Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Viknok Per Norton 360: Popup intrusion alerts & MBAM traffic blocks


  • This topic is locked This topic is locked
10 replies to this topic

#1 Irishlass1021

Irishlass1021

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 30 June 2014 - 03:56 PM

6/28/14: Norton 360 idenitified Viknok Activity 3 as either an inbound intrusion attack attempt or an actual infection on my computer.  It was popping up a warning about every 5 seconds.  I immediately ran Malwarebytes (log saved and can be attached) and it detected 3 Trojan.BHO registry key issues, one trojan.backdoor in docs/settings & and one Adware.Deepdive problem in Program Files/Shared.  

I clicked "fix" and rebooted as suggested. 

 

Malwarebytes continued to block outbound traffic to 4 IP's 5.45.68.199, 5.45-67.216, 5.45.66.208 and 5.45.15.190, and Norton 360 continued to pop up every 5 seconds with an inbound attack blocking message. 

 

Yesterday I ran Norton Power Erase which found one bad file: rpcss.dll, which I allowed it to fix.  The popups have stopped - YAY! - but each time I open Internet Explorer, it takes all memory until the computer locks up and IE stops running, so obviously not everything has been eradicated.  Email seems normal and I have not encountered issues with any other programs. 

 

I tried System Restore to 6/27/14 but though it was as choice listed, an error message resulted, stating there had been no changes.  I wen't back to 6/26/14 but received the same error message.  There are bout 3 weeks of restore choices, but I did not want to go back any further.  As I have not tried to use this before,  am not sure why it would refuse the restore point requested, unless it has been affected by the infection.

 

I also use Firefox, which does not seem to be affected.

 

I am running XP Pro with SP3 on a 32-bit system.

 

Please note that I was all over several forums on 6/28/14 looking for assistance - many of which required creating a user name/password, but Bleeping Computer has been the only one to respond, therefore I will stay with BC staff exclusively , following each step requested without conflict from any other forum.  Please do not close my topic!

 

DDS files are attached per request.

 

Thank you for your assistance!

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Sheri at 15:25:44 on 2014-06-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2014.739 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Scan2PC\Sc2PCSvc.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Scan2PC\Scan2PC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080531
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\3.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\3.8.3.6\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\3.8.3.6\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\3.8.3.6\CoIEPlg.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [\\ATHIRDWAY4\EPSON Stylus Photo 1400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\docume~1\sheri\locals~1\temp\E_S2CA4.tmp" /EF "HKCU"
uRun: [Auto EPSON Stylus Photo 1400 Series on ATHIRDWAY5] c:\windows\system32\spool\drivers\w32x86\3\e_fatibua.exe /fu "c:\windows\temp\E_S3C.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DLPSP] "c:\program files\dell printers\additional color laser software\status monitor\DLPSP.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelr~1.lnk - c:\program files\corel\wordperfect office 2000\register\Remind32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scan2pc.lnk - c:\program files\scan2pc\Scan2PC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E2767B52-AE2E-464B-B056-033613273C8E} : DHCPNameServer = 192.168.1.1
Filter: text/html - {16359cd0-011f-443a-a986-99aefb6cf099} -
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.3.6\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sheri\application data\mozilla\firefox\profiles\ogj8wc0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\sheri\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-10-10 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-10-10 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-10-10 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20140627.001\IDSXpx86.sys [2014-6-27 383120]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 DLSDB;Dell Printer Status Database;c:\program files\dell printers\additional color laser software\status monitor\dlsdbnt.exe [2008-7-25 140184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-28 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-28 860472]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 Scan2PC;Scan2PC;c:\program files\scan2pc\Sc2PCSvc.exe [2010-1-23 69632]
R2 WDBackup;WD Backup;c:\program files\western digital\wd smartware\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2013-11-2 270704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-10 109872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-3-3 110296]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20140630.001\naveng.sys [2014-6-30 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20140630.001\navex15.sys [2014-6-30 1612376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-06-29 04:16:01    --------    d-----w-    c:\documents and settings\sheri\local settings\application data\NPE
2014-06-29 01:12:11    --------    d-----w-    C:\FRST
2014-06-28 18:47:06    53208    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-28 18:47:06    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M  ====================
.
2014-06-30 19:25:01    110296    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-06-29 04:31:18    401408    ----a-w-    c:\windows\system32\rpcss.dll
2014-05-12 12:25:54    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:26:40.26 ===============
 

Attached Files


Edited by hamluis, 30 June 2014 - 04:29 PM.
Pasted DDS into post - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 04 July 2014 - 04:09 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 Irishlass1021

Irishlass1021
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 06 July 2014 - 12:55 PM

Hi Georgi,

 

 

Thank you so much for replying.  I ran the Farbar Recovery Scan tool today (07/06/14) and below is the FRST.txt log.  Unfortunatly in my urgent quest on 6/28 to find something - anything that would help remove the infection, I did a couple of tools, so today is not is not the first time I have run this tool - therefore the addition.txt log did not compile.  However,  have included the one I ran on 06/28/14 with the original FRST.txt from that day. 

