Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

another false chrome


  • This topic is locked This topic is locked
6 replies to this topic

#1 gmparts

gmparts

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 28 August 2014 - 09:51 AM

i too as with a previous post keep getting google chrome in task manager,tried malware bytes still there i have never had google chrome,,not sure what to do



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 28 August 2014 - 11:36 AM


Hello gmparts

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gmparts

gmparts
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 28 August 2014 - 11:52 AM

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Administrator (administrator) on PCTERMXX on 28-08-2014 10:34:48
Running from C:\Documents and Settings\Administrator\My Documents\My Pictures
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(Apache Software Foundation) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Tomcat\bin\tomcat6.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbmux32.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\Network Associates\Common Framework\Mctray.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(General Motors) C:\Documents and Settings\Administrator\Application Data\GM\TECHLINE\TLC\prog\tlcn32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\java.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(looksoftware pty ltd) C:\Program Files\Arkona Web Client\Nlsvr.exe
(looksoftware pty ltd) C:\Program Files\Arkona Web Client\Newlook.exe
(looksoftware pty ltd) C:\Program Files\Arkona Web Client\Nlhlm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
(Transaction Software, D 81829 Munich) C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbkern32.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\browser.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [136768 2006-11-17] (McAfee, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-09-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2007-09-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2006-11-30] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [nlpde] => ",FREE_DEFAULT
HKLM\...\Run: [bipsg] => ",RELEASELOCK
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-704486104-2614253704-863912851-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-704486104-2614253704-863912851-500\...\Run: [TLCNotifier] => C:\Documents and Settings\Administrator\Application Data\GM\TECHLINE\TLC\prog\tlcn32.exe [318784 2014-07-28] (General Motors)
HKU\S-1-5-21-704486104-2614253704-863912851-500\...\Run: [VolunteerWireless] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerWireless\VolunteerWireless.dll",DllRegisterServer
HKU\S-1-5-21-704486104-2614253704-863912851-500\...\MountPoints2: {5bed4918-a2f0-11e3-9a65-001cc024495a} - G:\InTune.exe
HKU\S-1-5-21-704486104-2614253704-863912851-500\...\MountPoints2: {b4acd78c-1aac-11dd-84a6-806d6172696f} - E:\Programs\nu2menu\nu2menu.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362764928302
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1363090046859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CA015AC0-AD7F-4AAB-9ECF-57261F2D84B7} http://pctermxx:351/PQMace/ax/LicensingControl.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{F79773BB-8A9F-4C70-9E37-9A9C535B9A11}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pr2kop8o.default
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2006-11-30] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SBS_GM_TOMCAT6; C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Tomcat\bin\tomcat6.exe [57344 2008-07-21] (Apache Software Foundation) [File not signed]
R2 SBS_GM_TRANSBASE; C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\tbmux32.exe [417792 2009-09-03] (Transaction Software, D 81829 Munich) [File not signed]

