Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ransomware and other issues [Solved]


  • This topic is locked This topic is locked
15 replies to this topic

#1 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 26 February 2014 - 10:41 AM

Hello,

 

I am the closest thing to IT at my company and I've been trying to clean up a coworker's computer but have had mixed results. The computer has been suffering from browser redirects, unauthorized chrome  extensions installing and enabling developer mode and re-installing after deletion, blue screens, and more. Before running OTL I ran Malwarebyte's Anti-Malware which found two instances of a generic Trojan.Ransomware. It appears to have removed these succesfully because scanning again after a restart didn't find them, but they have come back in the past so I want to really make sure it is clean with your help.

 

-Here is the OTL.txt output:

 


OTL logfile created on: 2/26/2014 10:26:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.48% Memory free
4.84 Gb Paging File | 4.22 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 194.62 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
 
Computer Name: PUMPSTATION1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll ()
MOD - C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4915867f\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_298472ba\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_70e16097\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ada8dcd9\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3d6d957b\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (jqrrvppm) -- C:\WINDOWS\system32\drivers\jqrrvppm.sys File not found
DRV - (Changer) --  File not found
DRV - (MpKsl8371493c) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1DDC131-C07C-4409-8631-E7A11395DE28}\MpKsl8371493c.sys (Microsoft Corporation)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {904DE302-1EB0-4F91-B970-C2D23CCC23A9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{904DE302-1EB0-4F91-B970-C2D23CCC23A9}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.pumpstudios.com/
IE - HKCU\..\SearchScopes,DefaultScope = {904DE302-1EB0-4F91-B970-C2D23CCC23A9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://start.pumpstudios.com/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/11 22:19:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/04 17:45:06 | 000,000,000 | ---D | M]
 
[2009/03/11 16:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/02/26 10:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eiltlk5s.default\extensions
[2014/02/26 10:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/04 17:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2009/10/14 14:38:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Error reading preferences file
CHR - Extension: Adblock Plus = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab (UMediaPlayer Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1351700736828 (MUWebControl Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2B9F54E-C113-417D-923D-953F399B5F15}: NameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/26 10:24:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/25 13:38:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/26 10:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/26 10:02:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/26 09:48:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/26 09:48:42 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/26 09:18:49 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/25 13:57:08 | 000,534,074 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/25 13:57:08 | 000,096,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/25 13:47:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/21 12:07:29 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/02/12 02:54:55 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/12 02:54:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/11 15:54:32 | 000,010,852 | ---- | M] () -- C:\WINDOWS\BRRBCOM.INI
[2014/02/06 08:24:00 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 17:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 17:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 17:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 17:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 17:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 17:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 17:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 17:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 17:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 17:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 17:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 17:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 17:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 17:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 17:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 17:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 17:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 17:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 17:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 17:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 16:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2014/02/04 21:26:10 | 000,000,141 | ---- | M] () -- C:\WINDOWS\BROMJ6920DW.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/13 11:20:14 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/12/13 11:20:14 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/12/13 11:19:48 | 000,010,852 | ---- | C] () -- C:\WINDOWS\BRRBCOM.INI
[2013/12/13 11:19:48 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BROMJ6920DW.INI
[2013/12/13 11:19:15 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/12/13 11:18:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2013/12/13 11:18:49 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/09/05 10:38:58 | 000,291,694 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1763940397-1982518545-667687927-500-0.dat
[2012/04/17 15:31:58 | 004,056,339 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1763940397-1982518545-667687927-1006-0.dat
[2012/04/17 15:31:57 | 000,291,694 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/03/06 12:34:08 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/04/25 15:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/15 19:00:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/03/11 16:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/06/13 11:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/03/13 13:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/09/01 15:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/23 10:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/12/13 11:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCFaxTx
[2010/03/23 10:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/03/06 12:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EX_  >
[2008/04/14 06:00:00 | 000,356,615 | ---- | M] () MD5=D7B59A7EC9CB1429FDCEC84A22228555 -- C:\I386\EXPLORER.EX_
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
 
< MD5 for: EXPLORER.EXE-02121B1A.PF  >
[2014/02/26 10:02:51 | 000,093,216 | ---- | M] () MD5=20AE74B9FDEB9630AED6D358F24614C0 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf
 
< MD5 for: EXPLORER.HTM  >
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\cs\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:25:42 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\da\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\de\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\el\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\es\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:26:08 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\fi\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\fr\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2003/09/15 12:06:02 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\hu\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\it\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\ja\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:26:42 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\ko\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\nl\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:26:58 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\no\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\pl\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\pt-BR\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\ru\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:27:14 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\sv\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:27:20 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\th\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/20 15:42:18 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\tr\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\zh-CHS\Help\wwhelp\wwhimpl\java\html\explorer.htm
[2005/01/19 16:44:52 | 000,002,057 | ---- | M] () MD5=0768146E197314BF50A1E3E5E89892F1 -- C:\Program Files\ATI Technologies\ATI.ACE\zh-CHT\Help\wwhelp\wwhimpl\java\html\explorer.htm
 
< MD5 for: EXPLORER.SC_  >
[2008/04/14 06:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:\I386\EXPLORER.SC_
 
< MD5 for: EXPLORER.SCF  >
[2008/04/14 06:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.CH_  >
[2008/04/14 06:00:00 | 000,199,077 | ---- | M] () MD5=1D662719AB9BB40BA7526B3973D3F626 -- C:\I386\IEXPLORE.CH_
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2008/04/14 06:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.EX_  >
[2008/04/14 06:00:00 | 000,037,887 | ---- | M] () MD5=2B46169148FFD81CAE84572CD32BDF86 -- C:\I386\IEXPLORE.EX_
 
