 __RSH () C:\SdHeuristic.txt
2014-06-27 10:30 - 2005-09-26 11:31 - 00000000 ____D () C:\Documents and Settings\Michael Looney\Local Settings\Temp
2014-06-25 08:56 - 2014-06-25 08:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp
2014-06-25 08:56 - 2008-10-31 11:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-24 16:19 - 2014-06-24 16:19 - 00003927 _____ () C:\Documents and Settings\Janine\Desktop\attach.zip
2014-06-24 16:08 - 2014-06-24 16:08 - 00021205 _____ () C:\Documents and Settings\Janine\Desktop\attach.txt
2014-06-24 16:08 - 2014-06-24 16:08 - 00012852 _____ () C:\Documents and Settings\Janine\Desktop\dds.txt
2014-06-24 16:03 - 2012-12-14 16:55 - 00031472 _____ () C:\Documents and Settings\Janine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-24 13:39 - 2014-06-24 13:39 - 00000000 ____D () C:\Documents and Settings\Janine\Desktop\New Folder
2014-06-24 13:38 - 2014-06-24 13:38 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Application Data\Adobe
2014-06-24 10:28 - 2004-08-11 18:06 - 00163528 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-24 10:22 - 2014-06-24 10:22 - 00009331 ____H () C:\SysSD.db
2014-06-24 09:58 - 2014-06-24 09:58 - 00001655 _____ () C:\Documents and Settings\All Users\Desktop\Max Spyware Detector.lnk
2014-06-24 09:58 - 2014-06-24 09:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Max Spyware Detector
2014-06-24 09:57 - 2014-06-24 09:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Max Secure
2014-06-24 09:55 - 2014-06-24 09:54 - 194836200 _____ (Max Secure Software ) C:\Documents and Settings\Janine\Desktop\MaxSpywaredetector.exe
2014-06-24 09:43 - 2014-06-24 09:43 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Application Data\Max Secure Software
2014-06-24 09:43 - 2014-06-24 09:42 - 00000000 ____D () C:\Documents and Settings\Janine\Application Data\GetRightToGo
2014-06-23 15:05 - 2014-02-07 10:15 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-06-23 13:56 - 2004-08-11 18:20 - 00032604 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-23 13:56 - 2004-08-11 18:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-23 13:55 - 2012-12-13 17:23 - 00000000 ____D () C:\Documents and Settings\Janine
2014-06-23 13:54 - 2012-12-13 17:28 - 00000424 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{D1D59B01-ADD4-4DAA-A351-81DBAC94467E}.job
2014-06-23 13:53 - 2014-03-13 09:07 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-23 13:53 - 2012-10-26 09:21 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 13:53 - 2012-09-27 13:36 - 00000448 _____ () C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Michael Looney.job
2014-06-23 13:53 - 2012-06-14 10:10 - 00000296 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3708081216-4292330508-3426232972-1006.job
2014-06-23 13:51 - 2012-12-12 21:02 - 00000178 ___SH () C:\Documents and Settings\Michael Looney.FRONTOFFICE\ntuser.ini
2014-06-23 13:50 - 2014-06-23 13:50 - 00000000 ____D () C:\Documents and Settings\Michael Looney.FRONTOFFICE\Local Settings\Application Data\Google
2014-06-23 13:50 - 2012-12-12 21:02 - 00000000 ____D () C:\Documents and Settings\Michael Looney.FRONTOFFICE\Local Settings\Temp
2014-06-23 13:30 - 2014-06-23 13:31 - 00090112 _____ () C:\WINDOWS\Minidump\Mini062314-01.dmp
2014-06-22 19:10 - 2012-04-12 09:40 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-22 19:00 - 2013-03-18 11:37 - 00000306 _____ () C:\WINDOWS\Tasks\Onsite_Watchdog.job
2014-06-22 18:24 - 2012-10-26 09:22 - 00000902 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 18:16 - 2014-05-02 15:15 - 00000516 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3708081216-4292330508-3426232972-1007.job
2014-06-22 14:02 - 2012-09-27 13:36 - 00000438 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateXML_Michael Looney.job
2014-06-22 00:57 - 2012-09-27 13:36 - 00000442 _____ () C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Michael Looney.job
2014-06-18 12:58 - 2012-04-12 09:40 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-18 12:58 - 2011-06-07 08:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-16 16:55 - 2014-02-16 11:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-16 11:37 - 2011-05-12 12:53 - 00000000 ____D () C:\Program Files\FMAuditOnsite
2014-06-15 10:57 - 2014-05-12 10:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-15 10:57 - 2014-02-16 11:10 - 00000730 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-15 10:57 - 2014-02-16 11:10 - 00000724 _____ () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2014-06-15 10:57 - 2014-02-16 11:09 - 00000000 ____D () C:\WINDOWS\Patches
2014-06-13 16:40 - 2014-01-27 10:23 - 132072448 _____ () C:\Documents and Settings\Janine\My Documents\Outlook archive 012714.pst
2014-06-13 10:34 - 2014-06-13 10:34 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061314-01.dmp
2014-06-13 10:30 - 2011-02-28 13:14 - 00000000 ____D () C:\scans
2014-06-13 09:19 - 2014-06-13 09:19 - 00000645 _____ () C:\Documents and Settings\All Users\Desktop\ODT Viewer.lnk
2014-06-13 09:19 - 2014-06-13 09:19 - 00000000 ____D () C:\Program Files\ODT Viewer
2014-06-13 09:19 - 2014-06-13 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ODT Viewer
2014-06-12 10:10 - 2012-06-14 10:10 - 00000304 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3708081216-4292330508-3426232972-1006.job
2014-06-12 03:06 - 2013-08-14 03:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-12 03:00 - 2005-10-04 09:09 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-11 14:15 - 2010-08-27 23:50 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-11 14:09 - 2014-06-11 14:09 - 00090112 _____ () C:\WINDOWS\Minidump\Mini061114-01.dmp
2014-06-10 18:22 - 2014-06-10 16:37 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-10 16:40 - 2012-12-13 17:27 - 00000000 ____D () C:\Documents and Settings\Janine\Local Settings\Application Data\Google
2014-06-10 16:37 - 2014-06-10 16:37 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2014-06-10 16:35 - 2006-04-18 08:14 - 00000000 ____D () C:\Program Files\Google
2014-06-10 16:10 - 2004-08-11 18:09 - 00000430 _____ () C:\WINDOWS\wiadebug.log
 
