Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Registry repair/still having issues [Solved]


  • This topic is locked This topic is locked
132 replies to this topic

#31 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 10:26 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by Beaub at 2014-02-01 10:17:47
Running from C:\Documents and Settings\Beaub\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
3ivx MPEG-4 5.0.2 (remove only) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19480 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (Version:  3.0 - )
AI-Aircraft Editor Version 2.1.0.23 (Version: 2.1.0.23 - Martin Gossmann)
AIO_Scan (Version: 90.0.222.000 - Hewlett-Packard) Hidden
AMR to MP3 Converter 1.4 (Version:  - amrtomp3converter.com)
AnyToISO (Version: 3.0 - CrystalIdea Software, Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Application Mover (Version:  - Funduc Software Inc.)
ArcSoft Panorama Maker 4 (Version:  - ArcSoft)
ASPCA Reminder by We-Care.com v4.1.22.1 (Version: 4.1.22.1 - We-Care.com)
Athlon 64 Processor Driver (Version: 1.3.2.0 - )
Avanquest update (Version: 1.23 - Avanquest Software)
AviSynth 2.5 (Version:  - )
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (Version: 10.15.03 - Broadcom Corporation)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
C5200 (Version: 90.0.222.000 - Hewlett-Packard) Hidden
C5200_doccd (Version: 90.0.222.000 - Hewlett-Packard) Hidden
c5200_Help (Version: 90.0.222.000 - Hewlett-Packard) Hidden
CardRd81 (Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (Version: 4.10 - Piriform)
CCScore (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
ClipGrab 3.3.0.2 (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Transfer (Version: 1.3.0.23190 - Sony Corporation)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CR2 (Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
Critical Security Update (HKCU Version:  - JNLP)
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
CutePDF Writer 3.0 (Version:  3.0 - CutePDF.com)
Dealio Toolbar v8.2 (Version: 8.2 - Spigot, Inc.)
Defraggler (Version: 1.21 - Piriform)
Delta Force - Black Hawk Down (Version: 1.00.000 - )
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 90.0.205.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
EditVoicepack (Version: 3.1.0 - Bevelstone Production)
ESSBrwr (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
ESScore (Version: 7.01.0000.0012 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
ESSini (Version: 7.01.0000.0002 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Expstudio Audio Editor FREE (Version: 4.31 - Expstudio.com)
Fax (Version: 90.0.146.000 - Hewlett-Packard) Hidden
File Uploader (Version: 1.1.1 - Nikon)
Fisher-Price Photo Software (Version: 2.0.0.9 - Fisher-Price)
Fisher-Price Photo Software (Version: 2.0.0.9 - Fisher-Price) Hidden
Flight Deck 6 for FS2004 (Version: 1.00.0001 - Abacus Software)
Free M4a to MP3 Converter 7.1 (Version:  - ManiacTools.com)
Free Mp3 Wma Converter V 1.9 (Version: 1.9.0.0 - Koyote Soft)
Glary Utilities 4.0 (Version: 4.0.0.53 - Glarysoft Ltd)
Google Chrome (HKCU Version: 26.0.1410.64 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google+ Auto Backup (Version: 1.0.21.81 - Google)
HP Customer Participation Program 9.0 (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (Version: 9.0 - HP)
HP OCR Software 9.0 (Version: 9.0 - HP)
HP Officejet 6700 Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart All-In-One Software 9.0 (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Solution Center 9.0 (Version: 9.0 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 21 (Version: 6.0.210 - Sun Microsystems, Inc.)
KATL Atlanta (Version:  - )
KEDDS (Version: 1.04.0000.0005 - EASTMAN KODAK Company) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0 - )
Kodak EasyShare digital display software (Version:  - Eastman Kodak Company)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0 - Microsoft)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Military AI Works - RAF Lakenheath 48th FW  (HKCU Version:  - )
MobileMe Control Panel (Version: 3.1.6.0 - Apple Inc.)
Motorola Driver Installation 4.5.0 (Version: 4.5.0 - Motorola Inc.)
Mouse Suite for Desktop Computers (Version: 2.50.023 - Dell)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
NASCAR® Racing 2007 Season (Version:  - Sierra Entertainment)
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Nikon Message Center (Version: 0.92.000 - Nikon)
Nikon Transfer (Version: 1.3.0 - Nikon)
NNC Series Mod (Version:  - )
NRatings (Version: 3.2.1 - TJSoft)
NVIDIA Drivers (Version:  - )
OfotoXMI (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PGA Championship Golf 2000 (Version:  - )
Picasa 3 (Version: 3.9 - Google, Inc.)
Prop-Liners Collection (Version: 1.00.0000 - AeroSim Co.,Ltd.)
Prop-Liners Collection (Version: 1.00.0000 - AeroSim Co.,Ltd.) Hidden
PS Panels 737NG Version 1.1 (Version:  - PS Panels)
PS_AIO_02_ProductContext (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_min (Version: 90.0.222.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (Version: 3.3.0 - Roxio)
Roxio Creator Copy (Version: 3.3.0 - Roxio)
Roxio Creator Data (Version: 3.3.0 - Roxio)
Roxio Creator DE (Version: 3.3.0 - Roxio)
Roxio Creator Tools (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (Version: 9.0 - Roxio)
Roxio Express Labeler (Version: 2.1.0 - Roxio)
Roxio Update Manager (Version: 3.0.0 - Roxio)
Safari (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG CDMA Modem Driver Set (Version:  - )
SAMSUNG Mobile Composite Device Software (Version:  - )
SAMSUNG Mobile Modem Driver Set (Version:  - )
Samsung Mobile phone USB driver Software (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (Version:  - )
SAMSUNG Mobile USB Modem Software (Version:  - )
Samsung PC Studio 3 USB Driver Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung Samples Installer (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.9015) (Version: 3.0.0.9015 - Secunia)
SFR (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
SigmaTel Audio (Version: 5.10.4820.0 - SigmaTel)
SimCity 2000® Special Edition (Version:  - )
skin0001 (Version: 7.01.0000.0003 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spy Sweeper (Version:  - )
staticcr (Version: 7.01.0000.0005 - EASTMAN KODAK Company) Hidden
Status (Version: 90.0.146.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TomTom HOME (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
tooltips (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
TrayApp (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01 - Microsoft Corporation)
VPRINTOL (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
WD SmartWare (Version: 1.1.1.6 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Player 11 (Version:  - )
WinPcap 4.1.2 (Version: 4.1.0.2001 - CACE Technologies)
WinX Free AVI to WMV Converter 4.0.15 (Version:  - Digiarty Software,Inc.)
WinX Free FLV to MP3 Converter 2.0.7 (Version:  - Digiarty Software,Inc.)
WinX Free FLV to WMV Converter 4.1.9 (Version:  - Digiarty Software,Inc.)
WinX Free MOV to MP4 Converter 4.1.11 (Version:  - Digiarty Software,Inc.)
WinX Free MOV to WMV Converter 4.1.11 (Version:  - Digiarty Software,Inc.)
WinX Free MP4 to AVI Converter 4.1.12 (Version:  - Digiarty Software,Inc.)
WinX Free MP4 to WMV Converter 4.1.10 (Version:  - Digiarty Software,Inc.)
WinZip 14.5 (Version: 14.5.9096 - WinZip Computing, S.L. )
WIRELESS (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
WOT for Internet Explorer (Version: 11.11.7.0 - WOT Services Oy)
 
