Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Bloodhound.Exploit.33 infection [Solved]


  • This topic is locked This topic is locked
32 replies to this topic

#1 beachedwhale

beachedwhale

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 27 September 2014 - 05:52 AM

Hello.

 

Norton Anti-virus keeps coming up with a pop-up saying it is analysing file (long string of numbers and letters). These are quarantined and clicking on “View Details” reports “Bloodhound.exploit.33”.

Defences: Norton AV (on subscription), Spybot S&D 1.6 and 2, Malwarebytes Premium. Malwarebytes Anti-exploit (Free), Bluehel firewall.

Running scans on these produced no results.

A scan in Safe Mode by Norton’s, logged on as Administrator, gave no results.

Nor did NPE. This has exhausted my attempts at getting rid of BE33.

(BTW I have switched to Ixquick and Start Page from the ubiquitous Google and I’m suspicious that these may be involved somehow).

There appear to be no other problems other than the blocked notices from Norton’s.

Help removing this nuisance will be gratefully appreciated!


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 September 2014 - 04:03 PM

:welcome:

 

Lets run some scans so we can see whats going on with your system

 

 

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 beachedwhale

beachedwhale

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 28 September 2014 - 10:28 AM

Hello Ken

 

One or two problems running these but got there in the end. Hope they help.

Attached File  aswMBR.txt   2.49KB   103 downloadsAttached File  FRST.txt   37.02KB   94 downloadsAttached File  Addition.txt   34.52KB   92 downloads

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 01
Ran by Owner (administrator) on HP-ONE on 28-09-2014 17:12:00
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-08] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2004-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [81920 2002-10-16] (Hewlett-Packard Company)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-765943430-1787625549-695394895-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
ShortcutTarget: Microsoft Office.lnk.disabled -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
ShortcutTarget: Quicken Scheduled Updates.lnk.disabled -> C:\Program Files\Quicken\bagent.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
ShortcutTarget: Updates from HP.lnk.disabled -> C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
ShortcutTarget: Windows Search.lnk.disabled -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk.disabled
ShortcutTarget: BBC iPlayer Desktop.lnk.disabled -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
ShortcutTarget: HP Organize.lnk.disabled -> C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk.disabled
ShortcutTarget: IMStart.lnk.disabled -> C:\Program Files\InterMute\IMStart.exe (No File)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus QuickStart.lnk.disabled
ShortcutTarget: Lotus QuickStart.lnk.disabled -> C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SmartCenter 97.lnk.disabled
ShortcutTarget: Lotus SmartCenter 97.lnk.disabled -> C:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk.disabled
ShortcutTarget: Lotus SuiteStart 97.lnk.disabled -> C:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled
ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x001C403E00D0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
SearchScopes: HKCU - DefaultScope {086DAB07-3DCE-40A4-98D9-2D120DA4C84F} URL = http://search.zoneal...tsId=&ver=&&r=0
SearchScopes: HKCU - {086DAB07-3DCE-40A4-98D9-2D120DA4C84F} URL = http://search.zoneal...tsId=&ver=&&r=0
SearchScopes: HKCU - {32C5C3B5-8F2F-4831-9305-57C47B323786} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {7219660F-EBBB-BDCF-159B-1D09FC0C20C8} URL = http://www.mirostart...cfg=2-73-0-g6GW
SearchScopes: HKCU - {ABD5E0E2-1848-48FA-ACCF-F55B1249A1D3} URL = http://www.google.co...rchTerms}&meta=
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://uk.ask.com/we...n=&geo=GB&ver=1
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2611275
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files\adawaretb\adawareDx.dll ()
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll (Symantec Corporation)
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
Toolbar: HKLM - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
Toolbar: HKLM - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
Toolbar: HKLM - No Name - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} -  No File
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - Norton Safe Web Lite - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default
FF DefaultSearchEngine: Ask
FF SelectedSearchEngine: Ask
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll (British Telecommunications Plc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ask.uk.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\duckduckgo-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\Access Privileges Test [2010-07-02]
FF Extension: British English Dictionary - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-11]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\nostmp [2011-03-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
FF Extension: EPUBReader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-21]
FF Extension: Ad-Aware Security Add-on - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2011-12-23]
FF Extension: DownloadHelper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-11]
FF Extension: SearchPreview - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2) [2010-11-12]
FF Extension: Save Images - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\LDSI_plashcor@gmail.com.xpi [2013-05-30]
FF Extension: Print Edit - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\printedit@DW-dev.xpi [2012-04-26]
FF Extension: Bluhell Firewall - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-08-12]
FF Extension: Search By Image (by Google) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2013-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-29]
FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST [2010-08-05]
 
