Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All downloaded files error saying there is a virus found via Windows Defender


  • This topic is locked This topic is locked
6 replies to this topic

#1 Wolfe_671

Wolfe_671

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 27 June 2014 - 09:10 PM

Hi,

 

Issues - I can't get sfc /scannow to fix Windows Defender (errors at 96% saying "Windows Resource Protection could not perform the requested operation." and when I try to run it - c:\program files\windows defender (specified path does not exist - MSASCui.exe)

 

I also have the issue that when I try to download any file from the Internet I get an error from Windows Defender (I believe) that says the file is infected with a virus and was deleted.

 

I had McAfee loaded on the machine, with a yearly subscription, but they said this issue was not covered by their software and demanded $79.99 to remove the infection.  I refused.  I have cancelled my subscriptions with them.  I removed McAfee software today hoping I could fix the issue and then install a free version of Norton provided by Comcast.

 

I tried running a few of the programs listed for the ZeroAccess malware but was not successful in getting it removed.  The DDS.COM program I used was downloaded in Nov 2012 (worked with someone using RogueKiller V8.3.1 [Nov 26 2012] ).   The following is the log file and I attached the Attach.txt file. 

 

I ran Adwcleaner, FSS, FSRT and rkill.  One of the logs said "ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender"  I also tried running TTDSKILLER.exe (nothing found), MalwareBytes Anti-Malware (free) and nothing found.

 

Please let me know when you have time to assist and what you would like me to do next.

 

One note for posting instructions for this forum - the instructions say:

 

3.Put a checkmark in the checkbox labeled Watch every topic I reply to.

 

I could not find that label.  I did find however "Auto follow topics I reply to. Notification frequency: Immediate"  I am assuming this is the new field label.  If you have a moment, you may want to update those instructions.

 

 

--------------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16555
Run by JohnC at 20:44:58 on 2014-06-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1789.855 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
D:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\perfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Download_temp\antimalware\JRT.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net1.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - d:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - d:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [gSyncit] c:\program files\fieldston software\gsyncit\gsyncit.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [HP Officejet 6700 (NET)] "c:\program files\hp\hp officejet 6700\bin\ScanToPCActivationApp.exe" -deviceID "CN3CADSKWW05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eDSMSNfix] c:\acer\empowering technology\eDSMSNfix.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\johnc\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://velocity.webex.com/client/WBXclient-T29L10NSP6-58/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01E83BCD-5676-4A6B-818D-BD2FD5F6873B} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\system32\eNetHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-3-16 50688]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-23 21504]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2010-12-10 202592]
R2 MSOLAP$SQLEXPRESS;SQL Server Analysis Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2010-12-10 14955360]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1558000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-7 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-10-31 44904]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2009-10-31 240600]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-10-31 367464]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-06-27 15:27:17 -------- d-----w- C:\FRST
2014-06-06 18:38:03 -------- d-----w- c:\users\johnc\appdata\roaming\webex
2014-06-06 18:37:42 -------- d-----w- c:\programdata\WebEx
.
==================== Find3M  ====================
.
2014-06-27 16:25:52 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 16:39:36 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-05-28 16:32:59 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-28 16:30:53 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-28 16:29:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- c:\windows\system32\mshta.exe
2014-05-14 22:10:09 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 22:10:09 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 12:26:04 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 12:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 12:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
2014-04-15 07:34:10 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-05 02:42:27 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-04-01 03:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
.
============= FINISH: 20:45:41.16 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:07 AM

Posted 28 June 2014 - 05:57 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Wolfe_671,
 
Please post the logs which were created when you ran FRST; these will be called FRST.txt and Addition.txt, and were created in the same place you ran FRST.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Wolfe_671

Wolfe_671
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 28 June 2014 - 12:40 PM

Hi xXToffeeXx,

 

Thank you for helping me.  I re-ran FRST to make sure you have the most current information.