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Administrator at 2014-08-28 10:35:29
Running from C:\Documents and Settings\Administrator\My Documents\My Pictures
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Disabled - Up to date) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}) (Version: 1.0.122 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Data Viewer 3.3.0.8 (HKLM\...\Data Viewer_is1) (Version:  - DiabloSport, Inc.)
Dealertrack DMS Web Client (HKLM\...\Dealertrack DMS Web Client) (Version: 10.5.0 - Dealertrack Technologies)
Dealertrack DMS Web Client (Version: 10.5.0 - Dealertrack Technologies) Hidden
Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware)
General Motors Global License Manager (HKLM\...\{415E0B8D-3AD6-4CD2-9435-C89C01D1E789}) (Version: 1.00.11050 - Snap-on Business Solutions, Inc.)
GM Global Infrastructure (HKLM\...\{6354CF71-B54D-4B26-9A49-1EA1246139D7}) (Version: 1.02.6560 - Snap-on Business Solutions, Inc.)
GM Global Local Database (HKLM\...\{6D63130B-0261-48F7-8E28-BDFCE605EF91}) (Version: 1.0.12740 - Snap-on Business Solutions, Inc.)
GM North America EPC (HKLM\...\{28F92F10-732C-4160-AF21-C471D06385D3}) (Version: 1.00.12630 - Snap-on Business Solutions, Inc.)
GM North America EPC Archive Database (HKLM\...\{EF991622-F4C5-4997-8B5E-EB1E847AB9A5}) (Version: 1.00.5050 - Snap-on Business Solutions, Inc.)
GM North America EPC Database (HKLM\...\{7A7E5B53-CCB2-4F1C-9B84-02BD18DDCF1F}) (Version: 1.00.12860 - Snap-on Business Solutions, Inc.)
GoToMeeting 5.3.0.1009 (HKCU\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
HP LaserJet P3005 (HKLM\...\HP LaserJet P3005) (Version:  - )
HP LaserJet P3005 (Version: 1.2.90.002 - Hewlett-Packard) Hidden
HP LaserJet P3005 Install Notes (Version: 1.3.0000 - Hewlett-Packard) Hidden
HP LaserJet P3005 User Guide (Version: 1.3.0000 - Hewlett-Packard) Hidden
Image Plugin (HKLM\...\{FDC8065B-80DE-4466-B90B-2581F6D77DFF}) (Version: 3.05.0001 - Snap-on Business Solutions)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - )
Intel® Network Connections 12.4.38.0 (HKLM\...\{888D0F50-FF0A-4808-966E-23D63277BF2A}) (Version: 12.4.38.0 - Intel)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5404 - Realtek Semiconductor Corp.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version:  - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 7 Multilingual User Interface (MUI) (Version: 20071019.120000 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format SDK Hotfix - KB891122 (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows PowerShell™ 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-704486104-2614253704-863912851-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1009\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-704486104-2614253704-863912851-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points  =========================