< MD5 for: IEXPLORE.EXE  >
[2008/04/14 06:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.EXP.LOG  >
[2009/09/02 10:07:13 | 000,002,982 | ---- | M] () MD5=B54ED4AE9D44CF57C0AFB4F0618833E6 -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF  >
[2014/02/25 13:40:04 | 000,095,068 | ---- | M] () MD5=1947437097594543F586084D7DF96E21 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
 
< MD5 for: IEXPLORE.HL_  >
[2008/04/14 06:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:\I386\IEXPLORE.HL_
 
< MD5 for: IEXPLORE.HLP  >
[2008/04/14 06:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2008/04/14 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES._  >
[2008/04/14 06:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._
 
< MD5 for: SERVICES.CSS  >
[2005/06/29 13:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2008\Components\Services\services.css
[2005/06/29 13:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2010\Components\Services\services.css
[2012/03/04 23:27:16 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2012\Components\Services\services.css
 
< MD5 for: SERVICES.EX_  >
[2008/04/14 06:00:00 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\I386\SERVICES.EX_
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 06:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.LNK  >
[2008/04/25 15:29:41 | 000,001,602 | ---- | M] () MD5=7209F25586C62053CF0504B21D7E4DC7 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.LNK
 
< MD5 for: SERVICES.MS_  >
[2008/04/14 06:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_
 
< MD5 for: SERVICES.MSC  >
[2008/04/14 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: WINLOGON.EX_  >
[2008/04/14 06:00:00 | 000,265,069 | ---- | M] () MD5=063EF1A46C58A731F78AE5AF47070D65 -- C:\I386\WINLOGON.EX_
 
< MD5 for: WINLOGON.EXE  >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 06:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %SYSTEMDRIVE%\*.* >
[2008/04/25 15:29:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/08/28 11:33:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/04/25 15:29:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/06 14:06:15 | 000,004,646 | RH-- | M] () -- C:\dell.sdr
[2014/02/26 09:48:42 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/25 15:29:32 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2008/04/25 15:29:32 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2008/04/14 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 06:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/02/26 09:48:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/04/16 22:46:53 | 000,004,268 | ---- | M] () -- C:\xxcopylog2.txt
 
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2008/04/25 15:29:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 13:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 8E5D-5093
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
02/25/2014  01:55 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
02/25/2014  01:55 PM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\Intuit.QuickBooks.FCS
03/23/2010  10:34 AM    <JUNCTION>     1.3.0.0__5b3f47ba29970ccb
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
02/25/2014  01:57 PM    <JUNCTION>     v4.0_4.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
02/25/2014  01:51 PM    <JUNCTION>     v4.0_4.0.0.0__31bf3856ad364e35
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               5 Dir(s)  208,908,763,136 bytes free
 
< %systemroot%\System32\config\*.sav >
[2008/04/25 03:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/04/25 03:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/04/25 03:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/04/25 15:29:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/11 15:58:33 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/04/25 15:33:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
[2014/02/26 10:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-02-25 20:00:05
 
< End of report >
 
-OTL Extras.txt output:
 

OTL Extras logfile created on: 2/26/2014 10:26:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.48% Memory free
4.84 Gb Paging File | 4.22 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 194.62 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
 
Computer Name: PUMPSTATION1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1969:TCP" = 1969:TCP:*:Enabled:Remote Desktop
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
"1969:UDP" = 1969:UDP:*:Enabled:RDP
"54925:UDP" = 54925:UDP:*:Enabled:BrotherNetwork Scanner
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\Administrator\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\hp_webrelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\Documents and Settings\Administrator\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\hp_webrelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2012\QBDBMgrN.exe:*:Enabled:QuickBooks 2012 Data Manager -- (Intuit, Inc.)
"C:\Program Files\NETGEAR ReadyNAS\RAIDar.exe" = C:\Program Files\NETGEAR ReadyNAS\RAIDar.exe:*:Enabled:Monitor ReadyNAS device
"\\Pumpdrive\Project\SysAdmin\Drivers\Brother MFC-J6920DW\install\Data\Disk1\Setup.exe" = \\Pumpdrive\Project\SysAdmin\Drivers\Brother MFC-J6920DW\install\Data\Disk1\Setup.exe:*:Enabled:Setup.exe
"C:\Program Files\Brother\Brmfl13c\FAXRX.exe" = C:\Program Files\Brother\Brmfl13c\FAXRX.exe:*:Enabled:MFC-J6920DW FAXRX.EXE -- (Brother Industries, Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A434-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier: Professional Services Edition 2010
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}" = FileMaker Pro 9
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}" = Brother MFL-Pro Suite MFC-J6920DW
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88253B77-33C9-4A9D-9E4C-4579E39D9158}" = Diagnostics Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat  8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Acrobat  8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell_HostCD" = Dell Printer Software Uninstall
"FTP Commander" = FTP Commander
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"PROHYBRIDR" = 2007 Microsoft Office system
"Ultravnc2_is1" = UltraVNC 1.0.6.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/10/2013 1:25:45 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DMError Information:-6069Additional
 Info:An Invalid Id or password was specifie
 
Error - 9/13/2013 1:20:05 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/13/2013 1:20:05 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/13/2013 1:20:05 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
 Hand
 
Error - 9/13/2013 1:25:03 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
 Error:Invalid user ID or passwo
 
Error - 9/13/2013 1:25:03 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
 String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Pump Data\QuickBooks\Pump
 Studios, Inc..qbw;ENG=QB_data_engine_22;DBN=d3d4178857564d61a803da3db7d341
 
Error - 9/13/2013 1:25:03 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::HandleConnectionError
 errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
 function:'DBMgr::DBConnPool::ini
 
Error - 9/17/2013 3:59:29 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
 Error:Invalid user ID or passwo
 
Error - 9/17/2013 3:59:29 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
 String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Pump Data\QuickBooks\Pump
 Studios, Inc..qbw;ENG=QB_data_engine_22;DBN=fcdd4b3fe70e404999924040f2dbf5
 
Error - 9/17/2013 3:59:29 PM | Computer Name = PUMPSTATION1 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::HandleConnectionError
 errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
 function:'DBMgr::DBConnPool::ini
 
[ System Events ]
Error - 1/21/2014 6:02:37 PM | Computer Name = PUMPSTATION1 | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
 with DCOM within the required timeout.
 