==================== Restore Points  =========================
 
21-12-2013 10:00:18 Software Distribution Service 3.0
22-12-2013 10:00:19 Software Distribution Service 3.0
22-12-2013 10:16:17 Software Distribution Service 3.0
23-12-2013 04:42:28 Software Distribution Service 3.0
23-12-2013 10:00:19 Software Distribution Service 3.0
24-12-2013 10:00:22 Software Distribution Service 3.0
24-12-2013 10:17:39 Software Distribution Service 3.0
25-12-2013 10:00:22 Software Distribution Service 3.0
25-12-2013 12:04:15 Software Distribution Service 3.0
26-12-2013 10:00:27 Software Distribution Service 3.0
27-12-2013 10:00:23 Software Distribution Service 3.0
27-12-2013 10:17:47 Software Distribution Service 3.0
28-12-2013 10:00:24 Software Distribution Service 3.0
29-12-2013 10:00:22 Software Distribution Service 3.0
29-12-2013 10:18:54 Software Distribution Service 3.0
30-12-2013 05:30:04 Software Distribution Service 3.0
30-12-2013 10:00:21 Software Distribution Service 3.0
31-12-2013 10:08:10 Software Distribution Service 3.0
31-12-2013 16:33:08 Software Distribution Service 3.0
01-01-2014 10:00:19 Software Distribution Service 3.0
02-01-2014 10:00:21 Software Distribution Service 3.0
02-01-2014 10:17:24 Software Distribution Service 3.0
03-01-2014 10:00:24 Software Distribution Service 3.0
04-01-2014 10:00:21 Software Distribution Service 3.0
04-01-2014 10:16:47 Software Distribution Service 3.0
05-01-2014 10:00:19 Software Distribution Service 3.0
05-01-2014 16:47:58 Software Distribution Service 3.0
06-01-2014 09:15:54 Software Distribution Service 3.0
06-01-2014 10:13:43 Software Distribution Service 3.0
07-01-2014 10:07:09 Software Distribution Service 3.0
08-01-2014 10:06:49 Software Distribution Service 3.0
09-01-2014 00:56:36 Software Distribution Service 3.0
09-01-2014 10:07:10 Software Distribution Service 3.0
10-01-2014 10:07:47 Software Distribution Service 3.0
10-01-2014 19:23:43 Software Distribution Service 3.0
11-01-2014 10:02:37 Software Distribution Service 3.0
12-01-2014 00:37:20 Software Distribution Service 3.0
12-01-2014 15:28:08 Software Distribution Service 3.0
12-01-2014 23:05:21 System Checkpoint
13-01-2014 05:04:42 Software Distribution Service 3.0
13-01-2014 10:00:18 Software Distribution Service 3.0
14-01-2014 10:00:19 Software Distribution Service 3.0
14-01-2014 10:16:36 Software Distribution Service 3.0
15-01-2014 10:00:30 Software Distribution Service 3.0
16-01-2014 10:06:27 Software Distribution Service 3.0
17-01-2014 03:20:10 Software Distribution Service 3.0
17-01-2014 10:00:19 Software Distribution Service 3.0
18-01-2014 10:00:20 Software Distribution Service 3.0
18-01-2014 10:17:55 Software Distribution Service 3.0
19-01-2014 10:00:24 Software Distribution Service 3.0
20-01-2014 04:57:18 Software Distribution Service 3.0
20-01-2014 10:00:19 Software Distribution Service 3.0
21-01-2014 10:00:18 Software Distribution Service 3.0
21-01-2014 10:16:10 Software Distribution Service 3.0
22-01-2014 10:00:18 Software Distribution Service 3.0
23-01-2014 10:00:20 Software Distribution Service 3.0
23-01-2014 10:17:06 Software Distribution Service 3.0
24-01-2014 10:06:45 Software Distribution Service 3.0
24-01-2014 13:24:26 Software Distribution Service 3.0
25-01-2014 10:06:23 Software Distribution Service 3.0
25-01-2014 13:33:15 Software Distribution Service 3.0
26-01-2014 14:45:07 Software Distribution Service 3.0
26-01-2014 15:04:18 Software Distribution Service 3.0
27-01-2014 05:23:41 Software Distribution Service 3.0
27-01-2014 10:00:18 Software Distribution Service 3.0
28-01-2014 10:00:19 Software Distribution Service 3.0
28-01-2014 10:16:35 Software Distribution Service 3.0
29-01-2014 10:00:22 Software Distribution Service 3.0
30-01-2014 10:00:19 Software Distribution Service 3.0
30-01-2014 10:17:12 Software Distribution Service 3.0
31-01-2014 13:22:21 System Checkpoint
01-02-2014 01:16:56 Malwarebytes Anti-Rootkit Restore Point
01-02-2014 10:00:17 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2013-11-25 06:55 - 2014-01-31 06:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 4.job => C:\Program Files\Glary Utilities 4\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job => C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job => C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-02 18:49 - 2009-08-12 14:57 - 00488448 _____ () C:\WINDOWS\system32\apdfprintmon.dll
2010-10-24 18:53 - 2012-10-04 18:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2010-02-04 17:10 - 2006-08-18 13:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2013-11-18 21:56 - 2013-11-18 21:56 - 00080160 _____ () C:\Program Files\Glary Utilities 4\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-30 08:40 - 2006-08-23 14:12 - 00196608 _____ () C:\WINDOWS\system32\nvapi.dll
2010-07-30 16:14 - 2010-07-30 16:14 - 00042320 _____ () C:\Program Files\Fisher-Price\Photo Software\Util\USBHelper.dll
2004-08-04 06:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 06:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-10 02:00 - 2013-04-09 02:57 - 04050896 _____ () C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
2013-04-10 02:00 - 2013-04-09 02:57 - 00390096 _____ () C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
2013-04-10 02:00 - 2013-04-09 02:56 - 01606096 _____ () C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
2013-04-10 02:00 - 2013-04-09 02:57 - 13130704 _____ () C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\Beaub\Desktop\Contacts:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\Ace Utilities Backups:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\emails:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\My Google Gadgets:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\My Scans:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\Obituaries_files:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\Receipts:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\Updater5:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Beaub\My Documents\wsdl:Roxio EMC Stream
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2014 04:04:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/01/2014 04:04:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
 
Error: (02/01/2014 04:04:20 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Office 2003 (KB907417): OTKLOADR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/01/2014 04:04:20 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
 
Error: (02/01/2014 04:01:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.
 
Error: (02/01/2014 04:00:58 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (02/01/2014 04:00:58 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
 
Error: (01/31/2014 06:19:36 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (01/31/2014 04:16:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 - Update 'Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (01/31/2014 04:16:00 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.
 
 
System errors:
=============
Error: (02/01/2014 10:10:00 AM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error: 
%%2147942405
 
Error: (02/01/2014 04:06:23 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).
 
Error: (02/01/2014 04:06:23 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).
 
Error: (02/01/2014 04:04:16 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).
 
Error: (02/01/2014 04:01:03 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).
 