 

----------------------------------------------

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by JohnC (administrator) on JOHNC-LAPTOP on 28-06-2014 12:37:18
Running from C:\Download_temp\antimalware
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Acer\ALaunch\ALaunchSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Symantec) C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\QtZgAcer.EXE
(HiTRUST co.) C:\Acer\Empowering Technology\eDSMSNfix.exe
(Symantec Corporation) C:\Program Files\Norton Ghost\Agent\VProTray.exe
(Hewlett-Packard) D:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Fieldston Software) C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4186112 2006-12-01] (Realtek Semiconductor)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\QtZgAcer.EXE [483328 2007-01-09] (Dritek System Inc.)
HKLM\...\Run: [eDSMSNfix] => C:\Acer\Empowering Technology\eDSMSNfix.exe [13312 2007-02-08] (HiTRUST co.)
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer Registration\ACE1.exe [3383296 2007-02-02] (Leader Technologies)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [Norton Ghost 14.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2245984 2008-08-13] (Symantec Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2792093017-1534530028-4145237155-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-2792093017-1534530028-4145237155-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2792093017-1534530028-4145237155-1000\...\Run: [gSyncit] => C:\Program Files\Fieldston Software\gSyncit\gsyncit.exe [165088 2011-11-03] (Fieldston Software)
HKU\S-1-5-21-2792093017-1534530028-4145237155-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2792093017-1534530028-4145237155-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
AppInit_DLLs: C:\Windows\System32\eNetHook.dll => C:\Windows\System32\eNetHook.dll [90112 2006-12-28] (acer)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\JohnC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {C8AB01C7-A463-4F2A-BBE1-6B243BB5AA5D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKCU - {7D722164-9A8B-4931-86BA-5146D8A1DF85} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {C8AB01C7-A463-4F2A-BBE1-6B243BB5AA5D} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://velocity.webex.com/client/WBXclient-T29L10NSP6-58/webex/ieatgpc1.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MVT - C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-18]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-17]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - D:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-01-17]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google Search) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\JohnC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]

========================== Services (Whitelisted) =================

R2 ALaunchService; C:\Acer\ALaunch\ALaunchSvc.exe [50688 2007-01-26] () [File not signed]
R2 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-12-22] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [126976 2006-12-28] (Acer Inc.) [File not signed]
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-04-24] () [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
R3 hpqcxs08; D:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; D:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; D:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2006-12-14] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-08-04] (Symantec Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
R2 MsDtsServer; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [202592 2010-12-10] (Microsoft Corporation)
R2 MSOLAP$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [14955360 2010-12-10] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [42778472 2009-10-31] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3004416 2007-11-07] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4314464 2008-08-13] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [367464 2009-10-31] (Microsoft Corporation)
R2 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2006-11-02] (Microsoft Corporation)
R3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1558000 2008-08-07] (Symantec)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [135168 2007-01-02] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-11-12] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-11-12] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-11-12] (ENE Technology Inc.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-03-16] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240600 2009-10-31] (Microsoft Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [537856 2008-11-18] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [320128 2008-11-18] (eMPIA Technology, Inc.)
R2 v2imount; C:\Windows\System32\DRIVERS\v2imount.sys [38112 2008-08-13] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15088 2008-01-19] (Symantec Corporation)
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1966312 2007-04-10] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\JohnC\AppData\Local\Temp\catchme.sys [X]
S2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
U3 mbr; \??\C:\Users\JohnC\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-27 11:25 - 2014-06-27 11:25 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 10:27 - 2014-06-28 12:37 - 00000000 ____D () C:\FRST
2014-06-27 04:45 - 2014-06-27 04:45 - 00029182 _____ () C:\Users\JohnC\Desktop\sfcdetails.txt
2014-06-27 04:21 - 2014-06-27 21:17 - 00001093 _____ () C:\Users\JohnC\Desktop\Windows error.txt
2014-06-20 11:26 - 2014-06-20 11:59 - 1382532096 _____ () C:\Users\JohnC\Documents\Outlook.pst
2014-06-18 10:42 - 2014-06-18 10:42 - 00000152 _____ () C:\Users\JohnC\Documents\WF contacts.txt
2014-06-12 18:03 - 2014-06-12 18:03 - 00003585 _____ () C:\Users\JohnC\Documents\Mcafee refund.txt
2014-06-11 00:55 - 2014-05-28 11:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 00:55 - 2014-05-28 11:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 00:55 - 2014-05-28 11:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 00:55 - 2014-05-28 11:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 00:55 - 2014-05-28 11:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 00:55 - 2014-05-28 11:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 00:55 - 2014-05-28 11:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 00:55 - 2014-05-28 11:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 00:55 - 2014-05-28 11:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 00:55 - 2014-05-28 11:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 00:55 - 2014-05-28 11:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 00:55 - 2014-05-28 11:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 00:55 - 2014-05-28 11:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 00:55 - 2014-05-28 11:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 00:55 - 2014-05-28 11:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 00:55 - 2014-05-28 11:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 00:55 - 2014-04-26 11:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 00:55 - 2014-04-04 21:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 00:55 - 2014-03-09 20:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 00:55 - 2014-03-09 20:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-09 13:36 - 2014-06-09 13:36 - 00000000 ____D () C:\Users\JohnC\Documents\Shan
2014-06-09 10:50 - 2014-06-10 14:45 - 00000158 _____ () C:\Users\JohnC\Desktop\comcast modem billing.txt
2014-06-06 13:38 - 2014-06-06 14:37 - 00000000 ____D () C:\Users\JohnC\AppData\Roaming\webex
2014-06-06 13:37 - 2014-06-06 13:37 - 00000000 ____D () C:\ProgramData\WebEx
2014-06-05 23:09 - 2014-06-05 23:09 - 00000999 _____ () C:\Users\JohnC\Desktop\US Bank Cover Letter.txt
2014-06-02 09:12 - 2014-06-02 09:12 - 00000246 _____ () C:\Users\JohnC\Desktop\Medical Contact Info.txt