Chrome: 
=======
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-24] (Alcatel-Lucent) [File not signed]
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [126904 2010-05-23] (Symantec Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 Usmsaud; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2004-05-12] (Oak Technology Inc.)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.)
R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\IPSDefs\20140926.003\IDSxpx86.sys [448664 2014-08-29] (Symantec Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-28] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140927.001\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140927.001\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-05] (Realtek Semiconductor Corporation       )
S3 scsiscan; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [11520 2008-04-13] (Microsoft Corporation)
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [432000 2004-01-03] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11520 2004-01-03] (Silicon Integrated Systems Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-07-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-05] (Copyright © VIA/S3 Graphics, Inc.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 aswMBR; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 17:12 - 2014-09-28 17:12 - 00026321 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-09-28 17:11 - 2014-09-28 17:12 - 00000000 ____D () C:\FRST
2014-09-28 17:10 - 2014-09-28 17:10 - 01100288 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-09-28 17:02 - 2014-09-28 17:07 - 00002550 _____ () C:\Documents and Settings\Owner\My Documents\aswMBR.txt
2014-09-28 17:02 - 2014-09-28 17:07 - 00000512 _____ () C:\Documents and Settings\Owner\My Documents\MBR.dat
2014-09-28 16:51 - 2014-09-28 16:59 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswMBR.exe
2014-09-25 21:02 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\NPE
2014-09-25 21:02 - 2014-09-25 21:02 - 00069720 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-25 21:02 - 2014-09-25 21:02 - 00001186 _____ () C:\Documents and Settings\Administrator.HP-ONE\My Documents\norton.txt
2014-09-25 18:17 - 2014-09-25 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-21 13:31 - 2014-09-21 14:00 - 00000000 ____D () C:\vandy1
2014-09-20 10:38 - 2014-09-20 10:38 - 00059325 _____ () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton.htm
2014-09-20 10:38 - 2014-09-20 10:38 - 00000000 ____D () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton_files
2014-09-20 02:20 - 2014-09-28 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-09-20 02:20 - 2014-09-20 02:20 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Exploit.lnk
2014-09-20 02:20 - 2014-09-20 02:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-20 02:20 - 2014-09-20 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-18 20:22 - 2014-09-25 21:15 - 00000178 ___SH () C:\Documents and Settings\Administrator.HP-ONE\ntuser.ini
2014-09-18 20:22 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Temp
2014-09-18 20:22 - 2014-09-18 20:22 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE
2014-09-18 20:22 - 2010-01-22 12:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Macromedia
2014-09-18 20:22 - 2009-12-09 18:59 - 00000000 __SHD () C:\Documents and Settings\Administrator.HP-ONE\IETldCache
2014-09-18 20:22 - 2004-05-31 20:24 - 00000000 ___RD () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Accessories
2014-09-18 20:22 - 2004-05-13 07:03 - 00000847 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 20:22 - 2004-05-13 06:57 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Symantec
2014-09-18 20:22 - 2004-05-12 13:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Online Services
2014-09-18 20:22 - 2004-05-12 13:23 - 00000128 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\fusioncache.dat
2014-09-18 20:22 - 2004-05-12 13:05 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\SampleView
2014-09-18 20:22 - 2004-05-12 12:29 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\WINDOWS
2014-09-18 20:22 - 2004-05-12 11:59 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Real
2014-09-18 20:22 - 2004-05-12 08:27 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Sun
2014-09-18 20:22 - 2004-05-12 08:26 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-09-18 20:22 - 2004-05-12 07:44 - 00015619 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml1.srt
2014-09-18 20:22 - 2004-05-12 07:44 - 00015420 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml2.srt
2014-09-18 20:22 - 2004-05-12 07:44 - 00007593 _____ () C:\Documents and Settings\Administrator.HP-ONE\tempdiff.txt
2014-09-18 20:22 - 2004-05-12 07:28 - 00000738 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Outlook Express.lnk
2014-09-18 20:22 - 2004-05-12 07:25 - 00001599 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Remote Assistance.lnk
2014-09-18 19:57 - 2014-09-18 19:57 - 00001336 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140918_195703.reg
2014-09-12 21:56 - 2014-09-12 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Received Files
2014-09-12 18:08 - 2014-09-27 17:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-09 21:27 - 2014-09-09 21:27 - 00058892 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-09-07 15:35 - 2014-09-07 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
2014-09-07 14:29 - 2014-09-07 14:29 - 00000704 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140907_142940.reg
2014-09-04 20:17 - 2014-08-19 18:00 - 00451148 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140904-201733.backup
2014-09-03 21:31 - 2014-09-03 21:31 - 00000000 ____D () C:\Malwarebytes  Online Store_files
2014-09-03 21:19 - 2014-09-28 16:15 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 21:18 - 2014-09-03 21:18 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 21:18 - 2014-09-03 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-03 21:18 - 2014-09-03 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 21:18 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-03 21:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-02 20:44 - 2014-09-02 20:44 - 00063694 _____ () C:\Checkout - Flying Tigerssr71.htm
2014-09-02 20:44 - 2014-09-02 20:44 - 00000000 ____D () C:\Checkout - Flying Tigerssr71_files
2014-09-01 19:00 - 2014-09-01 19:00 - 00013441 _____ () C:\Thank you - Art Fund.htm
2014-09-01 19:00 - 2014-09-01 19:00 - 00000000 ____D () C:\Thank you - Art Fund_files
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 17:12 - 2008-02-19 15:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-09-28 12:18 - 2007-04-12 18:29 - 01450729 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-28 12:16 - 2005-12-13 19:53 - 00178108 _____ () C:\WINDOWS\system32\nvapps.xml
2014-09-28 12:16 - 2005-02-21 18:40 - 00000188 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-09-28 12:16 - 2004-05-12 00:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-28 12:16 - 2004-05-12 00:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-09-28 12:15 - 2004-05-12 07:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-28 02:53 - 2014-03-21 21:49 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-28 02:53 - 2004-05-12 07:28 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-09-28 02:53 - 2004-05-12 07:27 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-27 20:49 - 2012-05-04 13:54 - 00000000 ____D () C:\free
2014-09-27 20:44 - 2012-08-13 10:10 - 00000000 ____D () C:\Ryder
2014-09-27 19:10 - 2012-04-25 21:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 16:44 - 2009-02-22 14:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Aircraft
2014-09-27 11:49 - 2007-10-08 14:54 - 00002473 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word (2).lnk
2014-09-27 10:06 - 2004-05-12 07:27 - 00000000 ____D () C:\Documents and Settings\Owner
2014-09-27 00:38 - 2010-12-24 16:53 - 00000000 ____D () C:\Scarlett
2014-09-26 20:49 - 1997-05-13 02:23 - 00000980 ____C () C:\WINDOWS\acroread.ini
2014-09-26 18:52 - 2012-02-16 11:54 - 00000000 ____D () C:\KRitchie6
2014-09-26 18:41 - 2011-10-29 12:59 - 00000000 ____D () C:\janehill
2014-09-25 21:15 - 2004-05-12 07:16 - 00000281 _____ () C:\boot.ini
2014-09-25 17:57 - 2009-06-18 19:43 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
2014-09-25 17:56 - 2014-07-31 01:16 - 00001896 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
2014-09-25 17:56 - 2014-07-31 01:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
2014-09-23 21:41 - 2004-05-12 07:24 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-23 19:35 - 2004-05-12 07:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 13:53 - 2007-04-09 12:03 - 00000102 ____C () C:\WINDOWS\vuepro32.ini
2014-09-21 11:54 - 2011-12-27 17:05 - 00000000 ____D () C:\jenkins