Error: (01/31/2014 08:40:00 PM) (Source: Schedule) (User: )
Description: The At2.job command failed to start due to the following error: 
%%2147942405
 
Error: (01/31/2014 07:19:37 PM) (Source: Service Control Manager) (User: )
Description: The Process creation detector. service failed to start due to the following error: 
%%2
 
Error: (01/31/2014 07:19:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
atapi
PCIIde
 
Error: (01/31/2014 07:19:34 PM) (Source: 0) (User: )
Description: 
 
Error: (01/31/2014 07:19:23 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.
 
 
Microsoft Office Sessions:
=========================
Error: (02/01/2014 04:04:23 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)
 
Error: (02/01/2014 04:04:23 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.(NULL)(NULL)(NULL)
 
Error: (02/01/2014 04:04:20 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Office 2003 (KB907417): OTKLOADR1603(NULL)
 
Error: (02/01/2014 04:04:20 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.(NULL)(NULL)(NULL)
 
Error: (02/01/2014 04:01:41 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)
 
Error: (02/01/2014 04:00:58 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Office 2003 Service Pack 3 (SP3): MAINSP31603(NULL)
 
Error: (02/01/2014 04:00:58 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.(NULL)(NULL)(NULL)
 
Error: (01/31/2014 06:19:36 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL
 
Error: (01/31/2014 04:16:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Edition 2003Update for Outlook 2003 Junk E-mail Filter (KB2863822): OUTLFLTR1603(NULL)
 