==================== One Month Modified Files and Folders =======

2014-06-28 12:37 - 2014-06-27 10:27 - 00000000 ____D () C:\FRST
2014-06-28 12:24 - 2014-02-13 03:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2893f3a06939.job
2014-06-28 12:13 - 2013-04-10 08:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 11:57 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 11:57 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 03:00 - 2007-06-13 08:12 - 02056319 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 02:24 - 2014-05-09 00:14 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b457e3895d7.job
2014-06-27 21:17 - 2014-06-27 04:21 - 00001093 _____ () C:\Users\JohnC\Desktop\Windows error.txt
2014-06-27 20:54 - 2014-05-17 14:03 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 20:45 - 2012-11-25 22:04 - 00023797 _____ () C:\Users\JohnC\Desktop\attach.txt
2014-06-27 20:45 - 2012-11-25 22:04 - 00014982 _____ () C:\Users\JohnC\Desktop\dds.txt
2014-06-27 19:04 - 2012-11-25 11:37 - 00015534 _____ () C:\Users\JohnC\Desktop\Rkill.txt
2014-06-27 18:57 - 2009-04-19 22:19 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-06-27 11:25 - 2014-06-27 11:25 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 11:25 - 2014-05-17 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 11:25 - 2014-05-17 14:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-27 10:19 - 2008-03-31 23:27 - 00000000 ____D () C:\Download_temp
2014-06-27 08:18 - 2009-04-19 08:15 - 00000000 ____D () C:\Users\JohnC\Documents\Visual Studio 2008
2014-06-27 08:16 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 08:15 - 2006-11-02 08:01 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 08:10 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Registration
2014-06-27 08:09 - 2007-06-13 08:06 - 07372794 _____ () C:\Windows\PFRO.log
2014-06-27 04:45 - 2014-06-27 04:45 - 00029182 _____ () C:\Users\JohnC\Desktop\sfcdetails.txt
2014-06-27 03:47 - 2010-06-14 00:23 - 00000000 ____D () C:\Program Files\McAfee
2014-06-27 03:47 - 2009-04-10 12:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-21 07:29 - 2011-11-09 09:06 - 00000000 ____D () C:\Users\JohnC\AppData\Roaming\gSyncit
2014-06-20 11:59 - 2014-06-20 11:26 - 1382532096 _____ () C:\Users\JohnC\Documents\Outlook.pst
2014-06-18 11:27 - 2008-09-21 20:07 - 00000000 ____D () C:\Users\JohnC\Documents\Excel
2014-06-18 11:14 - 2012-02-26 22:19 - 00002571 _____ () C:\Users\JohnC\Desktop\Microsoft Excel 2010.lnk
2014-06-18 10:42 - 2014-06-18 10:42 - 00000152 _____ () C:\Users\JohnC\Documents\WF contacts.txt
2014-06-12 18:03 - 2014-06-12 18:03 - 00003585 _____ () C:\Users\JohnC\Documents\Mcafee refund.txt
2014-06-11 14:29 - 2013-02-21 13:33 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 03:18 - 2007-03-16 08:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:15 - 2013-08-15 03:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:10 - 2006-11-02 05:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-10 14:45 - 2014-06-09 10:50 - 00000158 _____ () C:\Users\JohnC\Desktop\comcast modem billing.txt
2014-06-09 13:36 - 2014-06-09 13:36 - 00000000 ____D () C:\Users\JohnC\Documents\Shan
2014-06-06 23:21 - 2007-09-18 16:22 - 00000000 ____D () C:\Users\JohnC\AppData\Local\Microsoft Help
2014-06-06 14:37 - 2014-06-06 13:38 - 00000000 ____D () C:\Users\JohnC\AppData\Roaming\webex
2014-06-06 13:37 - 2014-06-06 13:37 - 00000000 ____D () C:\ProgramData\WebEx
2014-06-05 23:09 - 2014-06-05 23:09 - 00000999 _____ () C:\Users\JohnC\Desktop\US Bank Cover Letter.txt
2014-06-04 22:50 - 2006-11-02 05:33 - 00900734 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 09:12 - 2014-06-02 09:12 - 00000246 _____ () C:\Users\JohnC\Desktop\Medical Contact Info.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2014-06-28 08:13