2014-09-20 20:30 - 2012-03-09 14:41 - 00000000 ____D () C:\Nigella
2014-09-20 13:08 - 2012-03-09 15:15 - 00000000 ____D () C:\CarolKirkwood
2014-09-17 00:31 - 2014-03-21 21:49 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-14 11:06 - 2004-05-12 07:23 - 00000000 ____D () C:\Program Files\MSN
2014-09-13 17:47 - 2014-07-30 23:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
2014-09-13 14:53 - 2012-03-29 16:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-13 14:53 - 2012-03-29 16:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-13 14:53 - 2011-05-19 11:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-12 18:12 - 2013-10-11 10:30 - 00000000 ____D () C:\pay
2014-09-12 18:09 - 2011-11-01 23:30 - 00000000 ____D () C:\X
2014-09-11 21:15 - 2014-03-21 21:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-10 21:51 - 2013-08-14 13:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 21:39 - 2009-02-24 20:03 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-07 15:36 - 2007-08-14 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\MSN6
2014-09-07 15:35 - 2004-05-12 08:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
2014-08-30 19:08 - 2008-06-24 11:36 - 00000000 ____D () C:\Documents and Settings\Owner\.gimp-2.4
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 01
Ran by Owner at 2014-09-28 17:13:46
Running from C:\Documents and Settings\Owner\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton AntiVirus (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
Ad-Aware Security Toolbar (HKLM\...\adawaretb) (Version: 0.9.1.8 - Lavasoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe PageMill 3.0 (HKCU\...\Adobe PageMill 3.0) (Version:  - )
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atomic Clock Sync (HKLM\...\Atomic Clock Sync) (Version:  - )
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) Hidden
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
BT Broadband Desktop Help (HKLM\...\BT Broadband Desktop Help) (Version:  - )
BTHomeHub (HKLM\...\BTHomeHub) (Version:  - British Telecommunications Plc.)
Camera Support Core Library (Version: 7.0.3.20 - Canon) Hidden
Camera Window (Version: 4.6.2 - Canon) Hidden
CameraDrivers (Version: 3.1.0 - Hewlett-Packard) Hidden
Canon Camera Support Core Library (HKLM\...\InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}) (Version: 7.0.3.20 - Canon)
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}) (Version: 4.6.2 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version:  - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon)
Canon PhotoRecord (HKLM\...\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}) (Version: 02.01.00069 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}) (Version: 1.1 - Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}) (Version: 1.0.3 - Canon)
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon)
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.01035 - CISRA)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Celestia 1.6.1 (HKLM\...\Celestia_is1) (Version:  - Shatters Software)
Complete Internet Cleanup Pro (HKLM\...\Complete Internet Cleanup Pro) (Version:  - PC Mesh)
Copernic Agent Personal (HKLM\...\Copernic Agent Personal) (Version:  - Copernic)
Copy (Version: 5.35.0.065 - Hewlett-Packard) Hidden
Director (Version: 5.35.0.051 - Hewlett-Packard) Hidden
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DocProc (Version: 3.5.0.0 - Hewlett-Packard) Hidden
EasyZip (HKLM\...\EasyZip) (Version:  - )
EPSON Instant Photo Print (HKLM\...\EPSON Instant Photo Print) (Version:  - )
EPSON Scan! II (HKLM\...\EPSON Scan! II) (Version:  - )
ffdshow v1.1.3452 [2010-05-24] (HKLM\...\ffdshow_is1) (Version: 1.1.3452.0 - )
Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
GoToAssist Corporate (Version: 9.0.570 - Citrix) Hidden
GPL Ghostscript 8.64 (HKLM\...\GPL Ghostscript 8.64) (Version:  - )
GSview 4.9 (HKLM\...\GSview 4.9) (Version:  - )
GTK+ 2.6.7 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Image Zone 3.5 (HKLM\...\HP Photo & Imaging) (Version: 3.5 - HP)
HP Image Zone Plus 3.5 (HKLM\...\{C6C44651-7C66-4b11-92E8-17565D3D22DD}) (Version: 3.5 - HP)
HP Instant Support (HKLM\...\HP Instant Support) (Version:  - )
HP Photo & Imaging 3.5 - HP Devices (HKLM\...\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}) (Version: 3.0 - HP)
HP Software Update (HKLM\...\{34957B51-9676-41CE-9E52-44AE91B73F1C}) (Version: 1.0.22.20030804 - Hewlett-Packard)
hpg2436 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg3970 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg4600 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg5530 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
hpg8200 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
HPIZ350 (Version: 35.1.2 - Hewlett-Packard) Hidden
HPIZFix3 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
InstantShare (Version: 3.5.0.21 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Internet Library (Version: 1.3.3 - Canon Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IsoBuster 3.0 (HKLM\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KBD (HKLM\...\KBD) (Version:  - )
Lotus SmartSuite 97 (HKLM\...\SmartSuite V97.0) (Version:  - )
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2000 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.2 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 en-GB)) (Version: 31.1.2 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton AntiVirus (HKLM\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
Norton Safe Web Lite (HKLM\...\NST) (Version: 1.0.1.8 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.0 (HKLM\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
Paint Shop Pro 4.15 SE (HKLM\...\Paint Shop Pro 4.15) (Version:  - )
PhotoGallery (Version: 5.35.0.059 - Hewlett-Packard) Hidden
PhotoStitch (Version: 3.1.13 - Canon) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS2 (HKLM\...\PS2) (Version:  - )
Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 5.35.0.047 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RAW Image Task 1.1 (Version: 1.1 - Canon) Hidden
RemoteCapture Task 1.0.3 (Version: 1.0.3 - Canon) Hidden
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
Smart File Advisor 1.1.1 (HKLM\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolkit View(HP) (HKLM\...\HPTOOLKIT) (Version:  - )
TrackLogs Digital Mapping v3 (HKLM\...\{A69FC353-EBE6-459C-9DB1-A66DA1130BEB}) (Version: 3.11.1 - TrackLogs)
TrayApp (Version: 5.35.0.035 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Updates from HP (HKLM\...\BackWeb-137903 Uninstaller) (Version:  - )
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VuePrint (HKLM\...\VuePrint) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-765943430-1787625549-695394895-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-05-12 07:16 - 2014-09-04 20:17 - 00451148 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-21 21:49 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-21 21:49 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 21:49 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-21 21:49 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-21 21:49 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-12 18:08 - 2014-09-27 17:45 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-09-12 18:08 - 2014-09-27 17:45 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-09-12 18:08 - 2014-09-27 17:45 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-09-25 18:17 - 2014-09-25 18:17 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\quick formule.zip:SummaryInformation
AlternateDataStreams: C:\quick formule.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\vbaddin.ini:SummaryInformation
AlternateDataStreams: C:\WINDOWS\vbaddin.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-765943430-1787625549-695394895-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.HP-ONE
ASPNET (S-1-5-21-765943430-1787625549-695394895-1008 - Limited - Enabled)
Guest (S-1-5-21-765943430-1787625549-695394895-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-765943430-1787625549-695394895-1007 - Limited - Disabled)
Owner (S-1-5-21-765943430-1787625549-695394895-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-765943430-1787625549-695394895-1002 - Limited - Disabled)
SUPPORT_fddfa904 (S-1-5-21-765943430-1787625549-695394895-1006 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/25/2014 09:07:39 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (09/18/2014 08:23:57 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (08/25/2014 01:40:02 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (08/18/2014 08:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDShred.exe, version 1.0.2.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/18/2014 08:44:33 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1118020326.
 