Error: (01/31/2014 04:16:00 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Edition 2003 -- Error 25090. Office Setup encountered a problem with the Office Source Engine, system error: -2147023836.  Please open C:\Program Files\Microsoft Office\OFFICE11\1033\SETUP.CHM and look for "Office Source Engine" for information on how to resolve this problem.(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 1918.42 MB
Available physical RAM: 906.97 MB
Total Pagefile: 3811.36 MB
Available Pagefile: 2863.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:222.79 GB) (Free:28.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.01 GB) NTFS
Drive e: (FS_DISC4) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
Drive g: (New Volume) (Fixed) (Total:1863.02 GB) (Free:1669.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=223 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: EDF01A2A)
Partition 1: (Not Active) - (Size=-198625902080) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Beaub (administrator) on BEAU on 01-02-2014 10:16:58
Running from C:\Documents and Settings\Beaub\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(Glarysoft Ltd) C:\Program Files\Glary Utilities 4\Integrator.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Program Files\Creative\Mixer\CTSVolFE.exe
() C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe
() C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Sony Corporation) C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
(RealNetworks, Inc.) C:\Program Files\real\realplayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CTSVolFE.exe] - C:\Program Files\Creative\Mixer\CTSVolFE.exe [57344 2005-02-23] (Creative Technology Ltd)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7630848 2006-08-23] (NVIDIA Corporation)
HKLM\...\Run: [FPPhotoMiddleWare] - C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe [62864 2010-07-30] ()
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [Philips Device Listener] - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2010-10-15] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [295512 2013-04-14] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....://my.yahoo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {16C8659C-D87D-4128-9086-EAEA3FEE8488} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {38BDEC4A-625A-4137-9200-41A7C49C194E} URL = http://ws.infospace....w={searchTerms}
SearchScopes: HKCU - {9CC0CE6A-33A7-F5FF-A61D-F0902379161B} URL = http://www.bing.com/...005&form=ZGAIDF
SearchScopes: HKCU - {BF4879E3-9E7E-43CC-9A94-734DB211B3B4} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.sea...B9-9568ABF2E0D4
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1262200055895
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default
FF Homepage: hxxp://www.bing.com/?pc=Z005&form=ZGAPHP
FF SelectedSearchEngine: Google
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Beaub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: vShare - C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\vshareus@toolbar [2010-12-19]
FF Extension: Address Bar Search - C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9} [2013-08-30]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-06-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Unity Player) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll No File
CHR Extension: (We-Care Reminder) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl [2013-06-11]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-30] (Oracle Corporation)
S4 KodakDigitalDisplayService; C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe [98304 2009-05-14] (Orb Networks, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [98304 2009-10-14] (WDC)
R2 WDSmartWareBackgroundService; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo)
S4 Lavasoft Ad-Aware Service; "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-18] (Advanced Micro Devices)
S3 ASPI; C:\WINDOWS\System32\DRIVERS\ASPI32.sys [16512 2002-07-17] (Adaptec)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [13504 2013-11-17] (Glarysoft Ltd)
S3 dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [223128 2009-12-30] (DT Soft Ltd.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-08-20] ()
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [52312 2014-02-01] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [105472 2007-05-15] (NVIDIA Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [664064 2009-12-30] (Duplex Secure Ltd.)
R1 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5632 2010-10-19] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