==================== End Of Log ============================

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by JohnC at 2014-06-28 12:38:14
Running from C:\Download_temp\antimalware
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.0.3605a - )
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.3006 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.3005 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.3002 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.3007 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.3003 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.3004 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.61.102 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.00.0000 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 1.1.3007 - Acer Inc.)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat Connect Add-in (HKCU\...\Adobe Acrobat Connect Add-in) (Version:  - )
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.3 (HKLM\...\Amazon MP3 Downloader) (Version:  - )
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{A8AAE765-CD28-2806-0C3E-56EBB64FA5A5}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version:  - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Branding (Version: 1.00.0000 - Your Company Name) Hidden
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Arabic (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization French (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization German (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 0108.2146.2565.38893 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 0108.2146.2565.38893 - ATI) Hidden
CCC Help Chinese Standard (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Chinese Traditional (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Czech (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Danish (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Dutch (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help English (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help English (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Finnish (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help French (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help German (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Greek (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Hungarian (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Italian (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Japanese (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Korean (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Norwegian (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Polish (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Portuguese (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Russian (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Spanish (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Swedish (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Thai (Version: 0108.2146.2564.38893 - ATI) Hidden
CCC Help Turkish (Version: 0108.2146.2564.38893 - ATI) Hidden
ccc-core-static (Version: 2008.0703.2236.38526 - ATI) Hidden
ccc-utility (Version: 2008.0703.2236.38526 - ATI) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Crystal Reports Basic for Visual Studio 2008 (HKLM\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
CyberLink PowerDVD 8 (HKLM\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2021a - CyberLink Corp.)
CyberLink PowerDVD 8 (Version: 8.0.2021a - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Dia (remove only) (HKLM\...\Dia) (Version:  - )
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Empire Deluxe Internet Edition (HKLM\...\Empire Deluxe Internet Edition) (Version:  - )
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Galactic Civilizations II (HKLM\...\Galactic Civilizations II) (Version:  - Stardock Entertainment, Inc.)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.29 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
gSyncit (HKLM\...\{DD875E8A-2EFD-4B2D-B753-5D3DFA70805D}) (Version: 3.2.51 - Fieldston Software)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iTunes (HKLM\...\{A9B3F8D5-DF4F-462B-81B7-4B69EBEDBC5B}) (Version: 11.2.0.115 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
LiveUpdate (Symantec Corporation) (HKLM\...\PsuedoLiveUpdate) (Version: 3.4.1.234 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238 - Symantec Corporation) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.3.0.45 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Device Emulator version 3.0 - ENU (HKLM\...\{B32E7732-B2FB-3FD0-81AC-6025B1104C66}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{63AFACBC-4795-4A1B-8037-5085DC03FC54}) (Version: 1.40.164.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Analysis Services (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}) (Version: 8.05.2312 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Integration Services (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Notification Services (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{C98FCFBE-4B5E-4A69-BB43-121A62E1B591}) (Version: 10.50.1352.12 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 November CTP (HKLM\...\Microsoft SQL Server KJCTP3) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 November CTP (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.50.1352.12 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup November CTP (English) (HKLM\...\{F823DD0A-3ECE-4C27-B1C7-BF249FAC08C1}) (Version: 10.50.1352.12 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{77C30E6E-F0BF-449B-9B53-3CC6D27DFDCB}) (Version: 10.50.1352.12 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2949122E-F89F-441F-B5DB-2FE6921772D3}) (Version: 10.50.1352.12 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{05EC21B8-4593-3037-A781-A6B5AFFCB19D}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{842FAF7C-50EF-4463-9B8F-6222E1384D7D}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{64c5b887-b5ee-42b8-8596-78905a6b5f1f}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{B268E9A1-04A9-40D0-9866-846BE2B74BA7}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Norton Ghost (HKLM\...\{B0255743-165B-4BD5-8DA8-37DFB9930014}) (Version: 14.0.3.28361 - Symantec Corporation)
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PoiEdit (HKLM\...\PoiEdit) (Version:  - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5334 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version:  - ) <==== ATTENTION
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skins (Version: 2008.0703.2236.38526 - ATI) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SQL Server 2008 R2 Common Files (Version: 10.50.1352.12 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (Version: 10.50.1352.12 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (Version: 10.50.1352.12 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1352.12 - Microsoft Corporation) Hidden
SQLXML4 (HKLM\...\{6C79A48D-F9CE-4B4E-968C-5BCFC27630CF}) (Version: 9.00.5000.00 - Microsoft Corporation)
Stardock Central (HKLM\...\Stardock Central) (Version:  - )
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
SyncToy 2.0 Beta (HKLM\...\{F3666943-0411-41D1-8015-8B572B6E91A7}) (Version: 2.0.0.0 - Microsoft)
The VDM-SL Toolbox Lite v8.1 (HKLM\...\The VDM-SL Toolbox Lite v8.1) (Version:  - )
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (HKLM\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB972221) (Version: 1 - Microsoft Corporation)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC Runtimes MSI (Version: 9.0.21022 - Microsoft) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022 - Microsoft Corporation) Hidden
Warlords IV (HKLM\...\{7B31DF8A-8B77-497F-8180-E710A01635F1}) (Version: W4PCA0.8 - )
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)