Error: (08/18/2014 08:44:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDShred.exe, version 1.0.2.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/17/2014 05:28:09 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (08/05/2014 00:04:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (08/04/2014 11:39:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (08/04/2014 11:34:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application Install.exe, version 13.3.52.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (09/28/2014 00:17:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE
 
Error: (09/28/2014 00:16:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (09/28/2014 00:16:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (09/28/2014 00:16:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (09/28/2014 02:25:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE
 
Error: (09/28/2014 02:24:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (09/28/2014 02:24:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (09/28/2014 02:24:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (09/27/2014 07:11:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE
 
Error: (09/27/2014 07:11:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
 
Microsoft Office Sessions:
=========================
Error: (09/25/2014 09:07:39 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.
 
Error: (09/18/2014 08:23:57 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.
 
Error: (08/25/2014 01:40:02 AM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.
 
Error: (08/18/2014 08:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDShred.exe1.0.2.5hungapp0.0.0.000000000
 
Error: (08/18/2014 08:44:33 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1118020326
 
Error: (08/18/2014 08:44:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDShred.exe1.0.2.5hungapp0.0.0.000000000
 
Error: (08/17/2014 05:28:09 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.
 
Error: (08/05/2014 00:04:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (08/04/2014 11:39:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (08/04/2014 11:34:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Install.exe13.3.52.0hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 64%
Total physical RAM: 2039.29 MB
Available physical RAM: 716.61 MB
Total Pagefile: 2644.5 MB
Available Pagefile: 1471.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.09 MB
 
==================== Drives ================================
 
Drive c: (HP_PAVILION) (Fixed) (Total:144.18 GB) (Free:90.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP_RECOVERY) (Fixed) (Total:4.85 GB) (Free:0.74 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive e: (120421_0009) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: DD5BDD5B)
Partition 1: (Not Active) - (Size=4.9 GB) - (Type=0B)
Partition 2: (Active) - (Size=144.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 September 2014 - 11:20 AM

I see a entry for a back up of your hosts file that is infected, we can deal with that a bit later.

 

Run these scans in order please and copy and paste each report in lieu of attaching them, if they all wont fit in one reply take as many replies as you need

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAMDashboard_zpsddef9b5f.gif
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 28 September 2014 - 02:18 PM

    # AdwCleaner v3.310 - Report created 28/09/2014 at 21:10:54
    # Updated 12/09/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - HP-ONE
    # Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Program Files\adawaretb
    Folder Deleted : C:\Program Files\Toolbar Cleaner
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\adawaretb
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\adawaretb
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\safesearch.xml
    File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\adawaretb\dtUser.exe]
    Key Deleted : HKCU\Software\adawaretb
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NST
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NST
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v32.0.3 (x86 en-GB)

    [ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\prefs.js ]

    Line Deleted : user_pref("browser.startup.homepage", "hxxps://ixquick.com/");

    *************************

    AdwCleaner[R0].txt - [8120 octets] - [28/09/2014 21:07:22]
    AdwCleaner[S0].txt - [8197 octets] - [28/09/2014 21:10:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8257 octets] ##########



    #6 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 28 September 2014 - 03:30 PM

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.2.3 (09.27.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Owner on 28/09/2014 at 21:22:07.04
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\hot deals"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\gzu4ievc.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 28/09/2014 at 21:41:56.51
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 28/09/2014
    Scan Time: 21:45:10
    Logfile:
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.28.07
    Rootkit Database: v2014.09.19.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 372652
    Time Elapsed: 37 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)



    #7 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 28 September 2014 - 04:02 PM

    Great, the results from the scans look good, why dont you run a new scan with FRST, besure to check additons and post both logs and let me look them over



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #8 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 29 September 2014 - 11:18 AM

    Ken545 The latest scan reports from FRST:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02
    Ran by Owner (administrator) on HP-ONE on 29-09-2014 18:11:58
    Running from C:\Documents and Settings\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner & Administrator)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
    (Hewlett-Packard Company) C:\hp\KBD\kbd.exe
    (Agere Systems) C:\WINDOWS\AGRSMMSG.exe
    (Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
    (Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
    (Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-08] (Hewlett-Packard Company)
    HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-12] (Hewlett-Packard Company)
    HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
    HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
    HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2004-04-27] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [81920 2002-10-16] (Hewlett-Packard Company)
    HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-765943430-1787625549-695394895-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
    ShortcutTarget: Microsoft Office.lnk.disabled -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
    ShortcutTarget: Quicken Scheduled Updates.lnk.disabled -> C:\Program Files\Quicken\bagent.exe (No File)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
    ShortcutTarget: Updates from HP.lnk.disabled -> C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe (No File)
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
    ShortcutTarget: Windows Search.lnk.disabled -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk.disabled
    ShortcutTarget: BBC iPlayer Desktop.lnk.disabled -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
    ShortcutTarget: HP Organize.lnk.disabled -> C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk.disabled
    ShortcutTarget: IMStart.lnk.disabled -> C:\Program Files\InterMute\IMStart.exe (No File)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus QuickStart.lnk.disabled
    ShortcutTarget: Lotus QuickStart.lnk.disabled -> C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SmartCenter 97.lnk.disabled
    ShortcutTarget: Lotus SmartCenter 97.lnk.disabled -> C:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk.disabled
    ShortcutTarget: Lotus SuiteStart 97.lnk.disabled -> C:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
    ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
    Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled
    ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x001C403E00D0CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
    SearchScopes: HKCU - {086DAB07-3DCE-40A4-98D9-2D120DA4C84F} URL = http://search.zoneal...tsId=&ver=&&r=0
    SearchScopes: HKCU - {32C5C3B5-8F2F-4831-9305-57C47B323786} URL = http://search.yahoo....=utf-8&fr=b1ie7
    SearchScopes: HKCU - {7219660F-EBBB-BDCF-159B-1D09FC0C20C8} URL = http://www.mirostart...cfg=2-73-0-g6GW
    SearchScopes: HKCU - {ABD5E0E2-1848-48FA-ACCF-F55B1249A1D3} URL = http://www.google.co...rchTerms}&meta=
    SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
    BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: No Name -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} ->  No File
    BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File
    Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} -  No File
    Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
    DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB
    DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default
    FF DefaultSearchEngine: Ask
    FF SelectedSearchEngine: Ask
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
    FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll (British Telecommunications Plc)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ask.uk.xml
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\duckduckgo-ssl.xml
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ixquick-https.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\Access Privileges Test [2010-07-02]
    FF Extension: British English Dictionary - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-11]
    FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\nostmp [2011-03-26]
    FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
    FF Extension: EPUBReader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-21]
    FF Extension: DownloadHelper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
    FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-11]
    FF Extension: SearchPreview - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2) [2010-11-12]
    FF Extension: Save Images - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\LDSI_plashcor@gmail.com.xpi [2013-05-30]
    FF Extension: Print Edit - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\printedit@DW-dev.xpi [2012-04-26]
    FF Extension: Bluhell Firewall - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-08-12]
    FF Extension: Search By Image (by Google) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2013-05-15]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-29]
    FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST
    FF Extension: Norton Safe Web Lite Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST [2010-08-05]