Files to move or delete:
====================
C:\Documents and Settings\Janine\g2ax_customer_downloadhelper_win32_x86.exe
C:\Documents and Settings\Michael Looney\atwbxdet.dll
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Michael Looney\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\dotnetfx.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\FMS_Standalone.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\mssinstaller.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\setup.exe
C:\Documents and Settings\Michael Looney\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Michael Looney\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\Documents and Settings\Michael Looney.FRONTOFFICE\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-07-2014
Ran by Janine at 2014-07-10 16:19:30
Running from C:\Documents and Settings\Janine\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5145 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.122-050329a-023511C-Dell - )
CheckIt Diagnostics (HKLM\...\{4B9B1B84-FEC0-46D5-BDB9-832565779422}) (Version: 7.1.4.28 - Smith Micro Software, Inc.)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Color Network ScanGear Ver.2.61 (HKLM\...\{F1658760-1173-4D65-B709-A0591C104AE1}) (Version: 2.61.0000 - CANON INC.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Crystal Reports XI for Deltek (HKLM\...\{7505DE9C-4E85-4636-82F0-50F38077B900}) (Version: 11.0.0.89527 - Business Objects)
DbaMgr2k (HKLM\...\DbaMGR2k_is1) (Version: 0.10.0 - Insulin Power)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3062 - Dell)
Deltek Financial Management System Standalone (HKLM\...\{9FB8B8CE-3D44-4A0F-9508-889A318E5E80}) (Version: 11.0.02 - Deltek Systems, Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E (HKLM\...\{EE09EF7A-9E8C-4DCC-A615-CFFA8393E31E}) (Version:  - )
F19131BB-1B2F-46D8-840B-9A619DBAF5B5 (HKLM\...\{F19131BB-1B2F-46D8-840B-9A619DBAF5B5}) (Version:  - )
Fiery Remote Scan 5.1.4.0 (HKLM\...\{35C30793-32F4-11D6-A043-00E081105A80}) (Version:  - )
FMAudit Onsite (HKLM\...\FMAuditOnsite) (Version: 2.5 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKCU\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
IHA_MessageCenter (HKLM\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Intel® PRO Network Connections Software v9.2.4.11 (HKLM\...\PROSetDX) (Version:  - )
Intel® PROSafe for Wired Connections (Version: 8.00.0005 - Intel) Hidden
Intel® PROSafe for Wired Connections (Version: 99.99.9999 - Intel) Hidden
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Macromedia Flash Player (HKLM\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Max Spyware Detector (HKLM\...\Max Spyware Detector) (Version: 19.0.2.045 - Max Secure Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Download Manager (HKLM\...\{654977DB-0001-0002-0001-EABD228DDE8B}) (Version: 1.2.1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}) (Version: 8.0.6362.114 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (FMS) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Foxpro 9 Runtime (Version: 09.00.0000.2412 - Wind2 Software, Inc.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
MyWay Search Assistant (HKLM\...\{E7559288-223B-453C-9F06-340E3BE21E39}) (Version: 1.0.1 - MyWay)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
ODT Viewer version 1.0 (HKLM\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PCNow Mobile Access (Version: 1.4.273 - Webex) Hidden
Pdf995 (HKLM\...\Pdf995) (Version:  - )
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Qualxserve Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell)
QuickBooks Simple Start Special Edition (HKLM\...\{14374619-0900-4056-BA06-C87C900AF9E6}) (Version:  - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPS CRT (Version: 7.0.25 - Verizon) Hidden