==================== Restore Points  =========================

15-08-2013 08:00:21 Windows Update
27-08-2013 21:48:53 Windows Update
11-09-2013 08:01:16 Windows Update
11-09-2013 21:26:12 Installed TomTom HOME.
12-09-2013 08:00:19 Windows Update
13-09-2013 08:00:17 Windows Update
14-09-2013 08:00:23 Windows Update
05-10-2013 15:46:07 Device Driver Package Install: Apple Network adapters
09-10-2013 08:00:57 Windows Update
05-11-2013 09:00:47 Windows Update
14-11-2013 09:00:58 Windows Update
11-12-2013 09:01:12 Windows Update
16-01-2014 09:00:13 Windows Update
28-01-2014 17:36:53 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
28-01-2014 17:39:44 Device Driver Package Install: Apple Network adapters
29-01-2014 09:00:17 Windows Update
31-01-2014 14:01:56 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
31-01-2014 14:03:56 Device Driver Package Install: Apple Network adapters
12-02-2014 09:01:03 Windows Update
28-02-2014 15:00:12 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
28-02-2014 15:02:24 Device Driver Package Install: Apple Network adapters
04-03-2014 09:00:21 Windows Update
12-03-2014 08:00:58 Windows Update
15-03-2014 17:57:57 Device Driver Package Install: HP Printers
15-03-2014 18:00:22 Device Driver Package Install: HP Printers
15-03-2014 18:01:18 Device Driver Package Install: Hewlett-Packard Imaging devices
19-03-2014 08:00:13 Windows Update
09-04-2014 08:00:52 Windows Update
02-05-2014 08:00:15 Windows Update
15-05-2014 08:01:10 Windows Update
15-05-2014 15:44:53 Windows Update
11-06-2014 08:00:54 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2012-11-28 22:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1486C15D-3A1A-40EC-974C-2D80C31C655C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {39B0A6F4-DF4A-49BE-BC3B-541EDD50AF26} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6b457e3895d7 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {62A574B3-F2C8-4507-9B6F-286D02F8A2E0} - System32\Tasks\Acer\Acer Assist\New Message Check - JohnC => C:\Program Files\Acer Assist\AcerAssist.exe [2007-02-07] (Acer Inc.)
Task: {7EBEB82E-9DC8-4D5E-9F48-1021C681237D} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2893f3a06939 => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-21] (Google Inc.)
Task: {89D3C883-A56D-4C54-99F8-FBAE60B67E08} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2007-04-10] (Microsoft Corporation)
Task: {92E8ACF3-6022-4CCC-9359-55B18AD34538} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C5FE26BE-40EB-41E7-9628-D45A0A94F5E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {DC6F2135-AA8E-4167-992B-852F8BFE1296} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6b457e3895d7.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2893f3a06939.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-03-16 08:58 - 2007-01-26 16:24 - 00050688 _____ () C:\Acer\ALaunch\ALaunchSvc.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-03-16 08:41 - 2006-11-24 14:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-03-16 08:41 - 2006-10-24 12:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-01-03 03:00 - 2008-01-03 03:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2011-11-03 18:56 - 2011-11-03 18:56 - 01805312 _____ () C:\Program Files\Fieldston Software\gSyncit\gSyncit.core.dll
2008-08-12 12:47 - 2008-08-12 12:47 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2007-03-16 09:09 - 2007-01-05 20:06 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2006-11-02 05:25 - 2008-07-03 22:37 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Acer Tour Reminder => C:\Acer\AcerTour\Reminder.exe
MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: PDVD8LanguageShortcut => "d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
MSCONFIG\startupreg: PMCRemote => C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
MSCONFIG\startupreg: RemoteControl8 => "d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
MSCONFIG\startupreg: VX1000 => C:\Windows\vVX1000.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Officejet 6700
Description: Officejet 6700
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2014 02:15:20 AM) (Source: Norton Ghost) (EventID: 100) (User: )
Description: Error EC8F17B7: Cannot create recovery points for job: Laptop D Drive. Error EC8F03ED: Cannot create the recovery point. Error E7D1000B: Unable to make directory 'F:/'. Error E7D10026: Unable to get attributes for 'F:/'. Error EBAB03F1: The system cannot find the path specified.