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-24] (Alcatel-Lucent) [File not signed]
    R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
    R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [126904 2010-05-23] (Symantec Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S4 Usmsaud; No ImagePath

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2004-05-12] (Oak Technology Inc.)
    R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)
    R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
    R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
    R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.)
    R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\IPSDefs\20140926.003\IDSxpx86.sys [448664 2014-08-29] (Symantec Corporation)
    R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-29] (Malwarebytes Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140928.002\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20140928.002\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
    R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-05] (Realtek Semiconductor Corporation       )
    S3 scsiscan; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [11520 2008-04-13] (Microsoft Corporation)
    S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [432000 2004-01-03] (Silicon Integrated Systems Corporation)
    R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11520 2004-01-03] (Silicon Integrated Systems Corporation)
    R3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
    R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
    R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-07-31] (Symantec Corporation)
    R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
    R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
    R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
    S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-05] (Copyright © VIA/S3 Graphics, Inc.)
    S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
    S0 Lbd; system32\DRIVERS\Lbd.sys [X]
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
    S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-29 18:11 - 2014-09-29 18:12 - 00024138 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
    2014-09-29 18:11 - 2014-09-29 18:11 - 01100288 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
    2014-09-29 18:02 - 2014-09-29 18:02 - 00037906 _____ () C:\Documents and Settings\Owner\My Documents\FRST.txt
    2014-09-29 18:02 - 2014-09-29 18:02 - 00035352 _____ () C:\Documents and Settings\Owner\My Documents\Addition.txt
    2014-09-28 21:41 - 2014-09-28 21:41 - 00001260 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
    2014-09-28 21:22 - 2014-09-28 21:22 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-09-28 21:20 - 2014-09-28 21:20 - 01699276 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
    2014-09-28 21:07 - 2014-09-28 21:11 - 00000000 ____D () C:\AdwCleaner
    2014-09-28 21:05 - 2014-09-28 21:05 - 01373475 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
    2014-09-28 17:18 - 2014-09-28 17:18 - 00090112 ___SH () C:\Documents and Settings\Owner\My Documents\Thumbs.db
    2014-09-28 17:11 - 2014-09-29 18:12 - 00000000 ____D () C:\FRST
    2014-09-28 17:02 - 2014-09-28 17:07 - 00002550 _____ () C:\Documents and Settings\Owner\My Documents\aswMBR.txt
    2014-09-28 17:02 - 2014-09-28 17:07 - 00000512 _____ () C:\Documents and Settings\Owner\My Documents\MBR.dat
    2014-09-28 16:51 - 2014-09-28 16:59 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswMBR.exe
    2014-09-25 21:02 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\NPE
    2014-09-25 21:02 - 2014-09-25 21:02 - 00069720 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2014-09-25 21:02 - 2014-09-25 21:02 - 00001186 _____ () C:\Documents and Settings\Administrator.HP-ONE\My Documents\norton.txt
    2014-09-25 18:17 - 2014-09-25 18:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2014-09-21 13:31 - 2014-09-21 14:00 - 00000000 ____D () C:\vandy1
    2014-09-20 10:38 - 2014-09-20 10:38 - 00059325 _____ () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton.htm
    2014-09-20 10:38 - 2014-09-20 10:38 - 00000000 ____D () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton_files
    2014-09-20 02:20 - 2014-09-28 12:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
    2014-09-20 02:20 - 2014-09-20 02:20 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Exploit.lnk
    2014-09-20 02:20 - 2014-09-20 02:20 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
    2014-09-20 02:20 - 2014-09-20 02:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
    2014-09-18 20:22 - 2014-09-25 21:15 - 00000178 ___SH () C:\Documents and Settings\Administrator.HP-ONE\ntuser.ini
    2014-09-18 20:22 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Temp
    2014-09-18 20:22 - 2014-09-18 20:22 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE
    2014-09-18 20:22 - 2010-01-22 12:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Macromedia
    2014-09-18 20:22 - 2009-12-09 18:59 - 00000000 __SHD () C:\Documents and Settings\Administrator.HP-ONE\IETldCache
    2014-09-18 20:22 - 2004-05-31 20:24 - 00000000 ___RD () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Accessories
    2014-09-18 20:22 - 2004-05-13 07:03 - 00000847 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Internet Explorer.lnk
    2014-09-18 20:22 - 2004-05-13 06:57 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Symantec
    2014-09-18 20:22 - 2004-05-12 13:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Online Services
    2014-09-18 20:22 - 2004-05-12 13:23 - 00000128 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\fusioncache.dat
    2014-09-18 20:22 - 2004-05-12 13:05 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\SampleView
    2014-09-18 20:22 - 2004-05-12 12:29 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\WINDOWS
    2014-09-18 20:22 - 2004-05-12 11:59 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Real
    2014-09-18 20:22 - 2004-05-12 08:27 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Sun
    2014-09-18 20:22 - 2004-05-12 08:26 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
    2014-09-18 20:22 - 2004-05-12 07:44 - 00015619 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml1.srt
    2014-09-18 20:22 - 2004-05-12 07:44 - 00015420 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml2.srt
    2014-09-18 20:22 - 2004-05-12 07:44 - 00007593 _____ () C:\Documents and Settings\Administrator.HP-ONE\tempdiff.txt
    2014-09-18 20:22 - 2004-05-12 07:28 - 00000738 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Outlook Express.lnk
    2014-09-18 20:22 - 2004-05-12 07:25 - 00001599 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Remote Assistance.lnk
    2014-09-18 19:57 - 2014-09-18 19:57 - 00001336 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140918_195703.reg
    2014-09-12 21:56 - 2014-09-12 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Received Files
    2014-09-12 18:08 - 2014-09-27 17:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
    2014-09-09 21:27 - 2014-09-09 21:27 - 00058892 ____H () C:\WINDOWS\system32\mlfcache.dat
    2014-09-07 15:35 - 2014-09-07 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
    2014-09-07 14:29 - 2014-09-07 14:29 - 00000704 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140907_142940.reg
    2014-09-04 20:17 - 2014-08-19 18:00 - 00451148 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140904-201733.backup
    2014-09-03 21:31 - 2014-09-03 21:31 - 00000000 ____D () C:\Malwarebytes  Online Store_files
    2014-09-03 21:19 - 2014-09-29 18:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-09-03 21:18 - 2014-09-03 21:18 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-03 21:18 - 2014-09-03 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-09-03 21:18 - 2014-09-03 21:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-03 21:18 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-09-03 21:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-09-02 20:44 - 2014-09-02 20:44 - 00063694 _____ () C:\Checkout - Flying Tigerssr71.htm
    2014-09-02 20:44 - 2014-09-02 20:44 - 00000000 ____D () C:\Checkout - Flying Tigerssr71_files
    2014-09-01 19:00 - 2014-09-01 19:00 - 00013441 _____ () C:\Thank you - Art Fund.htm
    2014-09-01 19:00 - 2014-09-01 19:00 - 00000000 ____D () C:\Thank you - Art Fund_files