S3 AFGMp50; System32\Drivers\AFGMp50.sys [x]
S3 AFGSp50; System32\Drivers\AFGSp50.sys [x]
S3 catchme; \??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
S3 Revoflt; system32\DRIVERS\revoflt.sys [x]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; 
U3 mbr; \??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-01 10:16 - 2014-02-01 10:17 - 00023943 _____ () C:\Documents and Settings\Beaub\Desktop\FRST.txt
2014-02-01 10:16 - 2014-02-01 10:16 - 00000000 ____D () C:\FRST
2014-02-01 10:04 - 2014-02-01 10:06 - 02080256 _____ (Farbar) C:\Documents and Settings\Beaub\Desktop\FRST64.exe
2014-02-01 10:04 - 2014-02-01 10:05 - 01137152 _____ (Farbar) C:\Documents and Settings\Beaub\Desktop\FRST.exe
2014-02-01 08:15 - 2014-02-01 08:17 - 05814840 _____ (TeamViewer GmbH) C:\Documents and Settings\Beaub\Desktop\TeamViewer_Setup_en.exe
2014-02-01 04:14 - 2014-02-01 04:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-01 04:01 - 2014-02-01 04:01 - 00000000 ____D () C:\WINDOWS\LastGood
2014-01-31 13:07 - 2014-02-01 07:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-31 13:07 - 2014-02-01 06:38 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-01-31 13:02 - 2014-02-01 06:33 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-31 13:01 - 2014-02-01 07:45 - 00000000 ____D () C:\Documents and Settings\Beaub\Desktop\mbar
2014-01-31 12:50 - 2014-01-31 13:00 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Beaub\Desktop\mbar-1.07.0.1009.exe
2014-01-31 06:51 - 2014-01-31 06:51 - 00013876 _____ () C:\Documents and Settings\Beaub\Desktop\combofix 2.txt
2014-01-31 06:33 - 2014-01-31 06:33 - 00013844 _____ () C:\ComboFix.txt
2014-01-30 22:10 - 2014-01-30 22:10 - 00013876 _____ () C:\Documents and Settings\Beaub\Desktop\combofix.txt
2014-01-30 21:59 - 2014-01-31 06:33 - 00000000 ____D () C:\Qoobox
2014-01-30 21:59 - 2011-06-26 00:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-01-30 21:59 - 2010-11-07 11:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-01-30 21:59 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-01-30 21:59 - 2000-08-30 18:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-01-30 21:52 - 2014-01-30 21:57 - 05177551 ____R (Swearware) C:\Documents and Settings\Beaub\Desktop\ComboFix.exe
2014-01-30 19:31 - 2014-01-30 19:31 - 00380416 _____ () C:\Documents and Settings\Beaub\Desktop\ezbonk1v.exe
2014-01-30 18:25 - 2014-01-30 18:30 - 07779483 _____ () C:\Documents and Settings\Beaub\Desktop\73275_rgtd_de2014.zip
2014-01-30 13:49 - 2014-01-30 13:49 - 00000523 _____ () C:\Documents and Settings\Beaub\Desktop\MBR.zip
2014-01-30 13:47 - 2014-01-30 13:47 - 00002251 _____ () C:\Documents and Settings\Beaub\Desktop\aswMBR.txt
2014-01-30 13:47 - 2014-01-30 13:47 - 00000512 _____ () C:\Documents and Settings\Beaub\Desktop\MBR.dat
2014-01-30 06:27 - 2014-01-30 06:31 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Beaub\Desktop\aswMBR.exe
2014-01-29 22:14 - 2014-01-31 19:39 - 00028201 _____ () C:\Documents and Settings\Beaub\Desktop\attach.txt
2014-01-29 22:14 - 2014-01-31 19:38 - 00014595 _____ () C:\Documents and Settings\Beaub\Desktop\dds.txt
2014-01-29 22:11 - 2014-01-29 22:11 - 00688992 ____R (Swearware) C:\Documents and Settings\Beaub\Desktop\dds.com
2014-01-28 12:05 - 2014-01-28 12:06 - 01792712 _____ () C:\Documents and Settings\Beaub\Desktop\73252_dillon_dow.cup.car.zip
2014-01-26 09:28 - 2014-01-28 15:30 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-01-25 21:41 - 2014-01-25 21:41 - 00659332 _____ () C:\Documents and Settings\Beaub\My Documents\cc_20140125_214053.reg
2014-01-25 21:35 - 2014-01-25 21:35 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-25 21:35 - 2014-01-25 21:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 21:35 - 2014-01-25 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-01-18 09:49 - 2014-01-18 09:37 - 15334953 _____ () C:\Documents and Settings\Beaub\Desktop\Best of Drew Brees 2013 pregame huddles.mp4
2014-01-16 21:23 - 2014-01-16 21:24 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-01-16 04:36 - 2014-01-16 04:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 17:48 - 2014-01-15 17:59 - 22144726 _____ () C:\Documents and Settings\Beaub\Desktop\tds738_ual-scimitar_fsra.zip
2014-01-15 17:47 - 2014-01-15 17:59 - 20893688 _____ () C:\Documents and Settings\Beaub\Desktop\tds738_aal_fsra.zip
2014-01-08 15:24 - 2014-01-08 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-01-05 08:43 - 2014-01-05 08:40 - 08237034 _____ () C:\Documents and Settings\Beaub\Desktop\Drew Brees Pregame Huddle at Eagles.mp4
2014-01-04 07:50 - 2014-01-04 07:50 - 01425387 _____ () C:\Documents and Settings\Beaub\Desktop\73006_81-Wallace13AE.cts.car.zip
 