Details: 0xE7D1000B
Source: Norton Ghost

Error: (06/27/2014 11:00:22 PM) (Source: Norton Ghost) (EventID: 100) (User: )
Description: Error EC8F17B7: Cannot create recovery points for job: Laptop C Drive backup. Error EC8F03ED: Cannot create the recovery point. Error E7D1000B: Unable to make directory 'F:/'. Error E7D10026: Unable to get attributes for 'F:/'. Error EBAB03F1: The system cannot find the path specified.

Details: 0xE7D1000B
Source: Norton Ghost

Error: (06/27/2014 08:18:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x741e74b2,
process id 0x1638, application start time 0xtaskmgr.exe0.

Error: (06/27/2014 08:16:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application taskmgr.exe, version 6.0.6001.18000, time stamp 0x47918e94, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x741e74b2,
process id 0x1638, application start time 0xtaskmgr.exe0.

Error: (06/27/2014 08:10:16 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17051) (User: )
Description: SQL Server evaluation period has expired.

Error: (06/27/2014 05:07:49 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17051) (User: )
Description: SQL Server evaluation period has expired.

Error: (06/27/2014 04:49:17 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/27/2014 03:43:27 AM) (Source: MSSQL$SQLEXPRESS) (EventID: 17051) (User: )
Description: SQL Server evaluation period has expired.

Error: (06/26/2014 02:21:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16555 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e10
Start Time: 01cf9170283872b4
Termination Time: 16620

Error: (06/21/2014 07:29:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WINWORD.EXE, version 14.0.7125.5000, time stamp 0x53745315, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x535bd814, exception code 0xc0000005, fault offset 0x741474b2,
process id 0x451c, application start time 0xWINWORD.EXE0.

System errors:
=============
Error: (06/27/2014 08:12:28 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: WMPNetworkSvc0x80070424

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: eSettings Serviceint15%%3

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: SQL Server (SQLEXPRESS)17051 (0x429B)

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: int15%%3

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/27/2014 08:10:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (06/27/2014 05:10:19 AM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: WMPNetworkSvc0x80070424

Error: (06/27/2014 05:08:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: eSettings Serviceint15%%3

Error: (06/27/2014 05:08:02 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE

Microsoft Office Sessions:
=========================
Error: (01/11/2012 06:35:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 981 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (12/27/2011 04:16:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/12/2011 01:02:14 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/05/2011 00:21:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/16/2011 10:57:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 120 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/10/2011 09:14:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1163 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (11/03/2011 04:37:47 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1863 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/03/2011 08:05:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/18/2011 00:08:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/30/2011 10:50:36 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 59 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-06-27 11:31:46.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:45.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:44.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:43.128
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:41.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:40.591
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:39.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-27 11:31:38.415
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 19:38:23.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-18 19:38:22.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 1789.44 MB
Available physical RAM: 852.03 MB
Total Pagefile: 3831.39 MB
Available Pagefile: 2360.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.45 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:445.31 GB) (Free:305.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:20.45 GB) (Free:16.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 0B6DD6A6)
Partition 1: (Active) - (Size=445 GB) - (Type=27)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Wolfe_671