Error - 1/21/2014 6:13:13 PM | Computer Name = PUMPSTATION1 | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
 with DCOM within the required timeout.
 
Error - 1/24/2014 5:42:19 PM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Send to Microsoft OneNote 15 Driver required for printer Send
 To OneNote 2013 is unknown. Contact the administrator to install the driver before
 you log in again.
 
Error - 1/24/2014 5:42:19 PM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Snagit 11 Printer required for printer Snagit 11 is unknown.
 Contact the administrator to install the driver before you log in again.
 
Error - 1/27/2014 11:28:30 AM | Computer Name = PUMPSTATION1 | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.165.2682.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803
 
User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0
 
Error
 code: 0x8024402f     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 1/30/2014 8:54:14 AM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Send to Microsoft OneNote 15 Driver required for printer Send
 To OneNote 2013 is unknown. Contact the administrator to install the driver before
 you log in again.
 
Error - 1/30/2014 8:54:14 AM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Snagit 11 Printer required for printer Snagit 11 is unknown.
 Contact the administrator to install the driver before you log in again.
 
Error - 2/4/2014 11:26:39 PM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Send to Microsoft OneNote 15 Driver required for printer Send
 To OneNote 2013 is unknown. Contact the administrator to install the driver before
 you log in again.
 
Error - 2/4/2014 11:26:39 PM | Computer Name = PUMPSTATION1 | Source = TermServDevices | ID = 1111
Description = Driver Snagit 11 Printer required for printer Snagit 11 is unknown.
 Contact the administrator to install the driver before you log in again.
 
Error - 2/25/2014 3:39:25 PM | Computer Name = PUMPSTATION1 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf85a83a, parameter3
 8b009ae4, parameter4 00000000.
 
 
< End of report >
 
 

 


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 02:43 PM

Hi and welcome

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
  • rkill.exe
  • rkill.com
  • rkill.scr
  • rkill.pif
  • WiNlOgOn.exe
  • uSeRiNiT.exe
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Farbar Recovery Scan Tool

    (use correct version for your system.....Which system am I using?)
    and Tutorial http://www.geekstogo...very-scan-tool/



    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 February 2014 - 02:56 PM

Thank you so much for your help. FRST crashed the first time I ran a scan but when I ran it a second time it worked without a hitch.

 

FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Administrator (administrator) on PUMPSTATION1 on 28-02-2014 14:55:21
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek) C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16806912 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-08-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [8169Diag] - C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe [909312 2008-02-26] (Realtek)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-09-25] ()
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [googletalk] - C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2215768 2012-03-04] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1763940397-1982518545-667687927-1006\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1763940397-1982518545-667687927-1006\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1763940397-1982518545-667687927-500\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1763940397-1982518545-667687927-500\...\Run: [DellSupportCenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.pumpstudios.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...p={searchTerms}
SearchScopes: HKCU - DefaultScope {904DE302-1EB0-4F91-B970-C2D23CCC23A9} URL = 
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} http://www.umediaser...diaControl5.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{F2B9F54E-C113-417D-923D-953F399B5F15}: [NameServer]192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eiltlk5s.default
FF Homepage: hxxp://start.pumpstudios.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-26]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
 
========================== Services (Whitelisted) =================
 
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-25] (Flexera Software, Inc.)
S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company)
S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-04] (Intuit Inc.)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-04-25] (SolidWorks)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 W3SVC; C:\WINDOWS\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [11264 2007-12-03] (Realtek Semiconductor Corporation)
R2 DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
R2 DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
R2 DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
R2 DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
R2 DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
R2 DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
R2 DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
R2 DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
R2 LANPkt; C:\WINDOWS\System32\DRIVERS\LANPkt.sys [8960 2007-11-20] (Realtek Semiconductor Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsla29e7264; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A67A75CC-B206-44F8-910F-287472EA3C01}\MpKsla29e7264.sys [39464 2014-02-28] (Microsoft Corporation)
S3 RTLVLAN; C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS [16640 2007-11-20] (Realtek Semiconductor Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S1 jqrrvppm; \??\C:\WINDOWS\system32\drivers\jqrrvppm.sys [X]
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-28 14:55 - 2014-02-28 14:55 - 00015468 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-28 14:52 - 2014-02-28 14:55 - 00000000 ____D () C:\FRST
2014-02-28 14:51 - 2014-02-28 14:51 - 01143808 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-28 14:47 - 2014-02-28 14:48 - 00003468 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-02-26 10:31 - 2014-02-26 10:31 - 00096494 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt
2014-02-26 10:31 - 2014-02-26 10:31 - 00047588 _____ () C:\Documents and Settings\Administrator\Desktop\Extras.Txt
2014-02-26 10:24 - 2014-02-26 10:20 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-25 14:00 - 2014-02-25 14:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-25 13:47 - 2014-02-25 13:47 - 00013659 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-25 13:46 - 2014-02-25 13:47 - 00006385 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-25 13:38 - 2014-02-25 13:38 - 00086016 _____ () C:\WINDOWS\Minidump\Mini022514-01.dmp
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-13 01:51 - 2014-02-25 14:00 - 00019453 _____ () C:\WINDOWS\KB2916036.log
2014-02-11 17:00 - 2014-02-11 17:00 - 00001526 _____ () C:\WINDOWS\setupapi.log
2014-02-11 10:08 - 2014-02-11 10:08 - 00000000 ____D () C:\Documents and Settings\celeste\Local Settings\Application Data\Sun
 