==================== One Month Modified Files and Folders =======
 
2014-02-01 10:17 - 2014-02-01 10:16 - 00023943 _____ () C:\Documents and Settings\Beaub\Desktop\FRST.txt
2014-02-01 10:16 - 2014-02-01 10:16 - 00000000 ____D () C:\FRST
2014-02-01 10:10 - 2013-06-01 12:14 - 00000444 _____ () C:\WINDOWS\Tasks\At1.job
2014-02-01 10:06 - 2014-02-01 10:04 - 02080256 _____ (Farbar) C:\Documents and Settings\Beaub\Desktop\FRST64.exe
2014-02-01 10:05 - 2014-02-01 10:04 - 01137152 _____ (Farbar) C:\Documents and Settings\Beaub\Desktop\FRST.exe
2014-02-01 10:00 - 2012-04-11 05:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-01 09:24 - 2010-08-26 15:32 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004UA.job
2014-02-01 09:19 - 2010-02-02 13:28 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 08:17 - 2014-02-01 08:15 - 05814840 _____ (TeamViewer GmbH) C:\Documents and Settings\Beaub\Desktop\TeamViewer_Setup_en.exe
2014-02-01 07:45 - 2014-01-31 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-01 07:45 - 2014-01-31 13:01 - 00000000 ____D () C:\Documents and Settings\Beaub\Desktop\mbar
2014-02-01 07:24 - 2010-08-26 15:32 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-884357618-839522115-1004Core.job
2014-02-01 06:38 - 2014-01-31 13:07 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-01 06:33 - 2014-01-31 13:02 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-01 04:14 - 2014-02-01 04:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-02-01 04:06 - 2009-12-30 08:27 - 01169023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-01 04:04 - 2010-12-19 21:31 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2014-02-01 04:01 - 2014-02-01 04:01 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-01 03:00 - 2009-12-30 08:30 - 00031902 _____ () C:\WINDOWS\SchedLgU.Txt
2014-01-31 20:40 - 2013-06-01 12:14 - 00000444 _____ () C:\WINDOWS\Tasks\At2.job
2014-01-31 19:39 - 2014-01-29 22:14 - 00028201 _____ () C:\Documents and Settings\Beaub\Desktop\attach.txt
2014-01-31 19:38 - 2014-01-29 22:14 - 00014595 _____ () C:\Documents and Settings\Beaub\Desktop\dds.txt
2014-01-31 19:20 - 2013-11-29 19:33 - 00000316 _____ () C:\WINDOWS\Tasks\GlaryInitialize 4.job
2014-01-31 19:19 - 2013-11-29 19:32 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-01-31 19:19 - 2013-04-14 18:00 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
2014-01-31 19:19 - 2011-09-05 12:05 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-884357618-839522115-1004.job
2014-01-31 19:19 - 2010-02-02 13:28 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 19:19 - 2009-12-30 08:40 - 00000000 _____ () C:\WINDOWS\system32\nvapps.xml
2014-01-31 19:19 - 2009-12-30 08:31 - 00000278 ___SH () C:\Documents and Settings\Beaub\ntuser.ini
2014-01-31 19:19 - 2009-12-30 08:31 - 00000000 ____D () C:\Documents and Settings\Beaub
2014-01-31 19:19 - 2009-12-30 08:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-01-31 19:19 - 2009-12-30 02:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-01-31 19:19 - 2009-12-30 02:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-01-31 19:18 - 2013-07-10 03:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834904_WM11$
2014-01-31 14:00 - 2013-06-01 12:14 - 00000444 _____ () C:\WINDOWS\Tasks\At4.job
2014-01-31 13:14 - 2013-06-01 12:14 - 00000444 _____ () C:\WINDOWS\Tasks\At3.job
2014-01-31 13:00 - 2014-01-31 12:50 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Beaub\Desktop\mbar-1.07.0.1009.exe
2014-01-31 08:58 - 2009-12-31 06:45 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-31 06:51 - 2014-01-31 06:51 - 00013876 _____ () C:\Documents and Settings\Beaub\Desktop\combofix 2.txt
2014-01-31 06:33 - 2014-01-31 06:33 - 00013844 _____ () C:\ComboFix.txt
2014-01-31 06:33 - 2014-01-30 21:59 - 00000000 ____D () C:\Qoobox
2014-01-31 06:32 - 2004-08-04 06:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-01-31 04:15 - 2010-12-19 21:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-01-30 22:10 - 2014-01-30 22:10 - 00013876 _____ () C:\Documents and Settings\Beaub\Desktop\combofix.txt