29-05-2014 22:25:29 System Checkpoint
30-05-2014 23:23:20 System Checkpoint
01-06-2014 00:21:15 System Checkpoint
02-06-2014 01:20:12 System Checkpoint
03-06-2014 02:18:09 System Checkpoint
04-06-2014 03:17:06 System Checkpoint
05-06-2014 04:15:52 System Checkpoint
06-06-2014 05:15:30 System Checkpoint
07-06-2014 06:14:28 System Checkpoint
08-06-2014 07:12:26 System Checkpoint
09-06-2014 08:10:24 System Checkpoint
10-06-2014 09:09:22 System Checkpoint
11-06-2014 08:00:17 Software Distribution Service 3.0
11-06-2014 21:36:25 Removed GM Global Local Database.
11-06-2014 21:37:05 Removed GM North America EPC Database.
12-06-2014 22:22:17 System Checkpoint
13-06-2014 23:05:15 System Checkpoint
15-06-2014 00:03:11 System Checkpoint
16-06-2014 01:02:08 System Checkpoint
17-06-2014 02:01:10 System Checkpoint
18-06-2014 02:59:05 System Checkpoint
19-06-2014 03:58:11 System Checkpoint
20-06-2014 04:57:25 System Checkpoint
21-06-2014 05:16:01 System Checkpoint
22-06-2014 06:13:58 System Checkpoint
23-06-2014 17:12:05 System Checkpoint
24-06-2014 18:05:51 System Checkpoint
25-06-2014 22:14:07 System Checkpoint
26-06-2014 22:18:04 System Checkpoint
27-06-2014 22:56:44 System Checkpoint
28-06-2014 23:54:38 System Checkpoint
30-06-2014 00:53:34 System Checkpoint
01-07-2014 01:25:51 System Checkpoint
02-07-2014 02:25:17 System Checkpoint
03-07-2014 03:23:50 System Checkpoint
04-07-2014 03:47:05 System Checkpoint
05-07-2014 03:47:08 System Checkpoint
06-07-2014 04:45:01 System Checkpoint
07-07-2014 05:42:56 System Checkpoint
08-07-2014 06:34:56 System Checkpoint
09-07-2014 07:33:55 System Checkpoint
09-07-2014 08:00:16 Software Distribution Service 3.0
10-07-2014 08:32:52 System Checkpoint
11-07-2014 09:31:56 System Checkpoint
12-07-2014 10:31:00 System Checkpoint
13-07-2014 11:28:43 System Checkpoint
14-07-2014 12:27:43 System Checkpoint
15-07-2014 18:12:17 System Checkpoint
16-07-2014 18:23:59 System Checkpoint
17-07-2014 20:03:30 System Checkpoint
18-07-2014 22:19:22 System Checkpoint
19-07-2014 22:19:50 System Checkpoint
20-07-2014 23:18:47 System Checkpoint
22-07-2014 00:17:12 System Checkpoint
23-07-2014 01:16:22 System Checkpoint
24-07-2014 02:15:22 System Checkpoint
25-07-2014 03:13:19 System Checkpoint
26-07-2014 04:12:15 System Checkpoint
27-07-2014 05:11:13 System Checkpoint
28-07-2014 06:09:09 System Checkpoint
29-07-2014 07:08:08 System Checkpoint
29-07-2014 08:00:16 Software Distribution Service 3.0
30-07-2014 08:20:45 System Checkpoint
31-07-2014 09:19:46 System Checkpoint
01-08-2014 10:18:01 System Checkpoint
02-08-2014 11:16:42 System Checkpoint
03-08-2014 12:15:40 System Checkpoint
04-08-2014 15:51:03 System Checkpoint
05-08-2014 17:53:30 System Checkpoint
06-08-2014 18:16:04 System Checkpoint
07-08-2014 20:44:24 System Checkpoint
08-08-2014 22:16:11 System Checkpoint
09-08-2014 23:02:45 System Checkpoint
11-08-2014 00:00:41 System Checkpoint
12-08-2014 00:59:39 System Checkpoint
13-08-2014 01:58:39 System Checkpoint
14-08-2014 02:56:49 System Checkpoint
15-08-2014 03:55:46 System Checkpoint
15-08-2014 08:00:16 Software Distribution Service 3.0
16-08-2014 08:54:43 System Checkpoint
17-08-2014 09:52:40 System Checkpoint
18-08-2014 10:51:40 System Checkpoint
19-08-2014 11:49:37 System Checkpoint
20-08-2014 12:48:37 System Checkpoint
21-08-2014 14:07:48 System Checkpoint
22-08-2014 15:02:50 System Checkpoint
23-08-2014 15:15:19 System Checkpoint
24-08-2014 16:14:18 System Checkpoint
25-08-2014 17:33:34 System Checkpoint
26-08-2014 17:51:46 System Checkpoint
27-08-2014 19:18:16 avast! antivirus system restore point
27-08-2014 20:53:52 Restore Operation
27-08-2014 21:02:19 Restore Operation
27-08-2014 21:09:06 Restore Operation
27-08-2014 21:25:38 avast! antivirus system restore point
27-08-2014 21:52:04 Restore Operation
27-08-2014 22:10:56 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2007-07-27 07:00 - 2007-07-27 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-704486104-2614253704-863912851-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-704486104-2614253704-863912851-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{8F8F0A30-D30E-4336-B314-FEF2BE948FE4}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-05-20 17:19 - 2006-11-17 12:41 - 00120384 _____ () C:\Program Files\Network Associates\Common Framework\naXML71.dll
2008-05-20 17:19 - 2006-11-17 12:39 - 00071232 _____ () C:\Program Files\Network Associates\Common Framework\NaiSign.DLL
2006-11-30 07:50 - 2006-11-30 07:50 - 00149080 _____ () C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll
2006-08-14 16:44 - 2006-08-14 16:44 - 00036864 _____ () C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\polycsr.dll
2007-11-26 17:26 - 2007-11-26 17:26 - 00166912 _____ () C:\Program Files\Snap-on Business Solutions\Global EPC\GM\Transbase\libmcrypt.dll
2013-06-26 16:12 - 2013-12-18 22:05 - 00201640 _____ () C:\Program Files\Java\jre7\bin\jp2iexp.dll
2013-06-26 16:12 - 2013-12-18 22:05 - 00016808 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
2014-08-28 09:39 - 2008-11-11 01:09 - 00397312 _____ () C:\Program Files\Arkona Web Client\NLSCRIPT.dll
2014-08-28 09:39 - 2008-11-11 01:09 - 00323584 _____ () C:\Program Files\Arkona Web Client\nlmacro.dll
2014-08-28 09:39 - 2008-11-11 01:08 - 00307200 _____ () C:\Program Files\Arkona Web Client\Nlrepository.dll
2014-08-28 09:39 - 2008-11-11 01:09 - 00397312 _____ () C:\Program files\Arkona web client\NLSCRIPT.dll
2014-08-28 09:39 - 2008-11-11 01:09 - 00323584 _____ () C:\Program files\Arkona web client\nlmacro.dll
2014-08-28 09:39 - 2008-11-11 01:08 - 00307200 _____ () C:\Program files\Arkona web client\Nlrepository.dll
2007-07-27 07:00 - 2008-04-13 19:11 - 00059904 ____C () C:\WINDOWS\system32\devenum.dll
2007-07-27 07:00 - 2008-04-13 19:11 - 00014336 ____C () C:\WINDOWS\system32\msdmo.dll
2014-08-27 08:53 - 2014-08-27 08:53 - 08537928 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\36.0.1985.143\pdf.dll
2014-08-27 08:53 - 2014-08-27 08:53 - 00353096 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-27 08:53 - 2014-08-27 08:53 - 01732936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\36.0.1985.143\ffmpegsumo.dll
2014-08-27 08:53 - 2014-08-27 08:53 - 14669128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\VolunteerAssistant\ToolWireless\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varDTHostName = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varSSOLaunchedByDT = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varSSOSignOnStatus = "sent")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varcrmid = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:02:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application browser.exe, version 36.0.1985.143, faulting module volunteerwireless.dll, version 7.0.4.453, fault address 0x000071a1.
Processing media-specific event for [browser.exe!ws!]