==================== One Month Modified Files and Folders =======
 
2014-02-28 14:55 - 2014-02-28 14:55 - 00015468 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-02-28 14:55 - 2014-02-28 14:52 - 00000000 ____D () C:\FRST
2014-02-28 14:51 - 2014-02-28 14:51 - 01143808 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-02-28 14:48 - 2014-02-28 14:47 - 00003468 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-02-28 14:44 - 2008-04-25 10:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-28 13:35 - 2009-03-11 15:55 - 00000178 ___SH () C:\Documents and Settings\celeste\ntuser.ini
2014-02-28 13:35 - 2009-03-11 15:55 - 00000000 ____D () C:\Documents and Settings\celeste
2014-02-28 13:35 - 2008-04-25 15:28 - 01922650 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-28 13:21 - 2008-04-25 03:17 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-02-28 13:19 - 2009-03-11 16:01 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-28 13:19 - 2008-04-25 15:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-28 13:19 - 2008-04-25 03:25 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-28 13:19 - 2008-04-25 03:25 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-28 10:11 - 2008-04-25 15:32 - 00032610 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-28 10:11 - 2008-04-25 15:32 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-28 10:11 - 2008-04-25 15:32 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-26 10:31 - 2014-02-26 10:31 - 00096494 _____ () C:\Documents and Settings\Administrator\Desktop\OTL.Txt
2014-02-26 10:31 - 2014-02-26 10:31 - 00047588 _____ () C:\Documents and Settings\Administrator\Desktop\Extras.Txt
2014-02-26 10:20 - 2014-02-26 10:24 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\OTL.exe
2014-02-26 09:07 - 2009-03-06 12:34 - 00524288 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-02-25 14:29 - 2008-04-25 15:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-25 14:00 - 2014-02-25 14:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-25 14:00 - 2014-02-13 01:51 - 00019453 _____ () C:\WINDOWS\KB2916036.log
2014-02-25 14:00 - 2014-01-21 13:30 - 00009143 _____ () C:\WINDOWS\updspapi.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00101622 _____ () C:\WINDOWS\iis6.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00086221 _____ () C:\WINDOWS\FaxSetup.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00041384 _____ () C:\WINDOWS\ocgen.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00039482 _____ () C:\WINDOWS\tsoc.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00028736 _____ () C:\WINDOWS\comsetup.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00026536 _____ () C:\WINDOWS\msmqinst.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00017400 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00015162 _____ () C:\WINDOWS\netfxocm.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00005950 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00004788 _____ () C:\WINDOWS\ocmsn.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00004354 _____ () C:\WINDOWS\tabletoc.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00004326 _____ () C:\WINDOWS\msgsocm.log
2014-02-25 14:00 - 2014-01-21 13:26 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-25 13:57 - 2008-04-25 03:22 - 00641486 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-25 13:54 - 2013-11-12 10:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-25 13:51 - 2009-07-27 14:23 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-25 13:47 - 2014-02-25 13:47 - 00013659 _____ () C:\WINDOWS\KB2909921-IE8.log
2014-02-25 13:47 - 2014-02-25 13:46 - 00006385 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-02-25 13:47 - 2014-01-21 13:26 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-25 13:38 - 2014-02-25 13:38 - 00086016 _____ () C:\WINDOWS\Minidump\Mini022514-01.dmp
2014-02-25 13:38 - 2014-02-25 13:38 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-21 12:07 - 2011-12-16 16:10 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-02-12 02:54 - 2011-07-19 14:55 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-12 02:54 - 2011-07-19 14:55 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 17:00 - 2014-02-11 17:00 - 00001526 _____ () C:\WINDOWS\setupapi.log
2014-02-11 15:54 - 2013-12-13 11:19 - 00010852 _____ () C:\WINDOWS\BRRBCOM.INI
2014-02-11 13:28 - 2009-03-13 12:38 - 00002529 _____ () C:\Documents and Settings\celeste\Desktop\FileMaker Pro.lnk
2014-02-11 10:09 - 2009-03-11 16:18 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-02-11 10:09 - 2009-03-06 12:16 - 00000000 ____D () C:\Program Files\Java
2014-02-11 10:08 - 2014-02-11 10:08 - 00000000 ____D () C:\Documents and Settings\celeste\Local Settings\Application Data\Sun
2014-02-06 08:24 - 2009-11-02 17:18 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-06 03:54 - 2009-03-08 03:32 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 03:54 - 2008-04-25 10:16 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 17:26 - 2012-08-15 05:54 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-05 17:26 - 2010-11-03 09:19 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-05 17:26 - 2009-10-14 09:12 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-05 17:26 - 2009-10-14 09:12 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-05 17:26 - 2009-07-27 14:24 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-05 17:26 - 2009-07-27 14:24 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-05 17:26 - 2009-07-27 14:24 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-05 17:26 - 2009-07-27 14:24 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-05 17:26 - 2009-03-08 13:09 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-05 17:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-05 17:26 - 2009-03-08 03:34 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-05 17:26 - 2009-03-08 03:34 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-05 17:26 - 2009-03-08 03:34 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-05 17:26 - 2009-03-08 03:34 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-05 17:26 - 2009-03-08 03:33 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-05 17:26 - 2009-03-08 03:33 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-05 17:26 - 2009-03-08 03:33 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-05 17:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-05 17:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-05 17:26 - 2009-03-08 03:32 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-05 17:26 - 2009-03-08 03:31 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-05 17:26 - 2009-03-08 03:31 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-05 17:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-05 17:26 - 2009-03-06 12:13 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-05 17:26 - 2009-03-06 12:13 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-05 17:26 - 2009-03-06 12:13 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 17:26 - 2008-04-25 10:16 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-05 17:26 - 2008-04-25 10:16 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-05 16:24 - 2008-04-25 10:16 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-04 21:26 - 2013-12-13 11:19 - 00000141 _____ () C:\WINDOWS\BROMJ6920DW.INI
2014-02-04 21:26 - 2008-04-25 15:26 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\celeste\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Administrator at 2014-02-28 14:55:47
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
 