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-29 18:12 - 2008-02-19 15:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
    2014-09-29 18:03 - 2007-04-12 18:29 - 01470118 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-09-29 18:01 - 2005-12-13 19:53 - 00178108 _____ () C:\WINDOWS\system32\nvapps.xml
    2014-09-29 18:01 - 2005-02-21 18:40 - 00000188 _____ () C:\WINDOWS\system\hpsysdrv.DAT
    2014-09-29 18:01 - 2004-05-12 00:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-09-29 18:01 - 2004-05-12 00:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-09-29 18:00 - 2004-05-12 07:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-09-28 23:12 - 2014-03-21 21:49 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
    2014-09-28 23:12 - 2004-05-12 07:28 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
    2014-09-28 23:12 - 2004-05-12 07:27 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-09-28 23:12 - 2004-05-12 07:27 - 00000000 ____D () C:\Documents and Settings\Owner
    2014-09-28 21:10 - 2010-07-02 12:20 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\CheckPoint
    2014-09-27 20:49 - 2012-05-04 13:54 - 00000000 ____D () C:\free
    2014-09-27 20:44 - 2012-08-13 10:10 - 00000000 ____D () C:\Ryder
    2014-09-27 19:10 - 2012-04-25 21:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-09-27 16:44 - 2009-02-22 14:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Aircraft
    2014-09-27 11:49 - 2007-10-08 14:54 - 00002473 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word (2).lnk
    2014-09-27 00:38 - 2010-12-24 16:53 - 00000000 ____D () C:\Scarlett
    2014-09-26 20:49 - 1997-05-13 02:23 - 00000980 ____C () C:\WINDOWS\acroread.ini
    2014-09-26 18:52 - 2012-02-16 11:54 - 00000000 ____D () C:\KRitchie6
    2014-09-26 18:41 - 2011-10-29 12:59 - 00000000 ____D () C:\janehill
    2014-09-25 21:15 - 2004-05-12 07:16 - 00000281 _____ () C:\boot.ini
    2014-09-25 17:57 - 2009-06-18 19:43 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
    2014-09-25 17:56 - 2014-07-31 01:16 - 00001896 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
    2014-09-25 17:56 - 2014-07-31 01:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
    2014-09-23 21:41 - 2004-05-12 07:24 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2014-09-23 19:35 - 2004-05-12 07:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-09-21 13:53 - 2007-04-09 12:03 - 00000102 ____C () C:\WINDOWS\vuepro32.ini
    2014-09-21 11:54 - 2011-12-27 17:05 - 00000000 ____D () C:\jenkins
    2014-09-20 20:30 - 2012-03-09 14:41 - 00000000 ____D () C:\Nigella
    2014-09-20 13:08 - 2012-03-09 15:15 - 00000000 ____D () C:\CarolKirkwood
    2014-09-17 00:31 - 2014-03-21 21:49 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2014-09-14 11:06 - 2004-05-12 07:23 - 00000000 ____D () C:\Program Files\MSN
    2014-09-13 17:47 - 2014-07-30 23:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
    2014-09-13 14:53 - 2012-03-29 16:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-09-13 14:53 - 2012-03-29 16:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-09-13 14:53 - 2011-05-19 11:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-09-12 18:12 - 2013-10-11 10:30 - 00000000 ____D () C:\pay
    2014-09-12 18:09 - 2011-11-01 23:30 - 00000000 ____D () C:\X
    2014-09-11 21:15 - 2014-03-21 21:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2014-09-10 21:51 - 2013-08-14 13:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-09-10 21:39 - 2009-02-24 20:03 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-09-07 15:36 - 2007-08-14 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\MSN6
    2014-09-07 15:35 - 2004-05-12 08:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
    2014-08-30 19:08 - 2008-06-24 11:36 - 00000000 ____D () C:\Documents and Settings\Owner\.gimp-2.4