RPS CRT (Version: 8.0.27 - Verizon) Hidden
SHARP MX/DX Series PC-Fax Driver (HKLM\...\SHARP MX-2300 2700 3500 4500 Series PC-Fax Driver) (Version: 1.00.000 - SHARP)
SHARP MX/DX Series PCL/PS Printer Driver (HKLM\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Symantec Technical Support Web Controls (HKLM\...\{9743AF47-B746-4324-B4C4-512E67D04370}) (Version: 3.5.1 - Symantec Corporation)
U3Launcher (HKLM\...\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}) (Version: 1.0.0 - U3)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Verizon Online (HKLM\...\{25EF00BE-F17B-11D6-88EA-000476CD2443}) (Version:  - )
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VIPRE Internet Security (HKLM\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version:  - )
WebEx PCNow (HKLM\...\MyWebExPC) (Version:  - WebEx Communications, Inc)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 10 (Version: 9.00.3636 - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2004-08-11 18:00 - 2013-01-03 10:47 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3708081216-4292330508-3426232972-1007.job => C:\Program Files\Citrix\GoToMeeting\1440\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Onsite_Watchdog.job => ?
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3708081216-4292330508-3426232972-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3708081216-4292330508-3426232972-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Michael Looney.job => C:\Documents and Settings\Michael Looney\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_Michael Looney.job => C:\Documents and Settings\Michael Looney\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Michael Looney.job => C:\Documents and Settings\Michael Looney\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D1D59B01-ADD4-4DAA-A351-81DBAC94467E}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-12-18 17:27 - 2010-07-24 13:30 - 00152960 _____ () C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagtapp.exe
2009-12-18 17:27 - 2010-07-24 13:30 - 00192579 _____ () C:\WINDOWS\Downloaded Program Files\MyWebEx\319\raagt.dll
2009-12-18 17:28 - 2010-07-24 13:30 - 00757829 _____ () C:\WINDOWS\Downloaded Program Files\MyWebEx\319\ramtmgr.dll
2009-12-18 17:27 - 2009-12-18 17:27 - 02211840 _____ () C:\WINDOWS\Downloaded Program Files\MyWebEx\319\atres.dll
2009-12-18 17:28 - 2009-12-18 17:28 - 00364544 _____ () C:\WINDOWS\Downloaded Program Files\MyWebEx\319\mvc.dll
2014-06-24 09:58 - 2014-06-02 17:50 - 00015840 _____ () C:\Program Files\Max Spyware Detector\RansomPatternScan.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files\VIPRE\unrar.dll
2005-09-17 16:17 - 2006-01-17 14:03 - 00438272 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CoreDll.dll
2005-09-17 16:17 - 2006-01-17 14:03 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\TrackUtils.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-11 18:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-11 18:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-06-10 18:22 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-10 18:22 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-10 18:22 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-10 18:22 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: MMTray => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp => stsystra.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/10/2014 04:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 10.7.2014.0, faulting module frst.exe, version 10.7.2014.0, fault address 0x0001f3fb.
Processing media-specific event for [frst.exe!ws!]
 