==================== Installed Programs ======================
 
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat  8 Standard - English, Français, Deutsch (Version: 8.1.3 - Adobe Systems) Hidden
Adobe Acrobat 8.1.3 Standard (HKLM\...\Adobe Acrobat  8 Standard - English, Français, Deutsch) (Version: 8.1.3 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{87841AF8-C785-42FF-A76E-CC0F0C2816CC}) (Version: 1.2.2735.37383 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.493-080512a-064246C-Dell - )
Brother MFL-Pro Suite MFC-J6920DW (HKLM\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Dell Printer Software Uninstall (HKLM\...\Dell_HostCD) (Version:  - Dell, Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Diagnostics Utility (HKLM\...\{88253B77-33C9-4A9D-9E4C-4579E39D9158}) (Version: 1.00.0000 - Realtek)
FileMaker Pro 9 (HKLM\...\{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}) (Version: 9.0.3.0 - FileMaker, Inc.)
FTP Commander (HKLM\...\FTP Commander) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6.28) (HKLM\...\Mozilla Firefox (3.6.28)) (Version: 3.6.28 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickBooks (Version: 20.0.4010.807 - Intuit Inc.) Hidden
QuickBooks (Version: 22.0.4008.2206 - Intuit Inc.) Hidden
QuickBooks Premier: Professional Services Edition 2010 (HKLM\...\{0700E22B-A434-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4010.807 - Intuit Inc.)
QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4008.2206 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UltraVNC 1.0.6.5 (HKLM\...\Ultravnc2_is1) (Version: 1.0.6.5 - 1.0.6.5)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB972636) (HKLM\...\KB972636-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
01-12-2013 15:23:07 Software Distribution Service 3.0
01-12-2013 19:30:13 Software Distribution Service 3.0
02-12-2013 15:23:11 Software Distribution Service 3.0
02-12-2013 19:30:03 Software Distribution Service 3.0
03-12-2013 15:23:16 Software Distribution Service 3.0
03-12-2013 19:30:31 Software Distribution Service 3.0
04-12-2013 15:23:14 Software Distribution Service 3.0
04-12-2013 19:23:01 Software Distribution Service 3.0
05-12-2013 15:23:17 Software Distribution Service 3.0
05-12-2013 19:29:40 Software Distribution Service 3.0
06-12-2013 15:16:27 Software Distribution Service 3.0
07-12-2013 15:22:41 Software Distribution Service 3.0
07-12-2013 19:29:27 Software Distribution Service 3.0
08-12-2013 15:23:08 Software Distribution Service 3.0
08-12-2013 19:29:29 Software Distribution Service 3.0
09-12-2013 15:23:14 Software Distribution Service 3.0
09-12-2013 19:29:31 Software Distribution Service 3.0
10-12-2013 15:23:17 Software Distribution Service 3.0
10-12-2013 19:22:36 Software Distribution Service 3.0
11-12-2013 15:35:52 Software Distribution Service 3.0
11-12-2013 19:41:58 Software Distribution Service 3.0
12-12-2013 15:35:52 Software Distribution Service 3.0
12-12-2013 19:42:15 Software Distribution Service 3.0
13-12-2013 15:36:02 Software Distribution Service 3.0
13-12-2013 17:18:25 Installed Brother Software Suite
13-12-2013 17:19:56 Unsigned printer driver Brother PC-FAX v.3.2 (A3/LGR installed.
14-12-2013 15:49:01 Software Distribution Service 3.0
14-12-2013 17:52:21 Software Distribution Service 3.0
15-12-2013 15:48:41 Software Distribution Service 3.0
15-12-2013 17:52:01 Software Distribution Service 3.0
16-12-2013 15:48:37 Software Distribution Service 3.0
16-12-2013 17:52:25 Software Distribution Service 3.0
17-12-2013 15:48:44 Software Distribution Service 3.0
17-12-2013 17:39:00 Software Distribution Service 3.0
18-12-2013 15:48:32 Software Distribution Service 3.0
18-12-2013 17:52:13 Software Distribution Service 3.0
19-12-2013 15:48:36 Software Distribution Service 3.0
19-12-2013 17:52:08 Software Distribution Service 3.0
20-12-2013 15:48:44 Software Distribution Service 3.0
20-12-2013 17:53:27 Software Distribution Service 3.0
21-12-2013 15:48:36 Software Distribution Service 3.0
21-12-2013 17:52:20 Software Distribution Service 3.0
22-12-2013 15:48:45 Software Distribution Service 3.0
22-12-2013 17:52:02 Software Distribution Service 3.0
23-12-2013 15:48:30 Software Distribution Service 3.0
24-12-2013 15:48:48 Software Distribution Service 3.0
25-12-2013 15:48:44 Software Distribution Service 3.0
25-12-2013 17:52:11 Software Distribution Service 3.0
26-12-2013 15:48:54 Software Distribution Service 3.0
27-12-2013 15:48:26 Software Distribution Service 3.0