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Owner\Local Settings\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 02
    Ran by Owner at 2014-09-29 18:13:56
    Running from C:\Documents and Settings\Owner\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton AntiVirus (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Ad-Aware Browsing Protection (HKLM\...\Ad-Aware Browsing Protection) (Version: 0.9.0.2 - Lavasoft)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
    Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
    Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
    Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe PageMill 3.0 (HKCU\...\Adobe PageMill 3.0) (Version:  - )
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Agere Systems PCI Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - )
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Atomic Clock Sync (HKLM\...\Atomic Clock Sync) (Version:  - )
    AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
    BBC iPlayer Desktop (Version: 3.2.15 - British Broadcasting Corp.) Hidden
    Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
    BT Broadband Desktop Help (HKLM\...\BT Broadband Desktop Help) (Version:  - )
    BTHomeHub (HKLM\...\BTHomeHub) (Version:  - British Telecommunications Plc.)
    Camera Support Core Library (Version: 7.0.3.20 - Canon) Hidden
    Camera Window (Version: 4.6.2 - Canon) Hidden
    CameraDrivers (Version: 3.1.0 - Hewlett-Packard) Hidden
    Canon Camera Support Core Library (HKLM\...\InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}) (Version: 7.0.3.20 - Canon)
    Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}) (Version: 4.6.2 - Canon)
    Canon Internet Library for ZoomBrowser EX (HKLM\...\InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}) (Version: 1.3.3 - Canon Inc.)
    Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
    Canon iP4600 series User Registration (HKLM\...\Canon iP4600 series User Registration) (Version:  - )
    Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}) (Version: 1.1.1.41 - Canon)
    Canon PhotoRecord (HKLM\...\{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}) (Version: 02.01.00069 - Cisra)
    Canon RAW Image Task for ZoomBrowser EX (HKLM\...\InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}) (Version: 1.1 - Canon)
    Canon RemoteCapture Task for ZoomBrowser EX (HKLM\...\InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}) (Version: 1.0.3 - Canon)
    Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
    Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
    Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}) (Version: 3.1.13 - Canon)
    Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
    Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.06.01035 - CISRA)
    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
    CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
    Celestia 1.6.1 (HKLM\...\Celestia_is1) (Version:  - Shatters Software)
    Complete Internet Cleanup Pro (HKLM\...\Complete Internet Cleanup Pro) (Version:  - PC Mesh)
    Copernic Agent Personal (HKLM\...\Copernic Agent Personal) (Version:  - Copernic)
    Copy (Version: 5.35.0.065 - Hewlett-Packard) Hidden
    Director (Version: 5.35.0.051 - Hewlett-Packard) Hidden
    DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
    DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
    DocProc (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    EasyZip (HKLM\...\EasyZip) (Version:  - )
    EPSON Instant Photo Print (HKLM\...\EPSON Instant Photo Print) (Version:  - )
    EPSON Scan! II (HKLM\...\EPSON Scan! II) (Version:  - )
    ffdshow v1.1.3452 [2010-05-24] (HKLM\...\ffdshow_is1) (Version: 1.1.3452.0 - )
    Free Easy Burner V 5.1 (HKLM\...\Free Easy Burner_is1) (Version: 5.1.0.0 - Koyote soft)
    GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
    Google Earth (HKLM\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
    Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.0.0.570 - Citrix Online, a division of Citrix Systems, Inc.)
    GoToAssist Corporate (Version: 9.0.570 - Citrix) Hidden
    GPL Ghostscript 8.64 (HKLM\...\GPL Ghostscript 8.64) (Version:  - )
    GSview 4.9 (HKLM\...\GSview 4.9) (Version:  - )
    GTK+ 2.6.7 runtime environment (HKLM\...\WinGTK-2_is1) (Version:  - Tor Lillqvist)
    High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
    HP Image Zone 3.5 (HKLM\...\HP Photo & Imaging) (Version: 3.5 - HP)
    HP Image Zone Plus 3.5 (HKLM\...\{C6C44651-7C66-4b11-92E8-17565D3D22DD}) (Version: 3.5 - HP)
    HP Instant Support (HKLM\...\HP Instant Support) (Version:  - )
    HP Photo & Imaging 3.5 - HP Devices (HKLM\...\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}) (Version: 3.0 - HP)
    HP Software Update (HKLM\...\{34957B51-9676-41CE-9E52-44AE91B73F1C}) (Version: 1.0.22.20030804 - Hewlett-Packard)
    hpg2436 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    hpg3970 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    hpg4600 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    hpg5530 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    hpg8200 (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    HPIZ350 (Version: 35.1.2 - Hewlett-Packard) Hidden
    HPIZFix3 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HpSdpAppCoreApp (Version: 3.00.0000 - Hewlett-Packard) Hidden
    HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
    InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
    InstantShare (Version: 3.5.0.21 - Hewlett-Packard) Hidden
    Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
    Internet Library (Version: 1.3.3 - Canon Inc.) Hidden
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
    IsoBuster 3.0 (HKLM\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
    Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.600 - Oracle)
    Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    KBD (HKLM\...\KBD) (Version:  - )
    Lotus SmartSuite 97 (HKLM\...\SmartSuite V97.0) (Version:  - )
    Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Plus! Digital Media Edition (HKLM\...\{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}) (Version: 1.1.0.2423 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Word 2000 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0808 - Microsoft Corporation)
    MovieEdit Task (Version: 1.1.1.41 - Canon) Hidden
    Mozilla Firefox 32.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-GB)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
    Mozilla Thunderbird 31.1.2 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 31.1.2 (x86 en-GB)) (Version: 31.1.2 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Norton AntiVirus (HKLM\...\NAV) (Version: 21.6.0.32 - Symantec Corporation)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
    OpenOffice 4.1.0 (HKLM\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)
    Paint Shop Pro 4.15 SE (HKLM\...\Paint Shop Pro 4.15) (Version:  - )
    PhotoGallery (Version: 5.35.0.059 - Hewlett-Packard) Hidden
    PhotoStitch (Version: 3.1.13 - Canon) Hidden
    PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PS2 (HKLM\...\PS2) (Version:  - )
    Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version:  - )
    Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation)
    QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    QuickProjects (Version: 5.35.0.047 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
    RAW Image Task 1.1 (Version: 1.1 - Canon) Hidden
    RemoteCapture Task 1.0.3 (Version: 1.0.3 - Canon) Hidden
    Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
    SkinsHP1 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
    SkinsHP2 (Version: 5.35.0.043 - Hewlett-Packard) Hidden
    Smart File Advisor 1.1.1 (HKLM\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
    Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Toolkit View(HP) (HKLM\...\HPTOOLKIT) (Version:  - )
    TrackLogs Digital Mapping v3 (HKLM\...\{A69FC353-EBE6-459C-9DB1-A66DA1130BEB}) (Version: 3.11.1 - TrackLogs)
    TrayApp (Version: 5.35.0.035 - Hewlett-Packard) Hidden
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
    Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
    Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    Updates from HP (HKLM\...\BackWeb-137903 Uninstaller) (Version:  - )
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
    Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VuePrint (HKLM\...\VuePrint) (Version:  - )
    WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
    WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
    Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-765943430-1787625549-695394895-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    ==================== Restore Points  =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-05-12 07:16 - 2014-09-04 20:17 - 00451148 ____N C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1    localhost
    127.0.0.1    www.007guard.com
    127.0.0.1    007guard.com
    127.0.0.1    008i.com
    127.0.0.1    www.008k.com
    127.0.0.1    008k.com
    127.0.0.1    www.00hq.com
    127.0.0.1    00hq.com
    127.0.0.1    010402.com
    127.0.0.1    www.032439.com
    127.0.0.1    032439.com
    127.0.0.1    www.100888290cs.com
    127.0.0.1    100888290cs.com
    127.0.0.1    www.100sexlinks.com
    127.0.0.1    100sexlinks.com
    127.0.0.1    www.10sek.com
    127.0.0.1    10sek.com
    127.0.0.1    www.123topsearch.com
    127.0.0.1    123topsearch.com
    127.0.0.1    www.132.com
    127.0.0.1    132.com
    127.0.0.1    www.136136.net
    127.0.0.1    136136.net
    127.0.0.1    www.163ns.com
    127.0.0.1    163ns.com
    127.0.0.1    171203.com
    127.0.0.1    17-plus.com
    127.0.0.1    www.1800searchonline.com
    127.0.0.1    1800searchonline.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
    Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-21 21:49 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2014-03-21 21:49 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2010-04-20 16:21 - 1996-06-12 19:50 - 00078336 _____ () C:\Program Files\EasyZip\EZSHLEXT.DLL
    2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-03-21 21:49 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2014-03-21 21:49 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2014-03-21 21:49 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-09-12 18:08 - 2014-09-27 17:45 - 03339376 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
    2014-09-12 18:08 - 2014-09-27 17:45 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
    2014-09-12 18:08 - 2014-09-27 17:45 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
    2014-09-25 18:17 - 2014-09-25 18:17 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\quick formule.zip:SummaryInformation
    AlternateDataStreams: C:\quick formule.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\vbaddin.ini:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\vbaddin.ini:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-765943430-1787625549-695394895-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.HP-ONE
    ASPNET (S-1-5-21-765943430-1787625549-695394895-1008 - Limited - Enabled)
    Guest (S-1-5-21-765943430-1787625549-695394895-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-765943430-1787625549-695394895-1007 - Limited - Disabled)
    Owner (S-1-5-21-765943430-1787625549-695394895-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
    SUPPORT_388945a0 (S-1-5-21-765943430-1787625549-695394895-1002 - Limited - Disabled)
    SUPPORT_fddfa904 (S-1-5-21-765943430-1787625549-695394895-1006 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/25/2014 09:07:39 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (09/18/2014 08:23:57 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (08/25/2014 01:40:02 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (08/18/2014 08:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application SDShred.exe, version 1.0.2.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (08/18/2014 08:44:33 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: Fault bucket 1118020326.