2014-01-30 22:08 - 2009-12-30 08:30 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-01-30 21:57 - 2014-01-30 21:52 - 05177551 ____R (Swearware) C:\Documents and Settings\Beaub\Desktop\ComboFix.exe
2014-01-30 19:31 - 2014-01-30 19:31 - 00380416 _____ () C:\Documents and Settings\Beaub\Desktop\ezbonk1v.exe
2014-01-30 18:30 - 2014-01-30 18:25 - 07779483 _____ () C:\Documents and Settings\Beaub\Desktop\73275_rgtd_de2014.zip
2014-01-30 13:49 - 2014-01-30 13:49 - 00000523 _____ () C:\Documents and Settings\Beaub\Desktop\MBR.zip
2014-01-30 13:47 - 2014-01-30 13:47 - 00002251 _____ () C:\Documents and Settings\Beaub\Desktop\aswMBR.txt
2014-01-30 13:47 - 2014-01-30 13:47 - 00000512 _____ () C:\Documents and Settings\Beaub\Desktop\MBR.dat
2014-01-30 06:31 - 2014-01-30 06:27 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Beaub\Desktop\aswMBR.exe
2014-01-29 22:11 - 2014-01-29 22:11 - 00688992 ____R (Swearware) C:\Documents and Settings\Beaub\Desktop\dds.com
2014-01-28 15:30 - 2014-01-26 09:28 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-01-28 12:06 - 2014-01-28 12:05 - 01792712 _____ () C:\Documents and Settings\Beaub\Desktop\73252_dillon_dow.cup.car.zip
2014-01-26 18:51 - 2010-03-12 21:37 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
2014-01-25 21:47 - 2013-04-14 18:00 - 00000286 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1715567821-884357618-839522115-1004.job
2014-01-25 21:41 - 2014-01-25 21:41 - 00659332 _____ () C:\Documents and Settings\Beaub\My Documents\cc_20140125_214053.reg
2014-01-25 21:37 - 2012-07-24 07:19 - 00000000 ____D () C:\Documents and Settings\Beaub\Application Data\BitTorrent
2014-01-25 21:37 - 2011-08-26 19:37 - 00000000 ____D () C:\Documents and Settings\Beaub\Application Data\Media Player Classic
2014-01-25 21:35 - 2014-01-25 21:35 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-25 21:35 - 2014-01-25 21:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-25 21:35 - 2014-01-25 21:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-01-24 15:40 - 2009-12-30 21:24 - 00000000 ____D () C:\Documents and Settings\Beaub\Local Settings\Application Data\Adobe
2014-01-24 15:27 - 2013-12-02 17:43 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-24 15:27 - 2011-06-10 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-20 17:51 - 2010-08-12 18:11 - 00000000 ____D () C:\Documents and Settings\Beaub\My Documents\Flight Simulator Files
2014-01-19 01:32 - 2009-12-30 17:44 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 09:37 - 2014-01-18 09:49 - 15334953 _____ () C:\Documents and Settings\Beaub\Desktop\Best of Drew Brees 2013 pregame huddles.mp4
2014-01-16 21:25 - 2012-08-18 05:30 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-01-16 21:25 - 2009-12-30 21:26 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-16 21:24 - 2014-01-16 21:23 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-01-16 04:36 - 2014-01-16 04:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 17:59 - 2014-01-15 17:48 - 22144726 _____ () C:\Documents and Settings\Beaub\Desktop\tds738_ual-scimitar_fsra.zip
2014-01-15 17:59 - 2014-01-15 17:47 - 20893688 _____ () C:\Documents and Settings\Beaub\Desktop\tds738_aal_fsra.zip
2014-01-08 15:24 - 2014-01-08 15:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google+ Auto Backup
2014-01-08 15:12 - 2009-12-30 21:24 - 00000000 ____D () C:\Program Files\Google
2014-01-05 09:44 - 2010-01-03 16:05 - 00140288 _____ () C:\Documents and Settings\Beaub\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-05 08:40 - 2014-01-05 08:43 - 08237034 _____ () C:\Documents and Settings\Beaub\Desktop\Drew Brees Pregame Huddle at Eagles.mp4
2014-01-04 07:50 - 2014-01-04 07:50 - 01425387 _____ () C:\Documents and Settings\Beaub\Desktop\73006_81-Wallace13AE.cts.car.zip
2014-01-02 19:25 - 2010-01-01 14:17 - 00214016 _____ () C:\Documents and Settings\Beaub\My Documents\Tax Information.xls
2014-01-02 19:21 - 2010-01-01 14:17 - 00026624 _____ () C:\Documents and Settings\Beaub\My Documents\MONTHLY BILLS.xls
2014-01-02 19:14 - 2010-02-12 19:57 - 00002495 _____ () C:\Documents and Settings\Beaub\Desktop\Microsoft Office Excel 2003.lnk
ZeroAccess:
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