Wolfe_671
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 28 June 2014 - 01:11 PM

Hi xXToffeeXx,

 

I read through the files and noticed this:  "S3 catchme; \??\C:\Users\JohnC\AppData\Local\Temp\catchme.sys [X]"

 

It looked suspicious so I did some searching and saw that it is a potential keylogger.  I then dropped into DOS and searched for related files.  I then found a directory for the last repair I did in November 2012.  Here's the contents of this directory.  Let me know if you want any more information on this.

 

 Volume in drive C is ACER
 Volume Serial Number is 0C6F-EEE3

 Directory of C:\Qoobox

11/28/2012  10:17 PM    <DIR>          .
11/28/2012  10:17 PM    <DIR>          ..
11/28/2012  10:16 PM            13,879 Add-Remove Programs.txt
11/28/2012  09:52 PM    <DIR>          BackEnv
11/28/2012  10:17 PM            10,248 ComboFix-quarantined-files.txt
11/28/2012  09:52 PM    <DIR>          Quarantine
               2 File(s)         24,127 bytes

 Directory of C:\Qoobox\Quarantine

11/28/2012  09:52 PM    <DIR>          .
11/28/2012  09:52 PM    <DIR>          ..
11/28/2012  10:12 PM    <DIR>          C
11/28/2012  09:55 PM                62 catchme.log
11/28/2012  10:16 PM    <DIR>          Registry_backups
               1 File(s)             62 bytes

 Directory of C:\Qoobox\Quarantine\C

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
11/28/2012  10:12 PM    <DIR>          Windows
               0 File(s)              0 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
11/28/2012  10:12 PM    <DIR>          System32
               0 File(s)              0 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows\System32

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
11/28/2012  10:12 PM    <DIR>          html
11/28/2012  10:12 PM    <DIR>          images
               0 File(s)              0 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows\System32\html

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
12/01/2003  05:28 PM               602 calendar.html.vir
12/01/2003  05:28 PM                95 calendarbottom.html.vir
12/01/2003  05:28 PM                92 calendartop.html.vir
10/19/2006  04:28 AM             2,239 crystalexportdialog.htm.vir
08/17/2007  02:17 PM             2,707 crystalprinthost.html.vir
               5 File(s)          5,735 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows\System32\images

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
11/28/2012  10:12 PM    <DIR>          toolbar
11/28/2012  10:12 PM    <DIR>          tree
               0 File(s)              0 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows\System32\images\toolbar

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
05/26/2007  11:02 PM                84 calendar.gif.vir
09/07/2007  11:02 AM             1,787 crlogo.gif.vir
05/26/2007  11:02 PM               617 export.gif.vir
05/26/2007  11:02 PM               283 exportd.gif.vir
05/26/2007  11:02 PM             1,244 export_over.gif.vir
07/13/2004  06:49 PM                78 First.gif.vir
07/13/2004  06:49 PM                78 Firstd.gif.vir
07/15/2004  05:37 PM             1,251 first_over.gif.vir
05/26/2007  11:02 PM               595 gotopage.gif.vir
05/05/2004  08:15 PM               176 gotopaged.gif.vir
05/26/2007  11:02 PM             1,226 gotopage_over.gif.vir
05/26/2007  11:02 PM               257 grouptree.gif.vir
05/26/2007  11:02 PM               230 grouptreed.gif.vir
05/26/2007  11:02 PM               179 grouptreepressed.gif.vir
05/26/2007  11:02 PM             1,215 grouptree_over.gif.vir
07/13/2004  06:49 PM                79 Last.gif.vir
07/13/2004  06:49 PM                79 Lastd.gif.vir
07/13/2004  06:49 PM             1,251 last_over.gif.vir
07/13/2004  06:49 PM                73 Next.gif.vir
07/13/2004  06:49 PM                73 Nextd.gif.vir
07/13/2004  06:49 PM             1,252 next_over.gif.vir
07/13/2004  06:49 PM                73 Prev.gif.vir
07/13/2004  06:49 PM                73 Prevd.gif.vir
07/13/2004  06:49 PM             1,250 prev_over.gif.vir
05/26/2007  11:02 PM               375 print.gif.vir
05/26/2007  11:02 PM               273 printd.gif.vir
05/26/2007  11:02 PM             1,219 print_over.gif.vir
05/26/2007  11:02 PM               134 Refresh.gif.vir
05/26/2007  11:02 PM               134 refreshd.gif.vir
05/26/2007  11:02 PM             1,236 refresh_over.gif.vir
05/26/2007  11:02 PM               199 Search.gif.vir
05/26/2007  11:02 PM               274 searchd.gif.vir
05/26/2007  11:02 PM             1,205 search_over.gif.vir
05/26/2007  11:02 PM               122 up.gif.vir
05/26/2007  11:02 PM               898 upd.gif.vir
05/26/2007  11:02 PM             1,244 up_over.gif.vir
              36 File(s)         20,816 bytes