Error: (08/28/2014 08:51:10 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:51:02 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:50:33 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:50:25 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 00:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application browser.exe, version 36.0.1985.143, faulting module volunteerwireless.dll, version 7.0.4.453, fault address 0x0001077b.
Processing media-specific event for [browser.exe!ws!]

System errors:
=============
Error: (08/28/2014 08:45:47 AM) (Source: DCOM) (EventID: 10010) (User: PCTERMXX)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (08/28/2014 08:40:34 AM) (Source: DCOM) (EventID: 10005) (User: PCTERMXX)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/28/2014 08:40:33 AM) (Source: DCOM) (EventID: 10005) (User: PCTERMXX)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/28/2014 08:40:33 AM) (Source: DCOM) (EventID: 10005) (User: PCTERMXX)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/28/2014 08:03:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (08/28/2014 08:02:15 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/27/2014 05:18:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/27/2014 05:14:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
mfetdik
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error: (08/27/2014 05:14:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (08/27/2014 05:14:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Microsoft Office Sessions:
=========================
Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varDTHostName = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varSSOLaunchedByDT = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varSSOSignOnStatus = "sent")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:41:57 AM) (Source: newlook 8.0) (EventID: 10000) (User: PCTERMXX)
Description: An unexpected exception has occurred:

    Module: C:\Program Files\Arkona Web Client\Nlsvr.exe
    Cause: MacroRuntime::calcExpr - unexpected exception (expr=varcrmid = "")
    Location: .\MacroRuntime.cpp (line 1295)

Please report this error to looksoftware Pty. Ltd.

Error: (08/28/2014 09:02:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.143volunteerwireless.dll7.0.4.453000071a1

Error: (08/28/2014 08:51:10 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:51:02 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:50:33 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 08:50:25 AM) (Source: SBS_GM_TRANSBASE) (EventID: 4097) (User: )
Description: TransBase Multiplexer error report:
select()

Error: (08/28/2014 00:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: browser.exe36.0.1985.143volunteerwireless.dll7.0.4.4530001077b

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 67%
Total physical RAM: 3316.66 MB
Available physical RAM: 1084.84 MB
Total Pagefile: 5200.89 MB
Available Pagefile: 2825.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:141.6 GB) (Free:75.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:7.43 GB) (Free:5.56 GB) FAT32
Drive e: (DVDGMGNA1) (CDROM) (Total:7.17 GB) (Free:0 GB) UDF
Drive f: (DVDGMGNA2) (CDROM) (Total:7.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 3A713A71)
Partition 1: (Active) - (Size=141.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.4 GB) - (Type=0C)

==================== End Of Log ============================

 

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 28 August 2014 - 12:39 PM



Hello gmparts

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 31 August 2014 - 12:12 PM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 03 September 2014 - 06:06 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:04 AM

Posted 06 September 2014 - 06:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users