 

To repeat:  I am only working with Bleepingcomputer.com and have not done anything to my computer since posting to this forum. 

 

Here is today's FRST.txt (07/06/14) log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Sheri (administrator) on RHB2008 on 06-07-2014 12:35:54
Running from C:\Documents and Settings\Sheri\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\ASF Agent\ASFAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Iomega Corporation) C:\PROGRA~1\Iomega\System32\AppServices.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\Scan2PC\Sc2PCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(IntelliQuest Communications, Inc.) C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Scan2PC\Scan2PC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [136600 2009-02-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-31] (Google)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [393944 2007-07-25] (Dell Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-01-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [15504192 2012-05-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [108352 2012-05-15] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-15] ()
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-1553111627-2839410608-560607022-1005\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
HKU\S-1-5-21-1553111627-2839410608-560607022-1005\...\Run: [\\ATHIRDWAY4\EPSON Stylus Photo 1400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE [143360 2006-10-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1553111627-2839410608-560607022-1005\...\Run: [Auto EPSON Stylus Photo 1400 Series on ATHIRDWAY5] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE [143360 2006-10-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1553111627-2839410608-560607022-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1553111627-2839410608-560607022-1008\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [205480 2007-08-30] (Macrovision Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [111616 2008-05-31] (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Corel Registration.lnk
ShortcutTarget: Corel Registration.lnk -> C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe (IntelliQuest Communications, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Scan2PC.lnk
ShortcutTarget: Scan2PC.lnk -> C:\Program Files\Scan2PC\Scan2PC.exe ()
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\3.8.3.6\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\3.8.3.6\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\3.8.3.6\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation)
Filter: text/html - {16359cd0-011f-443a-a986-99aefb6cf099} - C:\WINDOWS\msvideo.dll No File
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sheri\Application Data\Mozilla\Firefox\Profiles\ogj8wc0c.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Sheri\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2011-10-12]

========================== Services (Whitelisted) =================

R2 ASFAgent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [133968 2007-01-23] (Intel Corporation)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
S3 GoogleDesktopManager-010708-104812; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [29744 2008-05-31] (Google)
R2 Iomega App Services; C:\Program Files\Iomega\System32\AppServices.exe [73728 2002-07-31] (Iomega Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-02-09] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2008-10-27] () [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S4 Iomega Activity Disk2; "" [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 BHDrvx86; C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys [259632 2009-08-22] (Symantec Corporation)
R1 ccHP; C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys [467592 2011-09-21] (Symantec Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-10] (Symantec Corporation)
R1 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20140703.001\IDSxpx86.sys [383120 2014-03-24] (Symantec Corporation)
R0 iomdisk; C:\WINDOWS\System32\DRIVERS\iomdisk.sys [30258 2002-07-31] (Iomega Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-06] (Malwarebytes Corporation)
R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140705.001\NAVENG.SYS [93272 2014-07-02] (Symantec Corporation)
R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140705.001\NAVEX15.SYS [1612376 2014-07-02] (Symantec Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS [308272 2009-08-22] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS [43696 2009-08-22] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\0308030.006\SYMEFA.SYS [310320 2009-08-22] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2009-08-18] (Symantec Corporation)
R3 SYMFW; C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS [89976 2011-09-21] (Symantec Corporation)
R3 SYMIDS; C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS [33144 2011-09-21] (Symantec Corporation)
S3 SymIM; C:\WINDOWS\System32\DRIVERS\SymIM.sys [36400 2009-08-22] (Symantec Corporation)
R3 SymIMMP; C:\WINDOWS\System32\DRIVERS\SymIM.sys [36400 2009-08-22] (Symantec Corporation)
R3 SYMNDIS; C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS [36472 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS [217464 2011-09-21] (Symantec Corporation)
U3 navapsvc;
U3 SAVRT;
U1 SAVRTPEL;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 18:54 - 2014-07-04 18:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-04 18:53 - 2014-07-04 18:53 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-30 15:29 - 2014-06-30 15:29 - 00012902 _____ () C:\Documents and Settings\Sheri\Desktop\dds 063014.txt
2014-06-30 15:28 - 2014-06-30 15:28 - 00020815 _____ () C:\Documents and Settings\Sheri\Desktop\attach 063014.txt
2014-06-29 13:57 - 2014-06-29 13:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-29 12:12 - 2014-06-29 12:12 - 00004934 _____ () C:\Documents and Settings\Sheri\Desktop\4th of July 2014 Menu And Shopping List.wpd
2014-06-29 12:02 - 2014-06-29 12:02 - 00001498 _____ () C:\Documents and Settings\Sheri\Desktop\Calculator (2).lnk
2014-06-28 23:16 - 2014-06-28 23:35 - 00000000 ____D () C:\Documents and Settings\Sheri\Local Settings\Application Data\NPE
2014-06-28 20:12 - 2014-07-06 12:35 - 00000000 ____D () C:\FRST
2014-06-28 19:58 - 2014-06-28 19:58 - 00076206 _____ () C:\Documents and Settings\Sheri\Desktop\OTL.Txt 062814.txt
2014-06-28 13:47 - 2014-06-28 13:47 - 00000812 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 13:47 - 2014-06-28 13:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-28 13:47 - 2014-06-28 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 13:47 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-28 13:23 - 2014-06-28 13:23 - 00321220 ____S () C:\WINDOWS\system32\pznqblv.zvc
2014-06-19 08:34 - 2014-06-19 08:35 - 00008138 _____ () C:\WINDOWS\KB2813347-v2.log
2014-06-18 09:48 - 2014-06-18 09:48 - 00002082 _____ () C:\Documents and Settings\Sheri\Desktop\KWMREMOTE.RDP
2014-06-18 09:47 - 2014-06-18 09:47 - 00006479 _____ () C:\WINDOWS\KB969084.log
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969084$
2014-06-18 09:43 - 2014-06-18 09:43 - 00000000 ____H () C:\Documents and Settings\Sheri\My Documents\Default.rdp
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr

==================== One Month Modified Files and Folders =======

2014-07-06 12:36 - 2008-07-25 19:35 - 00000000 ____D () C:\Documents and Settings\Sheri\Local Settings\Temp
2014-07-06 12:35 - 2014-06-28 20:12 - 00000000 ____D () C:\FRST
2014-07-06 12:33 - 2004-08-11 17:13 - 02032726 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-06 12:27 - 2008-09-01 10:28 - 00002521 _____ () C:\Documents and Settings\Sheri\Desktop\Microsoft Office Outlook 2003.lnk
2014-07-06 09:17 - 2011-03-03 13:27 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-07-05 22:12 - 2004-08-11 17:02 - 00000000 ____D () C:\WINDOWS\repair
2014-07-05 00:17 - 2009-06-01 05:06 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-07-05 00:00 - 2013-10-16 18:31 - 00000602 _____ () C:\WINDOWS\Tasks\____Volume_721bb26a_5aa8_11dd_8124_806d6172696f__uuid_73656761_7465_7375_636b_0090a93a295d_SmartWare_.job
2014-07-04 22:01 - 2004-08-11 17:11 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-04 18:54 - 2014-07-04 18:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl_01009.Wdf
2014-07-04 18:54 - 2008-05-31 07:32 - 00923944 _____ () C:\WINDOWS\setupapi.log
2014-07-04 18:54 - 2008-05-31 07:32 - 00005533 _____ () C:\WINDOWS\setupact.log
2014-07-04 18:53 - 2014-07-04 18:53 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-02 20:45 - 2008-09-01 10:28 - 00002495 _____ () C:\Documents and Settings\Sheri\Desktop\Microsoft Office Excel 2003.lnk
2014-07-02 20:30 - 2008-11-28 16:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2014-07-02 20:30 - 2004-08-11 17:09 - 00000252 _____ () C:\WINDOWS\wiadebug.log
2014-07-02 20:27 - 2013-10-16 18:26 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
2014-07-02 20:26 - 2004-08-11 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-02 20:24 - 2004-08-11 17:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-02 20:24 - 2004-08-11 17:09 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-06-30 19:22 - 2008-07-25 19:35 - 00000278 ___SH () C:\Documents and Settings\Sheri\ntuser.ini
2014-06-30 19:22 - 2008-05-31 07:49 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-06-30 19:22 - 2004-08-11 17:20 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-30 15:29 - 2014-06-30 15:29 - 00012902 _____ () C:\Documents and Settings\Sheri\Desktop\dds 063014.txt
2014-06-30 15:28 - 2014-06-30 15:28 - 00020815 _____ () C:\Documents and Settings\Sheri\Desktop\attach 063014.txt
2014-06-30 14:11 - 2004-08-11 17:12 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-06-30 13:51 - 2008-09-01 10:28 - 00002497 _____ () C:\Documents and Settings\Sheri\Desktop\Microsoft Office Word 2003.lnk
2014-06-30 10:55 - 2013-01-19 14:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-29 14:38 - 2004-08-11 17:10 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-06-29 13:57 - 2014-06-29 13:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-29 12:12 - 2014-06-29 12:12 - 00004934 _____ () C:\Documents and Settings\Sheri\Desktop\4th of July 2014 Menu And Shopping List.wpd
2014-06-29 12:08 - 2008-09-01 20:15 - 00000000 ___RD () C:\Documents and Settings\Sheri\Desktop\Excel Docs
2014-06-29 12:02 - 2014-06-29 12:02 - 00001498 _____ () C:\Documents and Settings\Sheri\Desktop\Calculator (2).lnk
2014-06-28 23:35 - 2014-06-28 23:16 - 00000000 ____D () C:\Documents and Settings\Sheri\Local Settings\Application Data\NPE
2014-06-28 23:31 - 2009-04-15 19:34 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rpcss.dll
2014-06-28 23:31 - 2004-08-11 17:00 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2014-06-28 23:30 - 2004-08-11 17:00 - 00000211 __RSH () C:\boot.ini
2014-06-28 23:16 - 2009-06-27 08:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-06-28 19:58 - 2014-06-28 19:58 - 00076206 _____ () C:\Documents and Settings\Sheri\Desktop\OTL.Txt 062814.txt
2014-06-28 16:49 - 2010-07-08 17:59 - 00000000 ____D () C:\Program Files\Shared
2014-06-28 16:49 - 2004-08-11 17:02 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-06-28 13:47 - 2014-06-28 13:47 - 00000812 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 13:47 - 2014-06-28 13:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-28 13:47 - 2014-06-28 13:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 13:47 - 2011-03-03 13:27 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-28 13:23 - 2014-06-28 13:23 - 00321220 ____S () C:\WINDOWS\system32\pznqblv.zvc