    Advertisements

Register to Remove


#32 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 11:31 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {16C8659C-D87D-4128-9086-EAEA3FEE8488} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {38BDEC4A-625A-4137-9200-41A7C49C194E} URL = http://ws.infospace....w={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.sea...B9-9568ABF2E0D4
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: vShare - C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\vshareus@toolbar [2010-12-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
 
 

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#33 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 11:42 AM

What do you mean to save it on the flashdrive?



#34 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 12:46 PM

Sorry.  I confused the instructions.  There is a way to run FRST from a flashdrive... which is not what I had you do.  We just need fixlist.txt in the same location as FRST is located.  You just need to save it to your desktop as fixlist.txt.  I apologize for the improper directions.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#35 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 12:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by Beaub at 2014-02-01 12:52:42 Run:1
Running from C:\Documents and Settings\Beaub\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV=
SearchScopes: HKCU - {16C8659C-D87D-4128-9086-EAEA3FEE8488} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {38BDEC4A-625A-4137-9200-41A7C49C194E} URL = http://ws.infospace....w={searchTerms}
SearchScopes: HKCU - {C7576B9D-B442-46bc-AF74-080A9E723E01} URL = http://websearch.sea...B9-9568ABF2E0D4
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\search-results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: vShare - C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\vshareus@toolbar [2010-12-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S4 IntelIde; No ImagePath
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16C8659C-D87D-4128-9086-EAEA3FEE8488} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{16C8659C-D87D-4128-9086-EAEA3FEE8488} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38BDEC4A-625A-4137-9200-41A7C49C194E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{38BDEC4A-625A-4137-9200-41A7C49C194E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C7576B9D-B442-46bc-AF74-080A9E723E01} => Key not found.
C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\conduit-search.xml => Moved successfully.
C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\searchplugins\search-results.xml => Moved successfully.
C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml => Moved successfully.
C:\Documents and Settings\Beaub\Application Data\Mozilla\Firefox\Profiles\0ixibutj.default\Extensions\vshareus@toolbar => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
IntelIde => Service deleted successfully.
Lavasoft Kernexplorer => Service deleted successfully.
C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
 
==== End of Fixlog ====


#36 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 12:53 PM

  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#37 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 01:17 PM

RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Beaub [Admin rights]
Mode : Scan -- Date : 02/01/2014 13:16:57
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB19DC184)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB19DC2D0)
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SP2504C +++++
--- User ---
[MBR] e3df8b25f2a74708024f42df35471483
[BSP] 35c2646771034da69a509a2607f26d7f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21053440 | Size: 228137 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD20EZRX-00D8PB0 +++++
--- User ---
[MBR] 8e58c17c78b7d4041bd23e898c231a67
[BSP] b9085093b07ee4be3936e9189c7be205 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907727 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) HP USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_02012014_131657.txt >>
 
 
RogueKiller V8.8.3 [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Beaub [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/01/2014 13:19:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 4 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 9 / Fail 0
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume4 -- 0x3 --> Restored
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_02012014_131925.txt >>
RKreport[0]_D_02012014_131857.txt;RKreport[0]_S_02012014_131657.txt
 
 
 


#38 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 02:01 PM

Nothing there.

 

We have found a few signs of "partial" infections... but nothing "real".  It's like things were partially removed... and we've only found remnants.

 

This tool will help make sure system files are where and as they should be.  It will also double check a bunch of settings.

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#39 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 03:27 PM

under step 3 the system file check, it keeps asking for the Windows CD, that I dont have.



#40 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 03:39 PM

It doesn't have to be the one that came with your system.  Do you have an XP disk that came with a different computer, or perhaps a friend you can borrow one from?  Just needs to be the same version of XP (home or pro).


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#41 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 01 February 2014 - 03:42 PM

My computer came with Vista, and I had a co worker convert it over to XP. I can check with him on Monday to see if he has the disc.



#42 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 01 February 2014 - 04:01 PM

I think that is a good plan as restoration of system files is the most reasonable course of action at this point.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#43 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 02 February 2014 - 12:19 PM

Is this what I need ? http://www.microsoft...s.aspx?id=12934

 

I talked to my co worker and he said his disc broke.



#44 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,135 posts

Posted 02 February 2014 - 06:16 PM

I'm not sure.  If you make the CD, see if it contains a folder called /i386.  If it has that folder, it should work.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#45 btbenoit

btbenoit

    Authentic Member

  • Authentic Member
  • PipPip
  • 95 posts

Posted 02 February 2014 - 06:33 PM

XP.JPG


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users