 Directory of C:\Qoobox\Quarantine\C\Windows\System32\images\tree

11/28/2012  10:12 PM    <DIR>          .
11/28/2012  10:12 PM    <DIR>          ..
03/31/2005  11:23 AM                74 begindots.gif.vir
03/31/2005  11:24 AM                91 beginminus.gif.vir
03/31/2005  11:29 AM                96 beginplus.gif.vir
03/31/2005  11:29 AM                57 blank.gif.vir
03/31/2005  11:29 AM                73 blankdots.gif.vir
03/31/2005  11:29 AM                75 dots.gif.vir
03/31/2005  11:28 AM                70 lastdots.gif.vir
03/31/2005  11:28 AM                93 lastminus.gif.vir
03/31/2005  11:28 AM                97 lastplus.gif.vir
11/24/2003  03:41 PM                96 Magnify.gif.vir
03/31/2005  11:28 AM                95 minus.gif.vir
03/31/2005  11:30 AM                86 minusbox.gif.vir
03/31/2005  11:27 AM                98 plus.gif.vir
03/31/2005  11:30 AM                90 plusbox.gif.vir
03/31/2005  11:27 AM                89 singleminus.gif.vir
03/31/2005  11:27 AM                93 singleplus.gif.vir
              16 File(s)          1,373 bytes

 Directory of C:\Qoobox\Quarantine\Registry_backups

11/28/2012  10:16 PM    <DIR>          .
11/28/2012  10:16 PM    <DIR>          ..
11/28/2012  10:16 PM             1,424 AddRemove-KB2463332_DTS9.reg.dat
11/28/2012  10:16 PM             1,420 AddRemove-KB2463332_NS9.reg.dat
11/28/2012  10:16 PM             1,424 AddRemove-KB2463332_OLAP9.reg.dat
11/28/2012  10:16 PM             2,430 AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}.reg.dat
11/28/2012  10:16 PM               144 HKCU-Run-Appigo Sync.reg.dat
11/28/2012  10:16 PM               167 HKCU-Run-MobileDocuments.reg.dat
11/28/2012  10:16 PM               175 HKCU-Run-updateMgr.reg.dat
11/28/2012  10:16 PM               258 HKLM-Run-Acer Tour.reg.dat
11/28/2012  10:16 PM               130 HKLM-Run-ALaunch.reg.dat
11/28/2012  10:16 PM               123 HKLM-Run-SetPanel.reg.dat
11/28/2012  10:16 PM               156 HKLM-Run-SunJavaUpdateSched.reg.dat
11/28/2012  10:16 PM             1,174 MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}.reg.dat
11/28/2012  10:16 PM               918 MSConfigStartUp-NBKeyScan.reg.dat
11/28/2012  10:16 PM               926 MSConfigStartUp-TomTomHOME.reg.dat
11/28/2012  10:06 PM             5,949 tcpip.reg
              15 File(s)         16,818 bytes

     Total Files Listed:
              75 File(s)         68,931 bytes
              30 Dir(s)  327,586,680,832 bytes free



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:07 AM

Posted 29 June 2014 - 06:00 AM

Hi Wolfe_671,
 
Catchme.sys is not a keylogger, it belongs to combofix which is a tool we use to remove malware. It's behaviour of deleting files means it can sometimes be flagged as malicious, but it is not.
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
We need to remove programs using "Programs and Features":
Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Savings Bond Wizard
Stardock Central (unless you use this program)

Additional instructions can be found here if needed.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • How is your computer running?

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:07 AM

Posted 02 July 2014 - 01:03 PM

Hi Wolfe_671,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:07 AM

Posted 04 July 2014 - 01:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users