2014-06-27 08:55 - 2004-08-11 17:11 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-06-24 19:16 - 2013-10-24 06:37 - 00712898 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1553111627-2839410608-560607022-1005-0.dat
2014-06-24 19:16 - 2013-10-24 06:37 - 00356774 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-23 20:00 - 2008-07-25 19:58 - 00000622 _____ () C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheri.job
2014-06-19 08:35 - 2014-06-19 08:34 - 00008138 _____ () C:\WINDOWS\KB2813347-v2.log
2014-06-19 08:34 - 2008-05-31 07:40 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-06-18 12:54 - 2008-05-31 07:51 - 00092098 _____ () C:\WINDOWS\spupdsvc.log
2014-06-18 10:12 - 2013-08-01 20:26 - 00000000 ____D () C:\Documents and Settings\Sheri\Local Settings\Application Data\Deployment
2014-06-18 09:48 - 2014-06-18 09:48 - 00002082 _____ () C:\Documents and Settings\Sheri\Desktop\KWMREMOTE.RDP
2014-06-18 09:47 - 2014-06-18 09:47 - 00006479 _____ () C:\WINDOWS\KB969084.log
2014-06-18 09:47 - 2014-06-18 09:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969084$
2014-06-18 09:47 - 2004-08-11 17:07 - 01932280 _____ () C:\WINDOWS\FaxSetup.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00937195 _____ () C:\WINDOWS\ocgen.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00886042 _____ () C:\WINDOWS\tsoc.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00622531 _____ () C:\WINDOWS\comsetup.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00596828 _____ () C:\WINDOWS\msmqinst.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00377169 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00337041 _____ () C:\WINDOWS\netfxocm.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00133289 _____ () C:\WINDOWS\MedCtrOC.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00121731 _____ () C:\WINDOWS\iis6.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00102049 _____ () C:\WINDOWS\ocmsn.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00096927 _____ () C:\WINDOWS\tabletoc.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00096486 _____ () C:\WINDOWS\msgsocm.log
2014-06-18 09:47 - 2004-08-11 17:07 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-06-18 09:43 - 2014-06-18 09:43 - 00000000 ____H () C:\Documents and Settings\Sheri\My Documents\Default.rdp
2014-06-06 05:47 - 2014-06-06 05:47 - 04558848 _____ (Google Inc.) C:\WINDOWS\system32\GPhotos.scr

Files to move or delete:
====================
C:\Documents and Settings\Sheri\gotomypc_428.exe
C:\Documents and Settings\Sheri\gotomypc_438.exe
C:\Documents and Settings\Sheri\gotomypc_533.exe
C:\Documents and Settings\Sheri\gotomypc_540.exe
C:\Documents and Settings\Sheri\gotomypc_635.exe


Some content of TEMP:
====================
C:\Documents and Settings\Sheri\Local Settings\Temp\_is43.exe
C:\Documents and Settings\Sheri\Local Settings\Temp\_isE0A.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Here is the addition.txt log from 062814:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Sheri at 2014-06-28 20:13:07
Running from C:\Documents and Settings\Sheri\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{190601AF-7BE4-046E-CEBF-14EE74434250}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AnswerWorks Runtime (HKLM\...\AnswerWorks) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.20.44 - )
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.1109.2145.39010 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Dell ETS Factory Installation (Version: 1.0.0 - Dell Inc.) Hidden
Dell Printer Software (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Alerting Agent (HKLM\...\{53183B25-FBDC-4B95-856A-DCDD69DFEE18}) (Version: 12.0.2 - Intel Corporation)
Intel® PRO Network Connections 12.1.12.4 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Dell)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSN Toolbar (HKLM\...\{10C69612-017B-45F5-B986-7D113D5A2EA3}) (Version: 3.0.988.2 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 3.8.3.6 - Symantec Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell)
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RadioSure (HKCU\...\RadioSure) (Version:  - )
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.1.0.5 - Q)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
WD My Cloud (HKLM\...\WD My Cloud) (Version: 1.0.2.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FDAEE697-A659-43C5-9520-6DA298EF021E}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