28-12-2013 15:48:56 Software Distribution Service 3.0
29-12-2013 15:48:42 Software Distribution Service 3.0
29-12-2013 17:51:55 Software Distribution Service 3.0
30-12-2013 17:32:27 Software Distribution Service 3.0
31-12-2013 15:48:37 Software Distribution Service 3.0
31-12-2013 17:55:20 Software Distribution Service 3.0
01-01-2014 15:29:02 Software Distribution Service 3.0
01-01-2014 17:51:52 Software Distribution Service 3.0
02-01-2014 15:48:29 Software Distribution Service 3.0
03-01-2014 15:48:56 Software Distribution Service 3.0
03-01-2014 17:52:59 Software Distribution Service 3.0
04-01-2014 15:48:27 Software Distribution Service 3.0
04-01-2014 17:51:25 Software Distribution Service 3.0
05-01-2014 15:48:57 Software Distribution Service 3.0
05-01-2014 17:32:16 Software Distribution Service 3.0
06-01-2014 15:48:33 Software Distribution Service 3.0
06-01-2014 17:51:46 Software Distribution Service 3.0
07-01-2014 15:48:30 Software Distribution Service 3.0
07-01-2014 17:52:28 Software Distribution Service 3.0
08-01-2014 15:48:47 Software Distribution Service 3.0
08-01-2014 17:51:58 Software Distribution Service 3.0
09-01-2014 15:48:55 Software Distribution Service 3.0
09-01-2014 17:32:07 Software Distribution Service 3.0
10-01-2014 15:48:54 Software Distribution Service 3.0
10-01-2014 17:52:04 Software Distribution Service 3.0
11-01-2014 15:48:30 Software Distribution Service 3.0
11-01-2014 17:51:31 Software Distribution Service 3.0
12-01-2014 15:48:43 Software Distribution Service 3.0
12-01-2014 17:51:50 Software Distribution Service 3.0
13-01-2014 15:48:27 Software Distribution Service 3.0
13-01-2014 17:51:24 Software Distribution Service 3.0
14-01-2014 15:49:09 Software Distribution Service 3.0
14-01-2014 17:53:15 Software Distribution Service 3.0
15-01-2014 15:29:58 Software Distribution Service 3.0
15-01-2014 17:32:56 Software Distribution Service 3.0
16-01-2014 15:29:51 Software Distribution Service 3.0
16-01-2014 17:32:49 Software Distribution Service 3.0
17-01-2014 15:29:53 Software Distribution Service 3.0
18-01-2014 15:29:43 Software Distribution Service 3.0
18-01-2014 17:32:54 Software Distribution Service 3.0
19-01-2014 15:29:55 Software Distribution Service 3.0
19-01-2014 17:32:41 Software Distribution Service 3.0
20-01-2014 15:29:55 Software Distribution Service 3.0
20-01-2014 17:32:40 Software Distribution Service 3.0
21-01-2014 15:33:45 Software Distribution Service 3.0
21-01-2014 19:26:11 Software Distribution Service 3.0
21-01-2014 22:40:55 Software Distribution Service 3.0
22-01-2014 14:48:44 Software Distribution Service 3.0
22-01-2014 22:55:33 Software Distribution Service 3.0
23-01-2014 22:55:22 Software Distribution Service 3.0
24-01-2014 14:48:33 Software Distribution Service 3.0
24-01-2014 22:55:31 Software Distribution Service 3.0
25-01-2014 14:48:27 Software Distribution Service 3.0
25-01-2014 22:55:30 Software Distribution Service 3.0
26-01-2014 14:48:28 Software Distribution Service 3.0
26-01-2014 22:55:30 Software Distribution Service 3.0
27-01-2014 22:55:30 Software Distribution Service 3.0
28-01-2014 14:47:55 Software Distribution Service 3.0
28-01-2014 22:55:47 Software Distribution Service 3.0
29-01-2014 14:48:21 Software Distribution Service 3.0
29-01-2014 22:55:22 Software Distribution Service 3.0
30-01-2014 14:48:26 Software Distribution Service 3.0
30-01-2014 22:55:22 Software Distribution Service 3.0
31-01-2014 14:48:30 Software Distribution Service 3.0
31-01-2014 22:55:22 Software Distribution Service 3.0
01-02-2014 14:48:25 Software Distribution Service 3.0
01-02-2014 22:55:22 Software Distribution Service 3.0
02-02-2014 14:48:25 Software Distribution Service 3.0
02-02-2014 22:55:23 Software Distribution Service 3.0
03-02-2014 14:48:26 Software Distribution Service 3.0
03-02-2014 22:55:22 Software Distribution Service 3.0
04-02-2014 14:48:30 Software Distribution Service 3.0
04-02-2014 22:55:14 Software Distribution Service 3.0
05-02-2014 14:48:12 Software Distribution Service 3.0
05-02-2014 22:56:03 Software Distribution Service 3.0
06-02-2014 14:48:20 Software Distribution Service 3.0
06-02-2014 22:55:08 Software Distribution Service 3.0
07-02-2014 14:48:24 Software Distribution Service 3.0
07-02-2014 22:55:07 Software Distribution Service 3.0
08-02-2014 14:48:25 Software Distribution Service 3.0
08-02-2014 22:55:06 Software Distribution Service 3.0
09-02-2014 14:48:28 Software Distribution Service 3.0
09-02-2014 22:55:05 Software Distribution Service 3.0