    Error: (08/18/2014 08:44:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application SDShred.exe, version 1.0.2.5, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (08/17/2014 05:28:09 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....authrootseq.txt> with error: This operation returned because the timeout period expired.

    Error: (08/05/2014 00:04:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (08/04/2014 11:39:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (08/04/2014 11:34:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application Install.exe, version 13.3.52.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (09/29/2014 06:02:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (09/29/2014 06:02:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (09/29/2014 06:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (09/29/2014 06:02:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (09/28/2014 09:14:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (09/28/2014 09:14:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (09/28/2014 09:14:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (09/28/2014 09:14:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (09/28/2014 08:55:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd
    SBRE

    Error: (09/28/2014 08:54:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.


    Microsoft Office Sessions:
    =========================
    Error: (09/25/2014 09:07:39 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

    Error: (09/18/2014 08:23:57 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

    Error: (08/25/2014 01:40:02 AM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

    Error: (08/18/2014 08:45:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SDShred.exe1.0.2.5hungapp0.0.0.000000000

    Error: (08/18/2014 08:44:33 PM) (Source: Application Hang) (EventID: 1001) (User: )
    Description: 1118020326

    Error: (08/18/2014 08:44:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: SDShred.exe1.0.2.5hungapp0.0.0.000000000

    Error: (08/17/2014 05:28:09 PM) (Source: crypt32) (EventID: 8) (User: )
    Description: http://www.download....rootseq.txtThis operation returned because the timeout period expired.

    Error: (08/05/2014 00:04:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (08/04/2014 11:39:28 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

    Error: (08/04/2014 11:34:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Install.exe13.3.52.0hungapp0.0.0.000000000


    ==================== Memory info ===========================

    Processor:  Intel® Pentium® 4 CPU 2.80GHz
    Percentage of memory in use: 62%
    Total physical RAM: 2039.29 MB
    Available physical RAM: 772.19 MB
    Total Pagefile: 2644.5 MB
    Available Pagefile: 1505.09 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1931.23 MB

    ==================== Drives ================================

    Drive c: (HP_PAVILION) (Fixed) (Total:144.18 GB) (Free:90.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (HP_RECOVERY) (Fixed) (Total:4.85 GB) (Free:0.74 GB) FAT32 ==>[Drive with boot components (Windows XP)]
    Drive e: (120421_0009) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: DD5BDD5B)
    Partition 1: (Not Active) - (Size=4.9 GB) - (Type=0B)
    Partition 2: (Active) - (Size=144.2 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 September 2014 - 01:42 PM

    Hi,

     

    I am sure you know by now that Microsoft has dropped support for Windows XP, its gone the way of Windows 95 / 98, what this means is that it will still work and you can continue using it but Microsoft will no longer be providing any Windows Updates, this means that without those updates your system is going to be very vulnerable to online threats. You may want to start thinking about upgrading this system to Windows 7 or looking into getting a new computer. Also, you may run into trouble buying things like a new printer for example and the newer ones are not written for XP

     

    You can give this a read

    http://techpageone.d...00#.VCmzsfldVKN

     

    You can also download and run the Windows 7 Upgrade Advisor, it will let you know if your system can or cannot upgrade to Win 7

    http://www.microsoft...ails.aspx?id=20

     

    Malwarebytes Anti Exploit is in beta stage and you may have gotten a message that is no longer effective, if so you can uninstall it via Add Remove Programs in the Control Panel and download and install the latest version

    https://www.malwareb...rg/antiexploit/

     

     

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
    FF DefaultSearchEngine: Ask
    FF SelectedSearchEngine: Ask
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ask.uk.xml
    2014-09-04 20:17 - 2014-08-19 18:00 - 00451148 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140904-201733.backup
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

     

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #10 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 29 September 2014 - 02:54 PM

    Ken545

    Malwarebytes anti-exploit removed.

    Latest log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014 02
    Ran by Owner at 2014-09-29 21:43:01 Run:1
    Running from C:\Documents and Settings\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner & Administrator)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Start
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
    FF DefaultSearchEngine: Ask
    FF SelectedSearchEngine: Ask
    FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ask.uk.xml
    2014-09-04 20:17 - 2014-08-19 18:00 - 00451148 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140904-201733.backup
    Hosts:
    EmptyTemp:
    End
    *****************

    HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
    Firefox DefaultSearchEngine deleted successfully.
    Firefox SelectedSearchEngine deleted successfully.
    "C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ask.uk.xml" => not found.
    C:\WINDOWS\system32\Drivers\etc\hosts.20140904-201733.backup => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 74.8 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====


      Advertisements

    Register to Remove


    #11 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 September 2014 - 03:07 PM

    You should install the latest version of Exploit, it will help keep you more secure

     

     

    How is your system behaving now ?



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #12 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 30 September 2014 - 11:26 AM

    Hi

    Latest anti-exploit downloaded and run.

    Checked Win 7 compatability - think I may have to consider a new PC.

    This one appears to be running fine. No warnings at all.

    Am I right in assuming that there was more than BE33 lurking?

     

    BW



    #13 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 30 September 2014 - 11:41 AM

    Having just posted that Norton's has just given me a BE33 alert.

    BW



    #14 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 30 September 2014 - 12:15 PM

    Doesn't appear to be anything to worry about, its part of Nortons detection software

     

    https://forums.malwa...houndexploit33/



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #15 beachedwhale

    beachedwhale

      New Member

    • Authentic Member
    • Pip
    • 17 posts

    Posted 30 September 2014 - 01:20 PM

    Well, completely confused now. Something must have triggered Norton's.

    BW

     


    Related Topics



    1 user(s) are reading this topic

    0 members, 1 guests, 0 anonymous users