31-03-2014 22:36:11 System Checkpoint
01-04-2014 23:30:19 System Checkpoint
03-04-2014 00:24:28 System Checkpoint
05-04-2014 03:15:15 System Checkpoint
06-04-2014 03:40:41 System Checkpoint
07-04-2014 04:34:08 System Checkpoint
08-04-2014 05:28:45 System Checkpoint
09-04-2014 06:21:51 System Checkpoint
10-04-2014 07:15:48 System Checkpoint
11-04-2014 08:09:47 System Checkpoint
12-04-2014 09:03:45 System Checkpoint
13-04-2014 09:59:09 System Checkpoint
14-04-2014 10:50:49 System Checkpoint
15-04-2014 11:44:44 System Checkpoint
16-04-2014 12:02:43 System Checkpoint
17-04-2014 12:33:45 System Checkpoint
18-04-2014 13:27:48 System Checkpoint
19-04-2014 14:21:51 System Checkpoint
20-04-2014 15:15:03 System Checkpoint
23-04-2014 12:19:41 System Checkpoint
24-04-2014 13:09:26 System Checkpoint
25-04-2014 13:14:23 System Checkpoint
26-04-2014 13:57:20 System Checkpoint
27-04-2014 18:50:03 System Checkpoint
01-05-2014 11:45:58 System Checkpoint
02-05-2014 11:57:04 System Checkpoint
03-05-2014 12:50:59 System Checkpoint
04-05-2014 13:44:54 System Checkpoint
05-05-2014 14:38:42 System Checkpoint
06-05-2014 15:32:49 System Checkpoint
07-05-2014 16:25:55 System Checkpoint
08-05-2014 17:17:07 System Checkpoint
09-05-2014 18:12:29 System Checkpoint
18-05-2014 22:13:52 System Checkpoint
19-05-2014 22:57:25 System Checkpoint
20-05-2014 23:40:03 System Checkpoint
22-05-2014 07:39:33 System Checkpoint
23-05-2014 08:46:46 System Checkpoint
24-05-2014 21:02:12 System Checkpoint
25-05-2014 21:19:10 System Checkpoint
26-05-2014 22:13:20 System Checkpoint
28-05-2014 04:57:37 System Checkpoint
29-05-2014 05:17:08 System Checkpoint
30-05-2014 06:14:54 System Checkpoint
03-06-2014 13:29:17 System Checkpoint
04-06-2014 13:48:01 System Checkpoint
05-06-2014 14:40:25 System Checkpoint
09-06-2014 04:57:01 System Checkpoint
10-06-2014 05:06:53 System Checkpoint
11-06-2014 06:04:11 System Checkpoint
13-06-2014 23:54:43 System Checkpoint
15-06-2014 00:40:38 System Checkpoint
16-06-2014 01:10:05 System Checkpoint
17-06-2014 03:11:51 System Checkpoint
18-06-2014 04:08:36 System Checkpoint
18-06-2014 14:47:13 Installed Windows XP KB969084.
19-06-2014 21:22:34 System Checkpoint
20-06-2014 21:43:07 System Checkpoint
21-06-2014 22:15:17 System Checkpoint
22-06-2014 22:53:50 System Checkpoint
24-06-2014 01:35:21 System Checkpoint
25-06-2014 21:52:21 System Checkpoint
27-06-2014 04:26:09 System Checkpoint
28-06-2014 04:55:33 System Checkpoint

==================== Hosts content: ==========================

2004-08-11 17:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheri.job => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: C:\WINDOWS\Tasks\____Volume_721bb26a_5aa8_11dd_8124_806d6172696f__uuid_73656761_7465_7375_636b_0090a93a295d_SmartWare_.job => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-11 17:00 - 2008-03-24 23:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2010-01-23 11:28 - 2008-10-27 16:42 - 00069632 _____ () C:\Program Files\Scan2PC\Sc2PCSvc.exe
2010-01-23 11:28 - 2009-02-03 11:49 - 01024000 _____ () C:\Program Files\Scan2PC\Scan2PC.exe
2010-01-23 11:28 - 2001-03-15 17:12 - 00045056 _____ () C:\Program Files\Scan2PC\MultiLng.dll
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2011-11-09 22:45 - 2011-11-09 22:45 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-08 22:23 - 2014-05-08 22:23 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 09:18:09 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 tswpfwrp.exe, P2 3.0.6920.1109, P3 470bc7c1, P4 system.printing, P5 3.0.0.0, P6 517621e6, P7 4e7, P8 7a, P9 clr20r30, P10 clr20r31.