10-02-2014 14:48:31 Software Distribution Service 3.0
10-02-2014 22:55:08 Software Distribution Service 3.0
11-02-2014 14:48:31 Software Distribution Service 3.0
11-02-2014 16:06:55 Removed Java™ 6 Update 35
11-02-2014 16:07:21 Installed Java 7 Update 51
11-02-2014 16:09:27 Removed Java 7 Update 51
11-02-2014 22:55:12 Software Distribution Service 3.0
12-02-2014 14:48:21 Software Distribution Service 3.0
12-02-2014 22:54:58 Software Distribution Service 3.0
13-02-2014 14:48:39 Software Distribution Service 3.0
13-02-2014 22:55:00 Software Distribution Service 3.0
14-02-2014 14:48:28 Software Distribution Service 3.0
14-02-2014 22:55:10 Software Distribution Service 3.0
15-02-2014 14:48:32 Software Distribution Service 3.0
15-02-2014 22:54:58 Software Distribution Service 3.0
16-02-2014 14:48:28 Software Distribution Service 3.0
16-02-2014 22:54:58 Software Distribution Service 3.0
17-02-2014 14:48:30 Software Distribution Service 3.0
17-02-2014 22:55:04 Software Distribution Service 3.0
18-02-2014 14:48:29 Software Distribution Service 3.0
18-02-2014 22:54:56 Software Distribution Service 3.0
19-02-2014 14:48:18 Software Distribution Service 3.0
19-02-2014 22:54:47 Software Distribution Service 3.0
20-02-2014 14:48:29 Software Distribution Service 3.0
20-02-2014 22:54:13 Software Distribution Service 3.0
21-02-2014 14:48:33 Software Distribution Service 3.0
21-02-2014 22:55:11 Software Distribution Service 3.0
22-02-2014 14:48:44 Software Distribution Service 3.0
22-02-2014 22:54:56 Software Distribution Service 3.0
23-02-2014 14:48:29 Software Distribution Service 3.0
23-02-2014 22:55:00 Software Distribution Service 3.0
24-02-2014 14:48:31 Software Distribution Service 3.0
24-02-2014 22:54:53 Software Distribution Service 3.0
25-02-2014 14:48:33 Software Distribution Service 3.0
25-02-2014 19:43:22 Software Distribution Service 3.0
26-02-2014 14:38:23 Software Distribution Service 3.0
26-02-2014 16:28:35 OTL Restore Point - 2/26/2014 10:28:28 AM
27-02-2014 15:25:56 Software Distribution Service 3.0
28-02-2014 15:35:39 System Checkpoint
28-02-2014 16:23:52 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2008-04-25 10:16 - 2008-04-14 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-13 11:18 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2007-07-23 15:04 - 2007-07-23 15:04 - 00068080 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
2013-07-16 15:14 - 2013-07-16 15:14 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4915867f\mscorlib.dll
2013-07-16 15:14 - 2013-07-16 15:14 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ada8dcd9\system.windows.forms.dll
2013-07-16 15:14 - 2013-07-16 15:14 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3d6d957b\system.dll
2013-07-16 15:14 - 2013-07-16 15:14 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_70e16097\system.xml.dll
2013-07-16 15:14 - 2013-07-16 15:14 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_298472ba\system.drawing.dll
2012-03-05 08:28 - 2012-03-05 08:28 - 00268648 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
2012-03-05 08:29 - 2012-03-05 08:29 - 00020840 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBCompressor.dll
2012-03-04 23:35 - 2012-03-04 23:35 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2012\zlib1.dll
2012-03-05 08:28 - 2012-03-05 08:28 - 00380264 _____ () C:\Program Files\Intuit\QuickBooks 2012\BackupLib.dll
2012-03-05 08:29 - 2012-03-05 08:29 - 00138088 _____ () C:\Program Files\Intuit\QuickBooks 2012\QBMAPILibrary.dll
2012-03-05 08:28 - 2012-03-05 08:28 - 00176488 _____ () C:\Program Files\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
2012-03-05 08:28 - 2012-03-05 08:28 - 00042344 _____ () C:\Program Files\Intuit\QuickBooks 2012\mbpopup.dll
2014-02-21 12:07 - 2014-02-19 19:02 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-02-21 12:07 - 2014-02-19 19:03 - 04060488 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-02-21 12:07 - 2014-02-19 19:03 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-02-21 12:07 - 2014-02-19 19:02 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-02-26 10:13 - 2014-02-26 10:13 - 04591616 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-02-26 10:13 - 2014-02-26 10:13 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2014 02:55:05 PM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 3.3.10.2, faulting module frst.exe, version 3.3.10.2, fault address 0x0001fcbe.
Processing media-specific event for [frst.exe!ws!]
 