Error: (07/10/2014 03:57:33 PM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/10/2014 00:42:20 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: Open of service failed.
 
Error: (07/10/2014 10:32:37 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/09/2014 01:37:21 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: Open of service failed.
 
Error: (07/09/2014 11:28:59 AM) (Source: SQLAgent$FMS) (EventID: 103) (User: )
Description: SQLServerAgent could not be started (reason: Unable to connect to server 'FRONTOFFICE\FMS'; SQLServerAgent cannot start).
 
Error: (07/09/2014 11:27:40 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/08/2014 00:41:46 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: Open of service failed.
 
Error: (07/08/2014 10:31:46 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/02/2014 00:23:59 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: Open of service failed.
 
 
System errors:
=============
Error: (06/24/2014 00:14:56 PM) (Source: 0) (EventID: 55) (User: )
Description: F:
 
Error: (06/23/2014 02:59:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/23/2014 01:59:00 PM) (Source: DCOM) (EventID: 10005) (User: FRONTOFFICE)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (06/23/2014 01:58:48 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/23/2014 01:58:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
sbaphd
SbFw
SBRE
sbtis
Tcpip
 
Error: (06/23/2014 01:58:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31
 
Error: (06/23/2014 01:58:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
%%31
 
Error: (06/23/2014 01:58:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31
 
Error: (06/23/2014 01:58:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
%%31
 
Error: (06/23/2014 01:55:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (07/10/2014 04:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe10.7.2014.0frst.exe10.7.2014.00001f3fb
 
Error: (07/10/2014 03:57:33 PM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/10/2014 00:42:20 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: 
 
Error: (07/10/2014 10:32:37 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/09/2014 01:37:21 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: 
 
Error: (07/09/2014 11:28:59 AM) (Source: SQLAgent$FMS) (EventID: 103) (User: )
Description: Unable to connect to server 'FRONTOFFICE\FMS'; SQLServerAgent cannot start
 
Error: (07/09/2014 11:27:40 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/08/2014 00:41:46 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: 
 
Error: (07/08/2014 10:31:46 AM) (Source: FMAuditOnsite) (EventID: 0) (User: )
Description: Service cannot be started. System.TypeInitializationException: The type initializer for 'Fmao.Common.xd04bc2d7548bd85e' threw an exception. ---> System.InvalidOperationException: The .Net Framework Data Providers require Microsoft Data Access Components(MDAC).  Please install Microsoft Data Access Components(MDAC) version 2.6 or later. ---> System.Runtime.InteropServices.COMException (0x800706BA): The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)
   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activ...
 
Error: (07/02/2014 00:23:59 PM) (Source: WmiAdapter) (EventID: 4099) (User: BUILTIN)
Description: 
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 22%
Total physical RAM: 3710.07 MB
Available physical RAM: 2858.14 MB
Total Pagefile: 4313.4 MB
Available Pagefile: 3630.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:145.6 GB) (Free:73.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 11 July 2014 - 12:06 PM.
Posted logs for ease


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 12 July 2014 - 12:07 PM

Hi mdg1907,
 
What was the name of the detection by Vipre?
 
We need to remove a program using "Add/Remove Programs"

  • Click "Start" on the taskbar and then click on the "Control Panel" icon.
  • Please double-click the "Add or Remove Programs" icon.
  • A list of programs installed will be "populated" (this may take a bit of time).
  • If they exist, uninstall the following by clicking on the below entries and selecting "Remove":
MyWay Search Assistant
  • Additional instructions can be found here if needed.

--------------
 
We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss.*
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 mdg1907

mdg1907
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 14 July 2014 - 07:14 AM

MyWay Search Assistant could not be removed.  Error:  "Windows Installer Service could not be accessed"

 

Unable to copy & paste files.  Search.txt file attached

Attached Files



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 14 July 2014 - 10:39 AM

Hi mdg1907,
 
Does copy and paste work on places other than this website?
 
--------------
 
We need to remove some programs with Revo Uninstaller Free:
 
Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
MyWay Search Assistant
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------

 

Slight mistake with this last time, so please do this for me: 

 

We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: rpcss*
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Search.txt

xXToffeeXx~


Edited by xXToffeeXx, 14 July 2014 - 10:40 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 mdg1907

mdg1907
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 14 July 2014 - 03:29 PM

copy and paste is disabled completely.  also running applications are not shown on task bar.  

Attached Files



#13 mdg1907

mdg1907
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:09 PM

Posted 14 July 2014 - 03:40 PM

Uninstaller appears to have worked



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 15 July 2014 - 11:50 AM

Hi mdg1907,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [SDAutoScan] => [X]
HKU\S-1-5-21-3708081216-4292330508-3426232972-1007\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dll ATTENTION! ====> ZeroAccess?
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Running Windows Repair All in One:

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.(Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Download Windows Repair (All in One) and save it to your desktop
  • Double click the icon and select Run
  • Continually click Next, then Finish
  • Note: If you are unable to complete one of the steps simply continue on with the next step
  • Go to Step 3 and allow it to run See if Check Disk is Needed by clicking on the Check button:
  • If your see Errors Found On The Drive! Check Disk Is Needed click Do It in the Check Disk (If Needed) box
  • Go to Step 4 and click Do It under System File Check
  • Go to Step 5 and click Create under System Restore, then Backup under Registry Backup
  • Go to Start Repairs tab and click Start button.
  • Please make sure the following items are checked

Reset Registry Permissions
Reset File Permissions
Reset Service Permissions
Register System Files
Remove Policies Set By Infections
Repair Icons
Remove Temp Files
Unhide Non System Files
Repar MSI (Windows Installer)
Repair File Associations
Repair Windows Safe Mode
Restore Important Windows Services
Set Windows Services To Default Startup

  • Click on box next to the Restart/Shutdown System when Finished
  • Click on Restart System
  • Click on Start
  • Your computer will reboot upon completion
  • Using Windows Explorer navigate to the following file

C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

  • Copy and paste (or attach if necessary) the contents of the log in your reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Windows Repair log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:09 AM

Posted 18 July 2014 - 10:31 AM

Hi mdg1907,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users