Error: (06/25/2014 09:17:46 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 tswpfwrp.exe, P2 3.0.6920.1109, P3 470bc7c1, P4 system.printing, P5 3.0.0.0, P6 517621e6, P7 4e7, P8 7a, P9 clr20r30, P10 clr20r31.

Error: (03/08/2014 04:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/08/2014 04:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2014 00:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/12/2014 06:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_afpovertcp†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_wd-2go†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."


System errors:
=============
Error: (06/28/2014 04:52:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/28/2014 04:50:00 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (06/28/2014 10:36:47 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverATHIRDWAY4NetBT_Tcpip_{E2767B52-AE2E-464

Error: (03/23/2014 09:12:25 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 08:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 07:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 06:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 05:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 04:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 03:14:50 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (06/25/2014 09:18:09 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3tswpfwrp.exe3.0.6920.1109470bc7c1system.printing3.0.0.0517621e64e77asystem.printing.printserverNIL

Error: (06/25/2014 09:17:46 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3tswpfwrp.exe3.0.6920.1109470bc7c1system.printing3.0.0.0517621e64e77asystem.printing.printserverNIL

Error: (03/08/2014 04:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/08/2014 04:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/16/2014 00:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/12/2014 06:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_afpovertcp†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_wd-2go†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 2013.54 MB
Available physical RAM: 1012.88 MB
Total Pagefile: 3905.59 MB
Available Pagefile: 2679.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.72 GB) (Free:169.31 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Here is the original FRST.txt log from 06/28/14:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Sheri at 2014-06-28 20:13:07
Running from C:\Documents and Settings\Sheri\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{190601AF-7BE4-046E-CEBF-14EE74434250}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AnswerWorks Runtime (HKLM\...\AnswerWorks) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.1.16 - )
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.20.44 - )
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.1109.2145.39010 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Corel Applications (HKLM\...\Corel Applications) (Version:  - )
Dell ETS Factory Installation (Version: 1.0.0 - Dell Inc.) Hidden
Dell Printer Software (HKLM\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel® PRO Alerting Agent (HKLM\...\{53183B25-FBDC-4B95-856A-DCDD69DFEE18}) (Version: 12.0.2 - Intel Corporation)
Intel® PRO Network Connections 12.1.12.4 (HKLM\...\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}) (Version:  - Dell)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSN Toolbar (HKLM\...\{10C69612-017B-45F5-B986-7D113D5A2EA3}) (Version: 3.0.988.2 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Norton 360 (HKLM\...\N360) (Version: 3.8.3.6 - Symantec Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
PaperPort Image Printer (HKLM\...\{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell)
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
RadioSure (HKCU\...\RadioSure) (Version:  - )
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.1.0.5 - Q)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB978207) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB980182) (Version: 1 - Microsoft Corporation) Hidden
WD My Cloud (HKLM\...\WD My Cloud) (Version: 1.0.2.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FDAEE697-A659-43C5-9520-6DA298EF021E}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