Error: (02/28/2014 02:45:11 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/28/2014 02:45:11 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/28/2014 02:45:11 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/28/2014 01:21:52 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (02/28/2014 01:21:52 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Pump Data\QuickBooks\Pump Studios, Inc..qbw;ENG=QB_data_engine_22;DBN=f7ba6bd51afd46e495dc136570e42913
 
Error: (02/28/2014 01:21:52 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2012":
Connection Error:Invalid user ID or password
 
Error: (02/28/2014 01:21:31 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/28/2014 01:21:31 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (02/28/2014 01:21:31 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (02/28/2014 02:47:49 PM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2014 01:39:25 PM) (Source: System Error) (User: )
Description: Error code 1000008e, parameter1 c0000005, parameter2 bf85a83a, parameter3 8b009ae4, parameter4 00000000.
 
Error: (02/04/2014 09:26:39 PM) (Source: TermServDevices) (User: )
Description: Driver Snagit 11 Printer required for printer Snagit 11 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (02/04/2014 09:26:39 PM) (Source: TermServDevices) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/30/2014 06:54:14 AM) (Source: TermServDevices) (User: )
Description: Driver Snagit 11 Printer required for printer Snagit 11 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/30/2014 06:54:14 AM) (Source: TermServDevices) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/27/2014 09:28:30 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.165.2682.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (01/24/2014 03:42:19 PM) (Source: TermServDevices) (User: )
Description: Driver Snagit 11 Printer required for printer Snagit 11 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/24/2014 03:42:19 PM) (Source: TermServDevices) (User: )
Description: Driver Send to Microsoft OneNote 15 Driver required for printer Send To OneNote 2013 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2014 04:13:13 PM) (Source: DCOM) (User: PUMPSTATION1)
Description: The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 3070.91 MB
Available physical RAM: 2131.7 MB
Total Pagefile: 4955.93 MB
Available Pagefile: 4083.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.03 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:232.79 GB) (Free:194.88 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A42D04A3)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by PStudios, 28 February 2014 - 03:04 PM.


#4 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 03:24 PM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
S1 jqrrvppm; \??\C:\WINDOWS\system32\drivers\jqrrvppm.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\celeste\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end


Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
please post
Fixlog.txt
C:\AdwCleaner[S1].txt

How is your computer at the moment.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 February 2014 - 03:40 PM

It appears to be running well, hard to tell because a lot of the symptoms were reported by a coworker and I haven't had sufficient time to sit around and use the computer to see if any of those issues come back up. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-02-2014 02
Ran by Administrator at 2014-02-28 15:29:51 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
S1 jqrrvppm; \??\C:\WINDOWS\system32\drivers\jqrrvppm.sys [X]
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzmsi01.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzscr01.exe
C:\Documents and Settings\celeste\Local Settings\Temp\G2MInstallerExtractor.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
end
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
jqrrvppm => Service deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzmsi01.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\hpzscr01.exe => Moved successfully.
C:\Documents and Settings\celeste\Local Settings\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\celeste\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
 
==== End of Fixlog ====

 

# AdwCleaner v3.020 - Report created 28/02/2014 at 15:34:32
# Updated 27/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - PUMPSTATION1
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eiltlk5s.default\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v3.6.28 (en-US)
 
[ File : C:\Documents and Settings\celeste\Application Data\Mozilla\Firefox\Profiles\5ccdu486.default\prefs.js ]
 
 
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eiltlk5s.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Documents and Settings\celeste\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1941 octets] - [28/02/2014 15:33:23]
AdwCleaner[S0].txt - [1876 octets] - [28/02/2014 15:34:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1936 octets] ##########


#6 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 03:57 PM

I understand

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 February 2014 - 04:18 PM

Here it is clean as a whistle, although scans were coming back clean prior to the changes we've made today, and the redirects and unauthorized extensions were still happening at that time. I'm going to surf around and see if I can get any of the old symptoms to come back up. Let me know if there is anything else you would like me to do. Thanks for the prompt replies!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.28.10
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PUMPSTATION1 [administrator]
 
2/28/2014 4:02:55 PM
mbam-log-2014-02-28 (16-02-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 242862
Time elapsed: 8 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#8 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 04:21 PM

Clean is good!

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.




Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 28 February 2014 - 05:53 PM

Here is the result of the ESET scan:

 

C:\Documents and Settings\Administrator\My Documents\Downloads\ccsetup319.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined


#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 28 February 2014 - 08:41 PM

looks good to me. What I need know is, if there are any other malware issues.

If not, we'll delete quarantine folders and I'll post a few preventive tips.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove


#11 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 02 March 2014 - 09:58 AM

From what I could tell on Friday, everything appears to be behaing normally. I won't be back in the office until tomorrow however but we can proceed with deleting the quarantine folders and such and I'll take care of it tomorrow



#12 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 02 March 2014 - 11:31 AM

Ok, sounds like a plan to me!

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.

 

start
DeleteQuarantine:
end

~~~~~~~~~~~`

To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

~~~~~~~~~~~~`
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • delfix.jpg
  • Click Run
  • Any remaining tools may be deleted.

    ~~~~~~~~~~~~~~~~~

    Please take the time to read over a few of my preventive tips.

    Computer Security
    http://malwareremova...=557960#p557960
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Be prepared for CryptoLocker:

    Cryptolocker Ransomware: What You Need To Know

    CryptoLocker Ransomware Information Guide and FAQ

    to help protect your computer in the future I recommend that you get the following free programmes:

    CryptoPrevent install this programme to lock down and prevent crypto ransome ware

    CryptoPrevent.JPG

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.


    Firefox 3
    The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
    *NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

    AdblockPlus
  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  • Green should be good to go
  • Yellow for caution
  • Red to stop
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    How to prevent Malware: Created by Miekiemoes


    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article (http://www.forbes.co...o-disable-java/
    and this article (http://www.nbcnews.c...alate-1B7938755

    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo...ur-web-browser/) and How to unplug Java from the browser (http://krebsonsecuri...om-the-browser/)

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 PStudios

PStudios

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 03 March 2014 - 09:51 AM

Alrighty, I think we are done here unless you have anything else. Thank you so much Juliet, I really appreciate your time, this forum is a life saver. I am going to talk to my boss about donating some money to you guys.



#14 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 03 March 2014 - 11:36 AM

Glad we could help. :)sparkle.gif
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#15 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 6,966 posts
  • Interests:Boo!....
  • MVP

Posted 04 March 2014 - 09:51 AM

Glad we could help. :)sparkle.gif

Since this issue appears resolved ... this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users