31-03-2014 22:36:11 System Checkpoint
01-04-2014 23:30:19 System Checkpoint
03-04-2014 00:24:28 System Checkpoint
05-04-2014 03:15:15 System Checkpoint
06-04-2014 03:40:41 System Checkpoint
07-04-2014 04:34:08 System Checkpoint
08-04-2014 05:28:45 System Checkpoint
09-04-2014 06:21:51 System Checkpoint
10-04-2014 07:15:48 System Checkpoint
11-04-2014 08:09:47 System Checkpoint
12-04-2014 09:03:45 System Checkpoint
13-04-2014 09:59:09 System Checkpoint
14-04-2014 10:50:49 System Checkpoint
15-04-2014 11:44:44 System Checkpoint
16-04-2014 12:02:43 System Checkpoint
17-04-2014 12:33:45 System Checkpoint
18-04-2014 13:27:48 System Checkpoint
19-04-2014 14:21:51 System Checkpoint
20-04-2014 15:15:03 System Checkpoint
23-04-2014 12:19:41 System Checkpoint
24-04-2014 13:09:26 System Checkpoint
25-04-2014 13:14:23 System Checkpoint
26-04-2014 13:57:20 System Checkpoint
27-04-2014 18:50:03 System Checkpoint
01-05-2014 11:45:58 System Checkpoint
02-05-2014 11:57:04 System Checkpoint
03-05-2014 12:50:59 System Checkpoint
04-05-2014 13:44:54 System Checkpoint
05-05-2014 14:38:42 System Checkpoint
06-05-2014 15:32:49 System Checkpoint
07-05-2014 16:25:55 System Checkpoint
08-05-2014 17:17:07 System Checkpoint
09-05-2014 18:12:29 System Checkpoint
18-05-2014 22:13:52 System Checkpoint
19-05-2014 22:57:25 System Checkpoint
20-05-2014 23:40:03 System Checkpoint
22-05-2014 07:39:33 System Checkpoint
23-05-2014 08:46:46 System Checkpoint
24-05-2014 21:02:12 System Checkpoint
25-05-2014 21:19:10 System Checkpoint
26-05-2014 22:13:20 System Checkpoint
28-05-2014 04:57:37 System Checkpoint
29-05-2014 05:17:08 System Checkpoint
30-05-2014 06:14:54 System Checkpoint
03-06-2014 13:29:17 System Checkpoint
04-06-2014 13:48:01 System Checkpoint
05-06-2014 14:40:25 System Checkpoint
09-06-2014 04:57:01 System Checkpoint
10-06-2014 05:06:53 System Checkpoint
11-06-2014 06:04:11 System Checkpoint
13-06-2014 23:54:43 System Checkpoint
15-06-2014 00:40:38 System Checkpoint
16-06-2014 01:10:05 System Checkpoint
17-06-2014 03:11:51 System Checkpoint
18-06-2014 04:08:36 System Checkpoint
18-06-2014 14:47:13 Installed Windows XP KB969084.
19-06-2014 21:22:34 System Checkpoint
20-06-2014 21:43:07 System Checkpoint
21-06-2014 22:15:17 System Checkpoint
22-06-2014 22:53:50 System Checkpoint
24-06-2014 01:35:21 System Checkpoint
25-06-2014 21:52:21 System Checkpoint
27-06-2014 04:26:09 System Checkpoint
28-06-2014 04:55:33 System Checkpoint

==================== Hosts content: ==========================

2004-08-11 17:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sheri.job => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: C:\WINDOWS\Tasks\____Volume_721bb26a_5aa8_11dd_8124_806d6172696f__uuid_73656761_7465_7375_636b_0090a93a295d_SmartWare_.job => C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-11 17:00 - 2008-03-24 23:50 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2010-01-23 11:28 - 2008-10-27 16:42 - 00069632 _____ () C:\Program Files\Scan2PC\Sc2PCSvc.exe
2010-01-23 11:28 - 2009-02-03 11:49 - 01024000 _____ () C:\Program Files\Scan2PC\Scan2PC.exe
2010-01-23 11:28 - 2001-03-15 17:12 - 00045056 _____ () C:\Program Files\Scan2PC\MultiLng.dll
2010-03-16 13:22 - 2010-03-16 13:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2011-11-09 22:45 - 2011-11-09 22:45 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-08 22:23 - 2014-05-08 22:23 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 09:18:09 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 tswpfwrp.exe, P2 3.0.6920.1109, P3 470bc7c1, P4 system.printing, P5 3.0.0.0, P6 517621e6, P7 4e7, P8 7a, P9 clr20r30, P10 clr20r31.

Error: (06/25/2014 09:17:46 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 tswpfwrp.exe, P2 3.0.6920.1109, P3 470bc7c1, P4 system.printing, P5 3.0.0.0, P6 517621e6, P7 4e7, P8 7a, P9 clr20r30, P10 clr20r31.

Error: (03/08/2014 04:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/08/2014 04:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/16/2014 00:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/12/2014 06:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_afpovertcp†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_wd-2go†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."


System errors:
=============
Error: (06/28/2014 04:52:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/28/2014 04:50:00 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (06/28/2014 10:36:47 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiverATHIRDWAY4NetBT_Tcpip_{E2767B52-AE2E-464

Error: (03/23/2014 09:12:25 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 08:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 07:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 06:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 05:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 04:13:37 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.

Error: (03/23/2014 03:14:50 AM) (Source: DCOM) (EventID: 10010) (User: RHB2008)
Description: The server {88F5E7B2-09B9-471E-895A-25247585905C} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (06/25/2014 09:18:09 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3tswpfwrp.exe3.0.6920.1109470bc7c1system.printing3.0.0.0517621e64e77asystem.printing.printserverNIL

Error: (06/25/2014 09:17:46 AM) (Source: .NET Runtime 2.0 Error Reporting) (EventID: 5000) (User: )
Description: clr20r3tswpfwrp.exe3.0.6920.1109470bc7c1system.printing3.0.0.0517621e64e77asystem.printing.printserverNIL

Error: (03/08/2014 04:35:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (03/08/2014 04:33:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/16/2014 00:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (01/12/2014 06:43:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_afpovertcp†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad “_wd-2go†“_tcp.local.†“.â€

Error: (11/05/2013 04:31:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: AppendDNSNameString: Illegal empty label in name "."


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 2013.54 MB
Available physical RAM: 1012.88 MB
Total Pagefile: 3905.59 MB
Available Pagefile: 2679.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.72 GB) (Free:169.31 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=94 MB) - (Type=DE)
Partition 2: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 06 July 2014 - 03:10 PM

Hi,

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

As for the IE issue go ahead and reset IE settings to default and let me know about the results:

 

http://windows.microsoft.com/en-us/windows-vista/reset-internet-explorer-8-settings

 

 

Regards,
Georgi


cXfZ4wS.png


#5 Irishlass1021

Irishlass1021
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 07 July 2014 - 09:55 AM

Hi Georgi,

 

Below is the Fixlog.txt log which appears to have run successfully.  IE has been reset to default and seems to be working normally, without gobbling up all available memory.  Please let me know what the next step is!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:05-07-2014 01
Ran by Sheri at 2014-07-07 09:00:00 Run:1
Running from C:\Documents and Settings\Sheri\My Documents\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
Filter: text/html - {16359cd0-011f-443a-a986-99aefb6cf099} - C:\WINDOWS\msvideo.dll No File
2014-06-28 13:23 - 2014-06-28 13:23 - 00321220 ____S () C:\WINDOWS\system32\pznqblv.zvc
cmd: netsh winsock reset
cmd: ipconfig /flushdns
C:\Documents and Settings\Sheri\Local Settings\Temp
end
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}'=> Key not found.
'HKCR\PROTOCOLS\Filter\text/html' => Key deleted successfully.
'HKCR\CLSID\{16359cd0-011f-443a-a986-99aefb6cf099}' => Key deleted successfully.
C:\WINDOWS\system32\pznqblv.zvc => Moved successfully.

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


"C:\Documents and Settings\Sheri\Local Settings\Temp" directory move:

Could not move "C:\Documents and Settings\Sheri\Local Settings\Temp\etilqs_dUAWmfsjv8w0jgy" => Scheduled to move on reboot.
Could not move "C:\Documents and Settings\Sheri\Local Settings\Temp\etilqs_VUczddsjrk9AQqV" => Scheduled to move on reboot.
C:\Documents and Settings\Sheri\Local Settings\Temp\log3 => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Norton Internet Security 2008 7-25-2008 19h47m23s.log => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Norton Setup 15,5,0 7-25-2008 19h47m2s.log => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\set2DF.tmp => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\url.txt => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Xl0000000.xls => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Xl0000001.xls => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Xl0000002.xls => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Xl0000003.xls => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Xl0000004.xls => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\_is43.exe => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\_isE0A.exe => Moved successfully.
Could not move "C:\Documents and Settings\Sheri\Local Settings\Temp\~DF89CE.tmp" => Scheduled to move on reboot.
C:\Documents and Settings\Sheri\Local Settings\Temp\{B1D7B4C8-70B0-4824-9303-8D0694B0E047}\ISSetup.dll => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\{B1D7B4C8-70B0-4824-9303-8D0694B0E047}\_Setup.dll => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\{309AE11A-56A5-4EEB-BB2C-F9E0A692F588}\ISSetup.dll => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\{309AE11A-56A5-4EEB-BB2C-F9E0A692F588}\_Setup.dll => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y2BDLXS8\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\V6PWHGT1\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\MIRA88JX\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\DNIPI8WM\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Internet Files\Content.IE5\09URKDUV\desktop.ini => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\Temporary Directory 1 for WD_SmartWare_Installer_2.2.1.6.zip\WD SmartWare Installer.exe => Moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\History\History.IE5\desktop.ini => Moved successfully.
Could not move "C:\Documents and Settings\Sheri\Local Settings\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-07 09:03:19)<=

C:\Documents and Settings\Sheri\Local Settings\Temp\etilqs_dUAWmfsjv8w0jgy => Is moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\etilqs_VUczddsjrk9AQqV => Is moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp\~DF89CE.tmp => Is moved successfully.
C:\Documents and Settings\Sheri\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 07 July 2014 - 04:29 PM

Hello,

 

Nice work! We managed to deal with the trojan. :)

 

However I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

First please create a new restore point just in case:

 

Create a Restore Point

 

 

 

STEP 1

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

 

STEP 3

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 4

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 5
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 6

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 7

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

STEP 8

 

 

I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 9

 

 

And finally let's check for outdated and vulnerable software on your pc.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 10 July 2014 - 04:47 PM

Hi,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 Irishlass1021

Irishlass1021
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 11 July 2014 - 08:34 AM

Good morning!

 

Yes, please leave this topic open.  I am working my way through the list but was out of town the last couple days.  I should be able to finish this tonight.

 

Thanks again,

 

Sheri



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 11 July 2014 - 03:30 PM

Hi,

 

No worries and thanks for letting me know! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 16 July 2014 - 06:10 AM

Hi,

 

Any progress with the steps above?

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,309 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:01:12 AM

Posted 21 July 2014 - 05:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users